Jump to content

exile360

Experts
  • Content Count

    23,987
  • Joined

  • Last visited

Everything posted by exile360

  1. It may very well be that there are differences in the drivers and other components used by Trend on Windows 10, as it is different architecturally, especially when it comes to AVs, from Windows 7 and Server 2012 R2. In fact, there's an entirely new class of startup for AVs that they may install as an option (which Malwarebytes uses as well on Windows 10) called Early Launch Anti-Malware (or ELAM for short); though it is also available as an option in 2012, however I don't think most vendors have implemented it outside of Windows 8 and Windows 10 for the most part as that's where MS touted the feature most. It may be such a difference that's causing the startup issue on that particular system, especially since something as simple and variable as timing of startups can have an impact on things if there is a conflict where two components are fighting over the same resource during boot or the Windows scheduler has issues loading multiple resource intensive items simultaneously during boot.
  2. As a former PC repair tech with several years experience, including using Malwarebytes as part of my regular cleanup routine, I would highly recommend sticking to the Threat scan and if the user has a tendency to save downloaded files in an odd location such as a secondary drive, just right-click scan that location with Malwarebytes using the option in Explorer if you're worried about it (but generally speaking, if a user brings in a system for a malware/PUP problem, it's really the active threats you need to be concerned with, not so much the dormant installers they might have stored elsewhere on their system which aren't active/installed; you can consult them on staying clean in the future and that should be sufficient to prevent them from getting infected by those, especially if you sell them on something like Malwarebytes Premium or even simply recommend that install it themselves and scan their PC with the free version regularly to check for threats).
  3. Greetings, It may be a false positive. Please restore the item from quarantine assuming you have not deleted it, then perform another scan with ADWCleaner and once it shows the detection, expand the detected item using the + next to it (if there is one) and extend the UI window to show the full details of the detected item and either note it and reproduce it here or simply take a screenshot of it and post it here for review. Thanks
  4. Greetings, I noticed several entries for various VPNs/Proxies on your system. Please try temporarily disabling all of these and then attempting to activate the software once more. If it still fails then please contact Malwarebytes Support directly by filling out the form on the bottom of this page and they will assist you. Please allow at least a few days for them to respond as there have been a large number of support requests recently. Additionally, while you are waiting for Support to respond to your ticket, once 24 hours have passed since the last time you tried to activate the software, try to activate it one more time as sometimes this has been found to work when there is a problem due to too many failed activation attempts within a short timespan. I hope this helps and if there is anything else we might assist you with please let us know. Thanks
  5. Please try following the same procedure from Safe Mode to see if that works any better and then restart your computer normally and post back the requested ZIP file if it worked. Thanks
  6. Greetings, Unfortunately probably not. The best thing to do for now until the issue has been resolved would be to keep Ransomware Protection disabled until the source of the issue is found and fixed. If it's any consolation, the Ransomware Protection component, while quite effective, is actually one of the least proactive protection components in Malwarebytes as it relies on your system first actually getting infected by live ransomware before it comes into play as it only monitors memory for ransomware behavior. Most of the time the other protection modules, especially Exploit Protection and Web Protection, would block any attack that tried to install ransomware on your system to begin with so the Ransomware Protection component is often rendered moot. This is because the vast majority of ransomware attacks begin with an exploit, usually deployed through shell code and similar methods through malvertisements in infected webpages and the like or through Trojanized email attachments utilizing exploits for PDFs or Microsoft Office document formats or simply as files pretending to be legitimate documents when they are in fact scripts or executables in disguise; any of which should be detected and stopped by Exploit Protection and Malware Protection, and often the sites/servers they would reach out to in order to download the actual ransomware binary would be contained in the block lists used by the Web Protection component so the download and execution of the actual ransomware component would be stopped before it even gets to your system. You can learn more about the various layers of protection in Malwarebytes and how they function to thwart attacks throughout the various phases of the kill chain by reviewing the diagram and information found on this page. In the meantime good luck with your issue, and I hope that the crashes are resolved quickly for you. I assume that you are still waiting for a response to your support ticket on the helpdesk; they've been pretty busy lately with all the licensing issues that have cropped up recently with the implementation of the new license management system as I'm sure you're aware, but hopefully it won't be too much longer before you receive a reply.
  7. Greetings, ADWCleaner isn't actually an anti-malware/antivirus tool; it is a scanner designed to look for adware, spyware and potentially unwanted programs (unnecessary and/or annoying software the user may not want, such as many of the preinstalled applications that ship with most PCs that take up unnecessary resources and slow the system down). That said, you should be able to exclude the detected items by right-clicking on the scan result for each and selecting the option to ignore it, that way it will no longer be detected in future scans. I hope this helps, and if there is anything else we might assist you with please let us know. Thanks
  8. No worries, I definitely understand being cautious, that said, the Threat scan does check all running processes and modules in memory, so if any malware were active anywhere on your PC (even from a location not normally checked by the Threat scan such as one of your other drives) it would still be detected. The Research team is very good at optimizing the Threat scan to look everywhere that malware likes to hide and whenever a new location is discovered they add it by modifying the threat databases/signatures so the places that the Threat scan looks for threats can be changed any time they need to be, without even having to wait for a new program version or major release.
  9. Yes, in her case Malwarebytes was registered with the Windows Action Center and it reverted to free mode. Hopefully in most cases this won't happen at all or at least it will revert to the trial but I'm not sure what controls whether it reverts to free or the trial (it likely depends on whether the user has ever used the free trial or not) but hopefully only a small number of users will be impacted by these issues while Malwarebytes transitions to the new licensing system. In the meantime, I'd highly recommend everyone sign up at My.Malwarebytes.com to track and control your licenses and devices. It makes deactivating and moving your licenses to new devices much easier as you don't have to wait on Support to do so and you can see where each license is active.
  10. That's correct, and even if it were an active drive-by exploit malvertisement (which can infect users just by visiting/viewing the site/ad), it would still be blocked before it had the chance to connect to your PC to attempt to infect you. You can also further augment your protection from malicious websites by installing the Malwarebytes browser extension beta if you use Chrome or any Chromium based browser such as the new Microsoft Edge browser, SRWare Iron or Vivaldi or if you use Mozilla Firefox. It works well alongside the Web Protection in Malwarebytes 3 and adds additional protection capabilities. You can learn more about it and download it at the following links: Chrome Firefox
  11. Just for clarification, if Malwarebytes reverts to the trial (not free mode), then all Premium features, including real-time protection will still be active, at least for the 14 day duration of the trial. Prior to the trial expiring it will notify you that your trial will soon expire and that you'll lose real-time protection. Obviously this doesn't help those where the product has reverted to the free version, but at least for those where it reverts to the trial they will still be protected and will be notified before they lose that protection.
  12. Great, I'm glad I was able to help If there is anything else we might assist you with please let us know. Thanks
  13. Greetings, PUP stands for Potentially Unwanted Program and can be anything from adware to spyware to just software that is more annoying or potentially risky to the health of the system than useful. As for why these detections keep returning, it's quite possible that some other threat on the system is downloading and reinstalling them whenever they have been removed by Malwarebytes. To resolve this issue please try running ADWCleaner and have it scan your system and remove anything it finds, restarting your system if prompted to do so to complete the removal process. Once that is complete, open Malwarebytes and go to Settings>Protection and under the Scan Options section enable the option to scan for rootkits then return to the Dashboard tab and launch a scan by clicking Scan Now. Allow the scan to complete and have Malwarebytes remove anything it finds, again restarting your system if prompted to do so to complete the removal process. Next, if the problem still persists, please follow the instructions in this topic to see if that fixes the issue. If the problem still remains after all that then please read and follow the instructions in this topic and then create a new topic in our malware removal area by clicking here and one of our malware removal specialists will assist you in checking and cleaning the system of any remaining threats once and for all. I hope this helps, and if there is anything else we might assist you with please let us know. Thanks
  14. The Windows Action Center/Security Center will also alert you if Malwarebytes has been registered there, which it will be by default if you aren't using a third party AV on your system. You can also enable the feature manually if you choose to do so under Malwarebytes settings.
  15. Any idea if Exploit Protection in Malwarebytes guards against this vulnerability? I assume it does, but I don't know for certain. I do know that VLC is among the default media players/applications shielded by Exploit Protection in Malwarebytes 3.
  16. Greetings, Yes, it does. Whenever you go to run a scan, as long as ADWCleaner can connect to its update servers it should check for and download any new signatures. I hope this helps, and if there is anything else we might assist you with please let us know. Thanks
  17. Greetings, Please do the following to see if it corrects the issue (I know you mentioned the clean tool in your first post, but I want to make certain you use the actual Malwarebytes Support Tool as it contains the latest clean removal script for the software): Run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here Next, if the issue still persists, please try setting UAC back to default settings. Malwarebytes, like most modern software, has been designed to be fully compliant and compatible with User Account Control. Instructions on doing so can be found on this page. Restart your system after resetting UAC and see if Malwarebytes now starts up normally. If it does not, then please try temporarily removing Avast AV to see if that makes any difference. The uninstall tool for Avast can be found here. If that last step helped, then please reinstall Avast and test again to see if the problem occurs again, and if it does, then please try configuring exclusions between Malwarebytes and Avast to see if that helps. To exclude Avast in Malwarebytes, add Avast's program folder(s) from C:\Program Files and/or C:\Program Files (x86) as well as Avast's data folder likely located under C:\ProgramData using the Exclude a File or Folder method described in this support article and exclude the files listed in this support article as best you can from Avast's real-time protection. Please let us know how it goes and if the issue still persists. Thanks
  18. ADWCleaner and Malwarebytes target different things; this is why ADWCleaner still exists as it has not yet been integrated into Malwarebytes but someday it may be. Are you still having any issues, or does the system seem to be running normally now? If the system still has any problems or you believe it may still be infected then please read and follow the instructions in this topic and then create a new topic in our malware removal area by clicking here and one of our malware removal specialists will assist you in checking and clearing the system of any remaining threats.
  19. Greetings, If you are able, please post a log from the tool that discovered these detections as I am not familiar with it. We can then verify whether Malwarebytes should have detected them or not. It might also be a good idea to run a scan with ADWCleaner to make certain no additional adware items remain on your system. Please let us know how it goes, and again, if possible, please provide a scan log from the other tool that you scanned with that made the detections. Thanks
  20. You guys really gotta stop posting in Klingon; I'm having trouble reading it (just kidding, long live the Empire!)
  21. As mentioned above, anyone who believes they may be infected needs to read and follow the instructions in this topic and then create a new topic in the malware removal area by clicking here and one of our malware removal specialists will assist you in checking and clearing your system of any threats as soon as one is available. Please do not post your logs here; we do NOT work on malware removal in this area of the forums, and each user must be helped separately; no matter how similar a threat/infection/attack may seem, they are almost always very different and will require unique steps to check and clean each system so each person is helped 1-on-1, never in groups. Thank you
  22. By the way, you can learn more about the origins of the Ransomware Protection component in Malwarebytes (as well as Malwarebytes Anti-Ransomware Beta where it all began) in this Malwarebytes Labs blog article.
  23. Just to add to what others have already stated, another major factor is the fact that the vast majority of modern ransomware attacks actually begin with an exploit that attempts to download and launch the actual ransomware binary file/encryptor; most attacks will not make it to this stage thanks to the other layers of defense included in Malwarebytes Premium, particularly Exploit Protection which will stop the attack much earlier as soon as the exploit script tries to execute, well before the actual ransomware file itself has even been downloaded/tries to execute. The same goes for the other protection modules in Malwarebytes, including Malware Protection (which uses both traditional threat signatures as well as more advanced heuristics signatures and algorithms; relying much more on the latter than the former which makes it far more effective than most traditional protection solutions), as well as Web Protection and the new anomalous threat detection engine included in the latest versions of Malwarebytes 3 which relies on anomaly detection through Machine Learning/AI as well as leveraging constantly updated and evolving cloud databases and new threat info. Ransomware Protection is purely behavior based, and as mentioned above, monitors for ransomware behavior, including the attempted encryption of files on disk (though like most such solutions, one of the mechanisms it uses are early warning 'test' files that it creates which are likely to be the first to be targeted by the vast majority of ransomware, thus triggering detection before any of your own personal files are likely to be encrypted), as well as other behaviors, many of which occur prior to the encryption of files, however even then, because it is behavior based, this means the ransomware would need to first infiltrate the system and execute into memory for the Ransomware Protection component to detect it which makes it far more reactionary than the other protection components. This is because, thanks to the other layers in Malwarebytes, it is only there as more of a fallback protection measure as most infections/attacks will never get far enough to be detected by it. You can learn more about how the various components of Malwarebytes work to thwart attacks throughout the various phases of the attack chain/kill chain by reviewing the chart and information found on this page. Basically, if ZA's ransomware protection works differently from the Ransomware Protection component in Malwarebytes, then you don't need to turn off either of them because they won't conflict as they are operating during different phases of a potential attack, and if they work the same way then it likely doesn't matter which you keep enabled and which you disable, as long as ZA's is as comprehensive as the Ransomware Protection provided by Malwarebytes (as I mentioned, the Ransomware Protection in Malwarebytes uses many methods to detect a ransomware attack, not just the detection of the encryption of files; it is based on one of the first developed, most effective standalone anti-ransomware protection tools that was created and first popularized during the initial rise of ransomware threats so it isn't just some side project developed by Malwarebytes' own Developers in-house as a response to ransomware when it emerged; Malwarebytes went out and found the best at dealing with ransomware on the cutting edge of the field, purchased their company, hired their Developers and Researchers and brought their code in to be integrated into Malwarebytes Premium; I suspect the same cannot be said for the ransomware module in ZA, though I could be wrong).
  24. Greetings, It sounds to me like it may be an issue with modified compatibility settings. You should be able to correct this by right-clicking on the Malwarebytes icon that you use for opening Malwarebytes (I'm guessing the desktop shortcut or START menu shortcut) and selecting Properties and clicking on the Compatibility tab and unchecking any checkboxes that are checked there then clicking Apply then click the Show settings for all users button and repeat the process (uncheck any of the boxes that are checked) then click Apply, then click OK. If that doesn't resolve it, then try navigating to C:\Program Files\Malwarebytes\Anti-Malware and locating the file mbam.exe and doing the same (right-click on it, select Properties, go to the Compatibility tab and uncheck any boxes that are checked then click Apply then click Show settings for all users and do the same, then click OK). If the issue still persists then please provide the ZIP file requested above (instructions on how to do so can also be found below): Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Please let us know how it goes and if necessary, please provide the requested ZIP file. Thanks
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.