Jump to content

exile360

Experts
  • Content Count

    23,922
  • Joined

  • Last visited

Everything posted by exile360

  1. Greetings, It is simply detecting one of the preinstalled applications that came with your system in order to improve performance. To eliminate it permanently you should be able to uninstall the Dell Support Assistant software via the Programs and Features interface in the Windows Control Panel/settings and it should no longer be detected. It is possible that it is either being reinstalled or else ADWCleaner is leaving some kind of trace behind causing it to return/be reinstalled and detected in subsequent scans.
  2. Yes, unfortunately the only way to secure systems against hardware level vulnerabilities such as those exposed in modern CPUs recently is either through patches to the CPU's own microcode via BIOS updates from the manufacturer or through OS kernel level updates which are issued by Microsoft, so it's important to stay up to date with Windows Updates as well as checking regularly with your system manufacturer for the latest drivers and BIOS updates.
  3. The Last Emporer dropping some legendary battles with Secret Wars; it's Hip-Hop vs Comic Book Superheroes: For bonus points, here the fresh Prince Paul mix: RIP Stan Lee and Prince Paul's former fellow Gravedigga, Poetic, AKA The Grym Reaper.
  4. Greetings, Please read and follow the instructions in this topic and then create a new topic in our malware removal area including the requested logs and information by clicking here and one of our malware removal specialists will assist you in checking and clearing the system of any threats as soon as one becomes available. Good luck, and please let us know if there is anything else we might assist you with. Thanks
  5. I don't have any specific numbers, however it should be quite effective as it uses behavior based detection to monitor all processes in memory for ransomware behavior and also uses 'booby traps' in the form of test files it creates on the system which act as an early warning system should anything try to delete and/or encrypt those files so that it can stop ransomware in its tracks before it is able to encrypt any of your critical data. I believe this combined with the additional incident response technologies in Malwarebytes Endpoint Protection and Response provide a very robust solution for dealing with ransomware attacks, both proactively through prevention, as well as reactively through incident response, remediation and rollback of data to maintain system and data integrity. You'll also find a large number of resources and whitepapers on various related topics (including ransomware and other threats) on this page that you may find valuable.
  6. Yes, that's true. While Defender is generally very light for an antivirus, it does monitor memory in real-time pretty intensively, and while most of the time this won't cause any issues, when running many resource intensive tasks it can cause system lag/slowdown.
  7. If you click where it says Cancel subscription that will terminate auto-renewal for your account. Your license term will still remain active for the full duration of your original purchase (i.e. 1 year if it was a 1 year license, 2 years if it was a 2 year license etc.).
  8. Try opening Malwarebytes and going to Settings>Application and under the option for registering Malwarebytes in the Windows Action Center select the option not to register it with the Action Center, then reboot and see how things are with Defender. If things are OK now, return to the same setting in Malwarebytes and select the default option once more to have Malwarebytes decide whether to register with the Action Center and reboot once more to verify that everything is OK with Defender, Malwarebytes and the Windows Action Center.
  9. Yep, that's true because they support mounting ISO files as virtual CD/DVD-ROM drives, so no burning is necessary for use in a VM. Instructions on creating a VM and booting it from an ISO to install an OS can be found here. I'm sure there are similar instructions for VMWare out there somewhere as well; I just pulled up the page for VirtualBox as that's the VM software I'm personally more familiar with as I've used it many times in the past.
  10. Greetings, It sounds like there may still be some kind of threats present on the system or fallout/damage caused by the threats you removed with Malwarebytes. Please reinstall the latest version of Malwarebytes from here and navigate to Settings>Protection and perform a scan by clicking Scan Now and enable the Scan for rootkits option under Scan Settings then return to the Dashboard tab and click Scan Now and once the scan completes have it remove any threats it detects and restart your system if prompted to do so to complete the threat removal process. Once that is done, if the problem still persists please try running ADWCleaner and likewise have it scan your system and allow it to remove anything it finds, then restart your system if prompted to do so. If the issue is still present then please read and follow the instructions in this topic and then create a new topic in the malware removal area by clicking here and one of our malware removal specialists will assist you in checking the system and cleaning any remaining threats and they should also be able to get the issues with Windows Defender and Windows Update repaired for you. I hope this helps, and if there is anything else we might assist you with please let us know. Thanks
  11. Greetings, That is odd, please do the following so that we may take a look at your Malwarebytes installation to try and determine why this might be happening: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Thanks
  12. Yep, agreed, if it's a fresh install of Windows then using something like Fresh Start should be fine. While you can use ADWCleaner to remove many of the preinstalled bloatware on a system, if you haven't really done anything to Windows to customize it or installed anything anyway then you might as well give Fresh Start a try. Worse comes to worse you can always run ADWCleaner afterwards to remove any undesirable preinstalled applications anyway if any of it is reinstalled by Fresh Start (though by the sound of it based on what I read, it doesn't seem like there should be, perhaps outside of some of the normal preinstalled Microsoft apps, though you should be able to uninstall those normally).
  13. Yes, that is because if it were allowed then it would be too easy for malware or a malicious hacker to do the same via a script or remotely executed command or batch file. That said, if you simply right-click the tray icon and select Quit Malwarebytes it will terminate from memory completely, including the service and all loaded processes and drivers (which is also much safer and more stable, as the service is what loads/controls the drivers, so unloading the service without the drivers could lead to major stability issues; something I've seen in the past through testing by terminating the service via Task Manager and other similar tools without shutting it down properly).
  14. Greetings, It really depends on the types of threats you are dealing with, however in general using the Fresh Start feature is a lot more time consuming and invasive and is far more likely to also remove many personalized options and applications that may have been changed or installed by the user as it is closer to something like full clean installation of Windows whereas ADWCleaner will simply remove the detected threats/PUPs and leave the rest of the system completely untouched so that you don't have to worry about losing any customized settings or applications you may have installed on the system. A feature like Fresh Start can be useful for situations where a system may be badly infected or system settings may be damaged beyond repair, however I wouldn't recommend it as a first step in trying to clean up a system where the only problem is PUPs/adware etc. as such threats are usually pretty simple to deal with using tools like ADWCleaner and Malwarebytes without having to then go through the system to reinstall any apps you had installed or customize any settings on the system you might have changed to your liking. Also keep in mind that much like System Restore and many other rollback features, it is very likely that malware and PUP vendors will start to target this function to try and prevent it from working properly on infected systems to try and prevent its use, be that through blocking it from running or even trying to block access to Microsoft's servers where the clean image/installation of Windows is downloaded from since it does not load from an image or partition stored locally on the system. While malware is far more likely to take things to such extremes, some PUPs have been pushing the boundaries of the lines between PUP and malware behavior these days in order to try and remain installed and active on users' systems since they have a financial motivation most of the time in keeping their undesirable applications installed.
  15. If you want to skip the step of uninstalling WinRAR every time, you can simply open WinRAR and click on Settings and select the Integration tab then uncheck the box next to ISO under Associate WinRAR with then click OK and that will unassociate WinRAR with ISO files so that they appear and work as they normally would as disc images in Windows for opening and burning, and you can still open an ISO file with WinRAR by right-clicking on it and selecting Open with WinRAR so you can still view and extract or edit its contents using WinRAR without losing those default Windows viewing and burning functions.
  16. Greetings, Your best bet if looking for proactive protection along with solid incident response would probably be Malwarebytes Endpoint Protection and Response. It offers all of the latest proactive protection and detection capabilities that Malwarebytes has to offer along with full incident response capabilities for suspicious activity detection, granular endpoint isolation (for cases where an active threat/suspicious activity is detected to prevent threats spreading further across your networks), as well as Malwarebytes' latest solution, Ransomware Rollback which allows for system and data recovery to quickly recover from ransomware attacks should any get through (especially valuable given the high success rate of targeted phishing attacks these days). You can learn more about this solution and find additional links to further documentation and resources here. I hope this helps, and if there is anything else we might assist you with please let us know. Thanks
  17. Just to add to the comments from Maurice above; the list of shielded applications for the Exploit Protection component in Malwarebytes are focused on the most frequently targeted applications by exploits for attack, especially those that are at the greatest risk due to being web-facing or where they are known to be exploited by Trojanized documents and media files including web browsers, media players, document viewing/editing applications and the like. The OS shell itself (explorer.exe) and other critical/core OS components are actively shielded and hardened by Exploit Protection (as well as by technologies built into the operating system such as DEP and some hardware features if your CPU supports them) however those shields/protections work differently than the shielding provided through the DLL injection performed on the applications listed in the default list of shielded applications for Exploit Protection. With that said, if you do use any browsers or other applications that regularly pull web based content (like sidebar/desktop gadgets for example) that aren't listed in the default list of shielded applications, you can add them to the list and use the appropriate profile for them; for example, for a media playback program use the Media Players profile and for a web browser use the Web Browsers profile or Chrome-based Browsers profile depending on whether the browser is based on Chromium, and likewise for a document/office type application use the MS Office or PDF Readers profile as appropriate depending on the type of application/documents etc. used by the application. I hope this helps a bit to clarify things.
  18. Greetings, I noticed your logs show that User Account Control is not set to defaults. It may be unrelated, however Malwarebytes like more modern software is coded to be fully UAC compliant and compatible so it may be worth a try to reset UAC to default and see if that helps: UAC Settings ================================== EnableLUA: On Consent Prompt Behavior Admin: Off Instructions on resetting UAC can be found on this page. Beyond that, if you haven't already, I would suggest signing up for an account at My.Malwarebytes.com to manage your license(s) for Malwarebytes using, if possible, the same email address you used when you originally purchased your license. Instructions on doing so may be found in this support article. If you aren't able to use that original email address because, for example, it is no longer active or you no longer have access to it for some reason then use your current email address and try adding your license to your account as shown in this support article. If you were successful in getting your account created and getting your license to show up there, then please try deactivating your previously active device to free up your license to be able to activate it on your current device/installation to see if that resolves the issue. You can totally reset your license using the Deactivate all function described in this support article. After that, if the problem still persists, then please contact Malwarebytes Support directly by filling out the form on the bottom of this page and they will assist you further. I hope this helps, and if there is anything else we might assist you with please let us know. Thanks
  19. Malwarebytes will label each as determined by the Malwarebytes Research team, so anything overtly malicious will most likely be tagged as actual malware. Anything detected as PUP would be things like adware and the like which aren't necessarily harmful, but could be undesirable, annoying or unwanted. You can learn more about what Malwarebytes classifies as PUP and why at the following links: https://www.malwarebytes.com/pup/ https://blog.malwarebytes.com/malwarebytes-news/2016/10/malwarebytes-gets-tougher-on-pups/
  20. Greetings, No, quarantining the detections will not corrupt Chrome. It is likely that some software you installed came with a bundled PUP (Potentially Unwanted Program) that altered your settings in Chrome, so Malwarebytes will restore it back to defaults if you allow it to quarantine the detections. Once that's done, if the detections return then it could be the result of the sync feature in Chrome. You can correct this by following the instructions in this topic. Please let us know if there are any further issues or if there is anything else we might assist you with. Thanks
  21. You could use 2010 if you have a copy of it. That's what I've been using for years and haven't had any issues (though obviously that's no guarantee that you won't, but I suspect it won't be plagued by the same issues as 2016 is).
  22. Interesting, I wonder what is bringing them back then? There's got to be some program on the system adding those entries to the registry. No harm I guess, but if you really want to track it down you could try a tool such as Process Monitor to see what programs access those keys/create those entries and you could even get your system checked in our malware removal area if you want to make sure that it's nothing malicious going on (I doubt it, but it my be best just to rule it out completely if you aren't certain). If you wish to do the latter then please read and follow the instructions in this topic then create a new topic in the malware removal area by clicking here and one of our malware removal specialists will assist you in checking the system and clearing it of any threats as soon as one is available. Again, I doubt that it is anything malicious, but they might have better luck tracking down the exact program creating those entries so it might be worth pursuing if you really want to eliminate them once and for all.
  23. OK, what about the registry? Have the entries returned under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules? If so, what happens if you delete the detected entries from there by hand? Do they still return on reboot? If so, then something is putting them back, though I'm not sure exactly what program that might be.
  24. Greetings, Thank you for reporting this issue. With regards to the detection of preinstalled software, please refer to this blog article. I will report this issue to the ADWCleaner Research team and hopefully get this issue corrected. In the meantime if you have any scan logs showing these detections of the printer/scanner software from HP that could really help. Thanks
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.