Jump to content

MyLittleB

Members
  • Posts

    10
  • Joined

Posts posted by MyLittleB

  1. Firefox updated yesterday to ver 90.0.1 (64-bit). Today, each time I start Firefox, I receive this message:

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Protection Event Date: 7/21/21
    Protection Event Time: 4:22 PM
    Log File: 555ee208-ea61-11eb-8969-54bf641896a0.json

    -Software Information-
    Version: 4.4.2.123
    Components Version: 1.0.1358
    Update Package Version: 1.0.43347
    License: Premium

    -System Information-
    OS: Windows 10 (Build 19043.1110)
    CPU: x64
    File System: NTFS
    User: System

    -Exploit Details-
    File: 0
    (No malicious items detected)

    Exploit: 1
    Malware.Exploit.Agent.Generic, , Blocked, 0, 392684, 0.0.0, ,

    -Exploit Data-
    Affected Application: Mozilla Firefox (and add-ons)
    Protection Layer: Protection Against OS Security Bypass
    Protection Technique: Exploit ROP gadget attack blocked
    File Name:
    URL:

     

    (end)

    I do not get the message when opening Firefox in safe mode. The only extension updated recently is LastPass. I have removed it and I still get the message. t does not happen wth Chrome.

     

  2. MBARW was disabled on system start again, Buttons were not functioning. When restarting, I received a flash notification from Windows 10 about apps. I could not take a snapshot as it did not display long enough. There were 2 of them. Windows reset my desktop, login picture, all my preferences. I restored my system. MBAM Premium did not start, nor did Norton 360. Webroot is fine. I did save the logs before and after I restored. 

    Created a new restore point and will now restart. I will update later.

    Attaching logs

    MBAMSERVICE-afterRestore.zip

    logs.zip

    Malwarebytes Anti-Ransomware.zip

    Malwarebytes Anti-Ransomware-afterrestore.zip

  3. 17 hours ago, 1PW said:

    Reference: https://www.virustotal.com/en/file/453dc7deafbb25da400c7eeee03ff0e4db7d452f84119b42b99dbdcff468c287/analysis/

    Hello MyLittleB:

    Available data does suggest a false positive and hopefully you added the following temporary full pathname file entry in MBARW GUI Dashboard -> Exclusions:

    C:\Program Files\Webroot\WRSA.exe

    Thank you for beta testing MBARW and your valuable feedback.

    Definitely false positive! Yes I did add the full path name to the exclusions. There are several posts regarding Webroot detected as a false positive. It was my understanding that this build corrected it. As I wrote in my post, it occurred only when I ran the utility. I am curious to know if the other beta testers who experienced a false positive with Webroot have the system optimizer utility set to run on a schedule. 

  4. On 2/29/2016 at 1:42 AM, 1PW said:

    Hello Enado and :welcome:

     

    It is disappointing to read that application software on your computer is now inoperable.

     

    Does the testing system in question have recent viable System Restore Points? Or, has the same system been backed up or imaged recently?

     

    Thank you.

    This just happened to me, Started new topic https://forums.malwarebytes.org/topic/180678-mbarw-quarantined-wrsa-files-deleted/

     

    On 2/29/2016 at 10:28 PM, Enado said:

    Ransomware wiped webroot out completely. Now have to buy a new subscription. thanks ransomware  :)

    http://www.webroot.com/us/en/redownloads  There is an option to have your keycode emailed to you.

  5. Webroot has again been detected as ransomware. 

    Detection occurred when running system optimizer. I do not run that utility on a schedule, I run it manually. MBARW message popup appeared with message to reboot, not allowing optimizer to run. I closed the message, stopped protection, rebooted and no Webroot. I followed instructions for false positives by restoring the quarantined files, however wrsa.exe could not be restored for adding to exclusions, that file was gone. 

    I downloaded the installation file from Webroot. It would not run. System restore did not bring the files back. In order to re-install, all the Webroot data files had to be removed. I removed the folder WRData located in Program Data and  in Program Files\Webroot. That solved the install issue.

    Reinstalled Webroot, had to start fresh, working now and added to exclusions in MBARW.

     

    Malwarebytes Anti-Ransomware.zip

    MBAMSERVICE.zip

  6. 11 hours ago, 1PW said:

    Hello MyLittleB and welcome:

    You are quite accurately following the precise procedure that would be recommended for your report.

    Your status update will be interesting to all.

    Thank you for your participation and great feedback!

    Thank you!

    So far everything is working fine since re-installing. Protection successfully started on system start and buttons are functioning. Tested the button functionality after using the system a while including web activity  I was able to stop protection and restart by clicking on the start protection button. Stopped protection again after a few minutes then clicked on the red fix now button and protection restarted.

    Will update if the issue reappears.

     

  7. When I started my laptop today the MBARW status message said protection was disabled. I clicked on the red Fix Now button and it did nothing. I then tried clicking on the start protection button, same thing, I did a restart and the status message was system fully protected.

    A while later I did a full shutdown and also unplugged my laptop. When starting my laptop again later in the day (hard boot), the same thing happened. Did a restart, protection was running. For the heck of it, I clicked on the stop protection button just to see if the button worked. It did, protection stopped, displayed the system at risk message as it should. However, once again, clicking on either the red fix now button or the start protection button did nothing as neither button was functioning.

    I will now uninstall and do a clean install using a fresh copy and see if the issue occurs again. Created and attached .zip archives of the logs from ProgramData\Malwarebytes\MBAMService\logs and  ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware

    Malwarebytes Anti-Ransomware.zip

    logs.zip

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.