Jump to content

exile360

Experts
  • Content Count

    23,957
  • Joined

  • Last visited

Everything posted by exile360

  1. Greetings, Please open Malwarebytes and go to Settings>Application and click on the Install Application Updates button and allow it to install any available program updates. Once that is complete, restart your system and see if it now works correctly or not. Please let us know if it works properly now or not. Thanks
  2. It does automatically update, however program updates are metered out gradually on a random basis so you won't always receive them right away, however using the Install Application Updates button forces it to check for/download any available program updates. Please try rebooting the system to ensure that the new modules are loaded into memory, then try running OneDriveSetup again to see if it now works. Please let us know how it goes. Thanks
  3. Greetings, I have a few ideas and hopefully one of them will resolve the problem for you: Since there are no other settings which Malwarebytes detects under the ActiveDesktop key that I'm aware of (primarily due to the fact that Active Desktop doesn't really exist as a Windows feature since Windows 2000 and most of the policies that apply to it are now retired/legacy and have no real effect save the one you're trying to exclude), it should be safe to just exclude the entire key, leaving off the |NoChangingWallpaper portion of the exclusion entry in case that allows it to function. You could also try entering the exclusion in a case sensitive manner rather than all caps (assuming you are using all caps as the images indicate) because, while it should be case-insensitive, I do recall a long time ago that Malwarebytes did have some issues with certain registry entries if the appropriate case was not used, so while it is definitely a long shot as that was a very long time ago back in the 1.x days, it still could be a similar issue here. Otherwise, you might try just using HKCU\Software rather than HKU\Software as that should allow it to work to still exclude all users in theory and eliminates the need for the wildcard which might be what's tripping it up.
  4. Greetings, There is a newer version of Malwarebytes available, Component Update 1.0.391. You currently have Component Update 1.0.374 installed so let's start there and see if that resolves the issue. Please open Malwarebytes and go to Settings>Application then click on Install Application Updates. It should then download and install the patch. Once it completes which you can verify by checking the Settings>About tab and looking at the Component package version value, restart your system to make sure the new components are loaded into memory then test to see if that makes any difference with performance while playing your game.
  5. Greetings, Unfortunately there is no way natively to do this within Malwarebytes at this time, however the uninstaller does require administrative privileges so User Account Control could be used as a means to prevent users from uninstalling the software if you were to set up admin passwords to prevent your users from performing administrative tasks (generally a good idea for security anyway, and one of the primary reasons Microsoft implemented UAC in Vista in the first place). Otherwise the only way I know to do something like this would be to deliberately block the uninstaller itself from executing which could be accomplished via a registry policy or Group Policy by using the DisallowRun registry function, however it has limitations and only prevents users from executing specified processes by path/name and only through the Explorer shell process (i.e. they can bypass it using CMD or any other initiating process) and also be advised that by default, Malwarebytes actually detects the DisallowRun setting when enabled as a PUM (Potentially Unwanted Modification) as this setting has frequently been used by malware in the past to prevent legitimate security apps and system tools from running to prevent their detection and removal. If it helps at all, Malwarebytes normally uses an InnoSetup installation package, so that is what the uninstaller actually is. Documentation on InnoSetup can be found here, although Malwarebytes also offers an MSI installation package for some of their business products (which actually is an InnoSetup installer wrapped within an MSI archive/installer). MSI documentation may be found here as well as here.
  6. Yes, unfortunately because of the way they push updates in a metered semi-random fashion, it can frequently occur that some systems will receive an update while others may not until later on. I make it a habit to check for new versions at least once a month if not more frequently to compensate for this, usually when it's time to patch my operating system and other software like Flash Player (Patch Tuesday; the second Tuesday of every month when MS pushes out Windows Updates/Microsoft product updates) so that I get everything patched at the same time and use that as a sort of regular scheduled maintenance task.
  7. Excellent, I'm glad that it worked. If you would, please post the log from the scan. I want to take a look just to see what the infection was causing all of this as such knowledge can aid us in helping others in the future. Also, if you observe any further symptoms of infection you can always seek assistance in our malware removal area as instructed in my previous post. They're always willing to help anyone in need of assistance with eliminating infections from PCs.
  8. It happens automatically with updates, but new program versions like this are metered out gradually, however you can force it to update via the button in the Application tab. The function in the Dashboard only monitors database updates/signatures, not program versions and components which is why it says you are up to date because it's only looking at the third item in the About tab Update package version:.
  9. Did you read this at the end of the blog post just before the comments section?: It seems to indicate that there could be a reason posts in the comments don't show up right away. If you were just posting your opinion (and assuming there wasn't anything in its contents that triggered one of the automated spam filters) then it should show up eventually. The won't censor you just because you might have a contrary opinion. They would not have asked if they didn't want to hear from all sides, otherwise they simply would have posted something like "Hey, we're doing this really great thing to protect you but it comes at a small cost of potential inconvenience, so here's what you need to know and how to disable it", but instead they literally asked what they should do because they know that some legit services will get blocked along with all the bad ones. They wouldn't go there if they didn't want to hear from users that don't agree that all should be blocked, it just wouldn't make any sense because their own statements in the blog post itself plant those seeds of doubt with their own words.
  10. Odd, the log you posted shows that you're logged in as a limited user: Here's the list of user accounts for the system, which one are you logged into?: Yes, you have to use the button I mentioned. The Dashboard only checks for database updates. OK, please try disabling the Ransomware Protection component to see if that's the issue. To do so, right-click the Malwarebytes tray icon and click on Ransomware Protection: On then click Yes to the User Account Control prompt. Also, make certain that Malwarebytes now shows Component package version: 1.0.391 under Settings>About as illustrated below:
  11. Thanks. OK, two things. First, you're running from a limited user account. I need you to log into Windows as an administrator. Once you've done that, open Malwarebytes and go to Settings>Application and click the Install Application Updates button. There is a new component update available that might resolve the issue. You'll know when it is installed by looking under the Settings>About tab in Malwarebytes where it should say Component package version: 1.0.391 (you currently have the older 1.0.374 installed). After that's done, restart the system to make sure the new modules are loaded into memory and let me know if things are working better now or not.
  12. Can you try running the tool from Safe Mode with Networking to see if you have any better luck there?
  13. Greetings, Please do the following so that we may take a look at your Malwarebytes installation. Hopefully it will offer a clue as to what component is causing this and a possible solution: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced Options on the main page (not Get Started) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Thanks
  14. Excellent, I'm glad to be of service. If there is anything else we might assist you with please don't hesitate to let us know. Thanks
  15. Greetings, What happens if you open Malwarebytes and go to Settings>Application and use the drop-down menu under Display Language to select English (U.K.), does that resolve the issue?
  16. What's really odd is that I wasn't able to connect to Keystone either, but now it's working fine for me as well. Obviously I didn't have it blocked in my HOSTS file, but I guess whatever that issue was it's now resolved.
  17. There's your answer right there. Bundled installers specifically are something that Malwarebytes deliberately targets aggressively under the PUP category. You can read about a related example, Auslogics Disk Defrag, here where they cite specifically:
  18. Greetings and welcome, At this point your best bet would be to read and follow the instructions in this topic and then create a new thread in the malware removal area containing the requested logs and information by clicking here and one of our malware removal specialists will assist you as soon as one becomes available to help you clean out any remaining threats. Please let us know if there's anything else we might do to help you. Thanks
  19. The following logs would likely prove useful as they provide a good picture of what's on the system as well as the condition of many core OS components as well as third party security components and can also help determine if there is an infection present which might be causing the issue: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced Options on the main page (not Get Started) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply
  20. Nope, not at all. Toolslib is a valid resource and is used by many experts in the community for hosting their tools. Malwarebytes however is a company (and a pretty large one at this point) so I figure they thought that it might not look super professional to have a tool they now own hosted offsite rather than on their own page. It was likely something they planned to do for a while but wanted to give everyone time to become aware of the fact that the tool is now owned by Malwarebytes rather than immediately pulling it from its longtime primary host at Toolslib, but a year was long enough, especially with the UI changes they've made which clearly reflect the owner of the software now.
  21. Greetings, Unfortunately since Macs are so different from Windows, the tools and methods for removing threats from Windows don't apply to Macs. However we do offer free expert assistance with cleaning up infected systems, including Macs. Just create a new topic in our Mac malware removal area by clicking here and describe the issues you're having and one of our malware removal specialists who deals with Mac malware will assist you as soon as they are available. While you are waiting, you can try to install the free version of Malwarebytes for Mac from here to see if it is able to detect and remove the threats afflicting your browser. If not, or if other issues remain, go ahead and post in the link I provided for the malware removal area and they will make sure that you receive the help you need to get your system cleaned.
  22. Very good, if you need any further assistance please don't hesitate to post.
  23. Greetings, While it isn't necessarily required, it definitely would help to avoid any potential issues in activating the software again after reinstalling Windows as they do tend to limit product activations to help curb abuse/piracy. That said, if you don't have the opportunity to do so, if for example it's already been done or the system won't run so that you can deactivate it, you can either manage your activated systems/licenses via the My Account feature (more info here as well as here), or alternatively by contacting Malwarebytes Support directly via the options found on this page and they will assist you with managing the license activation status for your past installations. Please let us know if there is anything else we might assist you with. Thanks
  24. Greetings, The only way to check a license key that I know of would be to contact Malwarebytes Support directly via the options on this page as they have direct access to the licensing system and should be able to check to verify the key's source, otherwise, if you activated the software with the license key and it does turn out to be invalid, then it is very likely that eventually it will stop working once the licensing system makes that determination. That said, if you do contact Support, they may be able to offer some form of compensation if it does turn out to be a bad key that you were scammed into purchasing by a dishonest seller, so don't give up hope even if you have strong doubts about the license key's validity. The people at Malwarebytes are really great and they tend to put the customer before profits more often than not, so please don't be ashamed to reach out to them and ask for their help in checking into this situation for you. You're just doing your due diligence which is a smart move in situations like this because it's better to find out what's going on with it now rather than relying on it and suddenly losing your protection out of the blue later on when you might really need it.
  25. Greetings, Thank you for documenting these issues so thoroughly. I will report this information to the Developer and Product teams for investigation and hopefully they will be able to at least address the bugs you seem to have discovered (failing to load exclusions upon creation if Exploit Protection is already active and failing to honor existing exclusions if Exploit Protection settings are restored to defaults). As for the condition of the detection itself, I can only speak to the very generic signature-less, behavior based nature of the Anti-Exploit component and its strict enforcement of those rules, particularly in the case of Java as it is historically by far one of the most commonly exploited applications in existence by malware authors, particularly for executing malicious scripts and downloading and executing malicious payloads so any activity which is even remotely suspect is likely to be flagged by these protections if enabled. This being the case, unless the Developer and/or Researchers can determine a way to safely exclude these applications' activities without compromising system security for all users, it is likely that, at least for the time being, that you may have to continue to use the exclusion feature as you have or to disable the particular Java shielding settings in the Exploit Protection component whenever you plan to use these applications because unfortunately, while it is understandable that this is a great inconvenience in this particular case, these protective shields have proven vastly effective against both existing/known and new/unknown exploit kits and attacks in the wild which have attempted to exploit Java when installed and active on users' systems. That said, I only speak from my own general working knowledge of the situation and the Developer and/or Researchers would have to address any specifics with regards to these functions and any limitations which might exist that could prevent easily whitelisting these applications by Malwarebytes. It is entirely possible that they could be safely whitelisted on our side without compromising users' safety, however I do not know enough about its internal workings to say for certain one way or the other. I am only stating the information I have based on my general knowledge of the component having worked for the company for several years and personally using their products on my own systems. Your patience is appreciated, and as I said, I will be reporting this information to the team for review, so hopefully they will be able to address your situation in a satisfactory manner.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.