oselotti
-
Posts
8 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by oselotti
-
-
No, it still happens from time to time. You have to turn off Malwarebytes before updating WSL. Otherwise Malwarebytes will brick your package management system. This is what happened when I tried 10 minutes ago:
-
Malwarebytes broke my WSL again. I was updating my Ubuntu in Windows subsystem for Linux when Malwarebytes blocked mandb. It is a program that updates the manual page index caches in Ubuntu. I cannot undo this because the quarantine is empty. I guess I have to reinstall the whole WSL-system again.
Here is the full log for apt:
$ sudo apt update && sudo apt upgrade [sudo] salasana henkilölle user: Nouda:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB] Nouda:2 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages [258 kB] Nouda:3 http://security.ubuntu.com/ubuntu xenial-security/main Translation-en [109 kB] Nouda:4 http://security.ubuntu.com/ubuntu xenial-security/universe amd64 Packages [110 kB] Nouda:5 http://security.ubuntu.com/ubuntu xenial-security/universe Translation-en [56,6 kB] Nouda:6 http://security.ubuntu.com/ubuntu xenial-security/multiverse amd64 Packages [2 752 B] Löytyi:7 http://archive.ubuntu.com/ubuntu xenial InRelease Nouda:8 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB] Nouda:9 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [530 kB] Nouda:10 http://archive.ubuntu.com/ubuntu xenial-updates/main Translation-en [215 kB] Nouda:11 http://archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages [461 kB] Nouda:12 http://archive.ubuntu.com/ubuntu xenial-updates/universe Translation-en [180 kB] Nouda:13 http://archive.ubuntu.com/ubuntu xenial-updates/multiverse amd64 Packages [8 932 B] Noudettiin 2 135 kt ajassa 21min 41s (1 640 t/s) Luetaan pakettiluetteloita... Valmis Muodostetaan riippuvuussuhteiden puu Luetaan tilatiedot... Valmis 31 packages can be upgraded. Run 'apt list --upgradable' to see them. [sudo] salasana henkilölle user: Luetaan pakettiluetteloita... Valmis Muodostetaan riippuvuussuhteiden puu Luetaan tilatiedot... Valmis Käsitellään päivitystä... Valmis Seuraava paketti on alun perin asennettu automaattisesti, eikä sitä enää tarvita: snap-confine Use 'sudo apt autoremove' to remove it. Nämä paketit päivitetään: apt apt-transport-https apt-utils cloud-init distro-info-data dpkg libapt-inst2.0 libapt-pkg5.0 libicu55 libpam-systemd librtmp1 libsystemd0 libudev1 login logrotate openssh-client openssh-server openssh-sftp-server passwd python3-software-properties snap-confine snapd software-properties-common sosreport systemd systemd-sysv ubuntu-core-launcher udev uidmap unattended-upgrades zlib1g 31 päivitetty, 0 uutta asennusta, 0 poistettavaa ja 0 päivittämätöntä. Noudettavaa arkistoa 29,1 Mt. Toiminnon jälkeen käytetään 5 415 k t lisää levytilaa. Haluatko jatkaa? [K/e] k Nouda:1 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 dpkg amd64 1.18.4ubuntu1.2 [2 085 kB] Nouda:2 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 login amd64 1:4.2-3.1ubuntu5.2 [305 kB] Nouda:3 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 zlib1g amd64 1:1.2.8.dfsg-2ubuntu4.1 [51,2 kB] Nouda:4 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libapt-pkg5.0 amd64 1.2.20 [707 kB] Nouda:5 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libapt-inst2.0 amd64 1.2.20 [55,6 kB] Nouda:6 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 apt amd64 1.2.20 [1 042 kB] Nouda:7 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 apt-utils amd64 1.2.20 [196 kB] Nouda:8 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 systemd-sysv amd64 229-4ubuntu17 [12,8 kB] Nouda:9 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libpam-systemd amd64 229-4ubuntu17 [115 kB] Nouda:10 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libsystemd0 amd64 229-4ubuntu17 [205 kB] Nouda:11 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 systemd amd64 229-4ubuntu17 [3 623 kB] Nouda:12 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 udev amd64 229-4ubuntu17 [992 kB] Nouda:13 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libudev1 amd64 229-4ubuntu17 [55,3 kB] Nouda:14 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 ubuntu-core-launcher amd64 2.24.1 [1 564 B] Nouda:15 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 snap-confine amd64 2.24.1 [1 722 B] Nouda:16 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 snapd amd64 2.24.1 [9 588 kB] Nouda:17 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 passwd amd64 1:4.2-3.1ubuntu5.2 [780 kB] Nouda:18 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 distro-info-data all 0.28ubuntu0.3 [4 048 B] Nouda:19 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 logrotate amd64 3.8.7-2ubuntu2.16.04.1 [37,8 kB] Nouda:20 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 apt-transport-https amd64 1.2.20 [26,1 kB] Nouda:21 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libicu55 amd64 55.1-7ubuntu0.2 [7 659 kB] .gitfa8646d-1build1) ... Preparing to unpack .../openssh-sftp-server_1%3a7.2p2-4ubuntu2.2_amd64.deb ... Unpacking openssh-sftp-server (1:7.2p2-4ubuntu2.2) over (1:7.2p2-4ubuntu2.1) ...Preparing to unpack .../openssh-server_1%3a7.2p2-4ubuntu2.2_amd64.deb ... Unpacking openssh-server (1:7.2p2-4ubuntu2.2) over (1:7.2p2-4ubuntu2.1) ... Preparing to unpack .../openssh-client_1%3a7.2p2-4ubuntu2.2_amd64.deb ... Unpacking openssh-client (1:7.2p2-4ubuntu2.2) over (1:7.2p2-4ubuntu2.1) ... Preparing to unpack .../software-properties-common_0.96.20.6_all.deb ... Unpacking software-properties-common (0.96.20.6) over (0.96.20.5) ... Preparing to unpack .../python3-software-properties_0.96.20.6_all.deb ... Unpacking python3-software-properties (0.96.20.6) over (0.96.20.5) ... Preparing to unpack .../sosreport_3.4-1~ubuntu16.04.1_amd64.deb ... Unpacking sosreport (3.4-1~ubuntu16.04.1) over (3.2+git276-g7da50d6-3ubuntu1) ... dpkg: error processing archive /var/cache/apt/archives/sosreport_3.4-1~ubuntu16.04.1_amd64.deb (--unpack): unable to stat './usr/share/sosreport/sos/plugins/ipsec.py' (which I was about to install): Permission denied dpkg: virhe jälkipuhdistuksessa: unable to remove backup copy of '/usr/share/sosreport/sos/plugins/navicli.py': Permission denied dmesg: read kernel buffer failed: Funktion toteutus puuttuu E: Sub-process /usr/bin/dpkg returned an error code (2)
-
On 17.4.2017 at 3:27 AM, shadowwar said:
Are you running mbam offline?
We have preliminary tested this but have been unable to repro in our testing environments.
No, I run it online. However, I do not remember what database version I had when this happened last time. This problem started appearing after I upgraded to Malwarebytes 3. Also, it does not happen every time I upgrade my WSL installation, only sometimes.
Malwarebytes Premium 3.0.6.1469, Component package 1.0.1.103, Update package 1.0.1753
On 17.4.2017 at 3:27 AM, shadowwar said:Rather than email the archive as the tool directs, please attach the archive to your next reply in this topic.
I ran that tool and I tried to send the zip archive to you via PM but my archive is 293MB and this forum allows only 29.3MB attachments. Also, I do not like the idea of posting my log archive publicly to this forum, because I do not know what information it contains.
-
Here is the file and virustotal results.
Here is the log:
04/15/17 " 14:46:33.476" 1569125 0d90 14ac INFO AntiRansomwareControllerImpl mb::arwcontrollerimpl::ArwControllerImpl::ArwShimDetectionCallback "ArwControllerImplHelper.cpp" 922 "Received threat detection callback from ARW SDK, ObjectPath=dpkg, Sha256Hash=" 04/15/17 " 14:46:33.510" 1569156 0d90 14ac ERROR CleanControllerImpl mb::cleanctlrimpl::whitelist::SignatureWhiteLister::IsObjectWhiteListed "SignatureWhiteLister.cpp" 74 "No WHITESIGS found in Clean.mbdb" 04/15/17 " 14:46:33.510" 1569156 0d90 14ac ERROR CleanControllerImpl CommonCleanUtils::GetFileHashesAndSize "CommonCleanUtils.cpp" 311 "GetTripleHash failed for file = 'dpkg'" 04/15/17 " 14:46:33.510" 1569156 0d90 14ac ERROR CleanControllerImpl mb::swissarmyclientutils::SwissArmyShimLoader::GetFileSize "SwissArmyShimLoader.cpp" 517 "GetFileSize failed for dpkg; status=9" 04/15/17 " 14:46:33.510" 1569156 0d90 14ac INFO CleanControllerImpl mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus "WhiteListManager.cpp" 231 "White list status (not cached): File 'dpkg' => Hubble:Error" 04/15/17 " 14:46:33.510" 1569156 0d90 14ac INFO AntiRansomwareControllerImpl mb::arwcontrollerimpl::ArwControllerImpl::ArwShimDetectionCallback "ArwControllerImplHelper.cpp" 947 "The detected file is only whitelisted due to error in whitelisting (likely offline), sending an action request to the SDK to kill this process. ObjectPath=dpkg, id=0x0" 04/15/17 " 14:46:33.542" 1569187 0d90 17c0 WARNING ArwSDK "" 0 "{Thread: 0x0000120C, Tick: 0x0017F1A3} [KillProcess] The process {PID: 2760} is already stopped." 04/15/17 " 14:46:33.542" 1569187 0d90 17c4 ERROR AntiRansomwareControllerImpl mb::arwcontrollerimpl::ArwControllerImpl::ArwShimErrorCallback "ArwControllerImplHelper.cpp" 379 "Arw SDK Error: ErrorCode = 24, RebootRequired = No, Severity = 1, ErrorMsg = Unable to apply action. {Action: 2; Result: 1 }." -
Hi
I noticed that Malwarebytes breaks the Windows subsystem for Linux if I run "sudo apt update && sudo apt upgrade". This is very annoying because I have to reinstall the whole WSL system every time this happens. dpkg is NOT malware, it is a package management tool in Ubuntu. Please see: http://manpages.ubuntu.com/manpages/xenial/man1/dpkg.1.html
Please see the attachment.
Malwarebytes breaks Windows subsystem for Linux
in Ransomware
Posted
Here you go.