Jump to content

exile360

Experts
  • Content Count

    23,958
  • Joined

  • Last visited

Everything posted by exile360

  1. Greetings, Thank you for documenting these issues so thoroughly. I will report this information to the Developer and Product teams for investigation and hopefully they will be able to at least address the bugs you seem to have discovered (failing to load exclusions upon creation if Exploit Protection is already active and failing to honor existing exclusions if Exploit Protection settings are restored to defaults). As for the condition of the detection itself, I can only speak to the very generic signature-less, behavior based nature of the Anti-Exploit component and its strict enforcement of those rules, particularly in the case of Java as it is historically by far one of the most commonly exploited applications in existence by malware authors, particularly for executing malicious scripts and downloading and executing malicious payloads so any activity which is even remotely suspect is likely to be flagged by these protections if enabled. This being the case, unless the Developer and/or Researchers can determine a way to safely exclude these applications' activities without compromising system security for all users, it is likely that, at least for the time being, that you may have to continue to use the exclusion feature as you have or to disable the particular Java shielding settings in the Exploit Protection component whenever you plan to use these applications because unfortunately, while it is understandable that this is a great inconvenience in this particular case, these protective shields have proven vastly effective against both existing/known and new/unknown exploit kits and attacks in the wild which have attempted to exploit Java when installed and active on users' systems. That said, I only speak from my own general working knowledge of the situation and the Developer and/or Researchers would have to address any specifics with regards to these functions and any limitations which might exist that could prevent easily whitelisting these applications by Malwarebytes. It is entirely possible that they could be safely whitelisted on our side without compromising users' safety, however I do not know enough about its internal workings to say for certain one way or the other. I am only stating the information I have based on my general knowledge of the component having worked for the company for several years and personally using their products on my own systems. Your patience is appreciated, and as I said, I will be reporting this information to the team for review, so hopefully they will be able to address your situation in a satisfactory manner.
  2. Greetings, Since the connection is incoming (in other words from the outside), it is possible that you need to enable your firewall. If you are not using a hardware router which includes a built in firewall then you should at least make sure that the Windows Firewall is turned on. Instructions on how to do so may be found here. If that does not fix the problem, then please open Malwarebytes and go to Settings>Protection and find the Scan Options section and change the Scan for rootkits setting to On: Once that is done, return to the Dashboard tab and click on the large Scan Now button located at the bottom: Allow Malwarebytes to update and scan your system for threats and once it finishes, be sure to have it remove anything it detects and then restart your computer to complete the removal process if it asks you to do so. If nothing was found or if the problem continues, please download ADWCleaner and use it to scan your computer and have it remove anything it finds, then restart again if asked to do so to complete the cleanup process. If you still have the same problem with this blocked website after all of that, then please follow the instructions in this topic and then post the requested logs and information in a new topic in the malware removal area by clicking here and one of our malware removal specialists will help you to check and clean the system of any remaining infections.
  3. Greetings, Just to make certain everything is OK, please open Malwarebytes and navigate to Settings>Application and click the Install Application Updates button located there. It should download the most recent Component Update version 1.0.391 which you can verify under Settings>About in Malwarebytes where it says Component package version:; your current version according to the logs you provided is 1.0.374, so after the update you should have 1.0.391. Once it shows the new version there, go ahead and reboot your system once more just to make sure the new modules are loaded into memory. If you have any trouble or any new issues emerge please let us know. Thanks
  4. Greetings, I tried accessing the keystone server with my browser here and I was unable, so it is possible that there is a problem with the licensing server currently. I will try to contact someone from the team to prompt an investigation assuming they are not already aware of the issue. I will let you know what comes of it, thank you for your patience.
  5. OK, please go ahead and install the latest Component Update as it may resolve this issue permanently (as well as others). To do so, launch Malwarebytes and navigate to Settings>Application and click on the Install Application Updates button. It should then download and install the patch silently. Once it is installed you should see Component package version: 1.0.391 listed in the Settings>About tab (currently, at least according to your logs, it is version 1.0.374). Once that has successfully installed, go ahead and restart your system for good measure, just to make certain that the new components are loaded into memory. Please let me know how it goes and if you have any problems or additional questions or issues. Thanks
  6. Greetings, Please follow the instructions below to provide diagnostic logs so that we may take a closer look at your installation and hopefully figure out what's causing the problem: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced Options on the main page (not Get Started) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Thanks
  7. You're welcome, I'm glad to be of service
  8. Yes, that's correct, and yes, they now have a dedicated page for it on Malwarebytes.com located here.
  9. No problem at all, that minor version info is an easy thing to overlook, especially with the major version info at the top of the main UI as well as the tray icon's hover tooltip remaining the same. If there's anything else we can help you with, please don't hesitate to post. Thanks
  10. Greetings, Yes, you are correct. Those features were removed in the most recent Component Update package 1.0.391 which was released last Monday. I believe the notification regarding updates was removed due to the fact that a large number of users complained as they would leave their PC off for a day or more, then start the system and immediately be greeted by urgent alerts/warnings from Malwarebytes about being out of date, but since it is configured by default to update every hour, as well as every time the user initiates a scan (as well as whenever scheduled scans start by default; something also likely to occur by default after the system is off for that long since it's scheduled to scan daily and run on startup if the last scan was missed within the last 23 hours) so they saw fit to remove that particular function. As for the up to date status in the tray tooltip menu, I'm not sure, but I suspect the thinking was similar and that they figured if a user intended to check the full status of things, they'd likely just double-click the tray to open the main UI and either initiate a manual update via the link in the Dashboard, or kick off a manual scan at which point it would automatically check for updates anyway. As for the different versions/same version info, please check the Settings>About tab and verify that the Component package version: is 1.0.391 as this is the most recent Component Update (CU)/patch released this past Monday, and was the build where these changes occurred (the major version is still 3.5.1).
  11. Greetings, This was most likely the recently released Component Update (CU) version 1.0.391. You may verify this by checking the Settings>About tab in Malwarebytes and looking at the value next to Component package version. Information about the component update may be found in this post. Since it was not a major point release/full software update, just a patch for specific files/components of the software, no new installer was downloaded/run and the major version information did not change. It was primarily a small patch release to fix specific bugs found in version 3.5.1. If there is anything else we might assist you with, please don't hesitate to ask. Thanks
  12. Greetings, For issues related to licensing your best option would be to contact Malwarebytes Support directly via the options found on this page. If there is anything else we might assist you with, please don't hesitate to let us know. Thanks
  13. Greetings and welcome, This isn't anything to worry about. Online games such as this connect to a wide variety of servers when looking for available game servers, and since many servers will host several separate websites (all of which will have the same IP address since each server has a single IP), it frequently occurs that a server being used to host a game is also being used by others to host some other content, which sometimes might be malicious such as a site hosting malware of some kind. This means that if you were to visit the domain (the actual URL/website) where the malicious content is hosted in your web browser, there would be a risk of becoming infected, but connecting to the game content (which is actually a separate site basically, just on the same physical server/IP) is perfectly harmless. I bet that when the list is refreshed, the game's networking protocol is probably pinging the various servers to discover info such as the speed/distance in relation to your system/location (the ping/speed) as well as how many players are online, the rules for the specific server, the map(s) being played, any particular mods in use on the server etc. (stuff you might want to know before joining/deciding on a server, and stuff the game needs to know to determine if it's OK to connect to it for your current setup) and that's where this connection attempt is coming from. It works this way because individuals and different organizations are allowed to host their own game servers so that the game is essentially a Peer-to-Peer (or P2P as it's also known) client/application. So to sum up, it's nothing to worry about and is not a sign of infection on your system. If you would prefer not to have those servers blocked for your game (while still remaining protected from that IP/server in other apps such as your web browser(s)) you may exclude the game's process in Malwarebytes by navigating to Settings>Exclusions and clicking Add Exclusion then selecting Exclude an Application that Connects to the Internet then click Next then click the Browse... button and navigate to the folder where the game is installed and locate the process that Malwarebytes blocked and double-click on it then click OK and you should then see it in your Exclusions list in Malwarebytes and connections to/from that particular process will no longer be blocked but all other processes which are not in your Exclusions list will still be fully protected from all blacklisted websites. More information about Peer-to-Peer clients, such as many online games, Bittorrent/filesharing clients/software, some instant messaging services such as Skype and others, and what to do when Malwarebytes blocks them may be found here. Please let us know if there is anything else we might assist you with. Thanks
  14. Greetings, This software is detected as PUP (Potentially Unwanted Program) which simply means that it fits Malwarebytes criteria for this category, not that it is necessarily a threat, scam or virus (in fact, if any of those were true, it would be identified as actual malware, not PUP and detection for it would show in RED, not ORANGE), however if you wish to use this software you have several options: First, you may temporarily disable the Malware Protection component of Malwarebytes during installation to keep it from blocking and quarantining the program during install, then exclude it as detailed later in this post. Second, you can disable detection of PUPs permanently if you don't want Malwarebytes detecting Potentially Unwanted Programs and just want it to focus on actual malware. To do this, open Malwarebytes and navigate to Settings>Protection and use the drop-down menu under Potentially Unwanted Programs (PUPs) in the Potential Threat Protection section to change the setting to Ignore Detections (or Warn User if you still want them detected but don't want it to automatically quarantine them so that you may decide how each detection is handled; this also extends to scanning as well). Third, if you wish to exclude the program from being detected once the software is installed, perform a Threat Scan with Malwarebytes and once it completes, click the checkbox at the top of the results list next to the Threat Type column header to clear all checkboxes in the list, then click Next. Once the prompt comes up asking what to do with the remaining detected items, click Ignore Always and they will be added to Malwarebytes Exclusions list so that they will no longer be detected. Note that this will not extend to new versions of the software that you download in the future unless the names of the files and locations are all the same, so you may have to do this again should the software vendor make changes to the installation structure of the software in future releases. For software detected as PUP, any vendor who wishes to have Malwarebytes review their PUP classification to attempt to have the software delisted may contact Malwarebytes via the email address contained on this page.
  15. Excellent, I'm glad to hear it. If any further issues occur please let us know, and feel free to utilize the rest of the info I posted if any of the infections return.
  16. Please also note that while Malwarebytes 3 may not have blocked this malicious site, Malwarebytes has developed a new piece of technology that likely would. It is a new browser extension which is currently in beta and freely available at this time for both Chrome (and other Chromium based browsers like SRWare Iron) as well as Mozilla Firefox. Instead of using a dedicated black list of known malicious sites the way that the Web Protection component in Malwarebytes 3 does, it also utilizes behavior based signature-less techniques to block new and unknown malicious sites based on their behavior, layout and content and is capable of blocking tech support scam sites (like the one you reported in this thread), phishing scam sites, clickbait sites used frequently for distributing malware, many ads as well as trackers to protect your privacy. You can get the extension and find out more about it at the following links: Chrome Firefox It makes an excellent addition to the layers of defense provided by Malwarebytes 3 and can also be used on its own if desired.
  17. Greetings, First, please make certain you're running the latest version of Malwarebytes. To do so, open Malwarebytes and navigate to Settings>About and review the version information there. For the first two items it should show the same version numbers as what I have circled in the image below: If it differs, navigate to the Application tab and click on the Install Application Updates button to have it download and install any program and component updates, then restart your system once it has installed them and check to see if it is now working properly. If you already have the latest version and the issue persists, then the only workaround at this time is to temporarily disable Web Protection while using the affected program.
  18. Greetings, To start, please try running the special build of Malwarebytes Anti-Rootkit in this topic as instructed in that link. Next, if problems persist, try running ADWCleaner and remove everything it finds, rebooting to complete the cleanup process. If those tools didn't help or you're still seeing signs of infection, then please read and follow the instructions in this topic and create a new thread in the malware removal area with the requested information and logs by clicking here and one of our malware removal specialists will assist you in checking and cleaning the system as soon as one becomes available.
  19. The terminology makes it sound more like intelligence than it actually is. In reality, when they add a new file to the set of data for the system and tell the system that the file is clean/safe (i.e. not malware, do not detect as a threat), the system analyzes the structure of the file and the various details about the file such as its version information, metadata and other aspects to determine what about the file makes it different from similar files that were positively identified as threats and then alters its detections based on that. It basically comes down to sets of data, one for sets of files that are harmless, and one for sets of files that are malware and over time as it is trained, this system becomes more accurate at identifying each for new files it has never seen before.
  20. Try contacting Support directly via the information on this page. They should be able to get everything with your account sorted. It's a fairly new system so it wouldn't surprise me if you've encountered a bug with it.
  21. Greetings and welcome Are you referring to your scheduled scan? If so, then there's actually a separate option where you must enable rootkit scanning. Navigate to Settings>Scan Schedule and double-click on the scheduled scan where you want rootkit scanning to function and in the pop-up dialog that opens, click on the Advanced v button and it will reveal additional options for your scheduled scan, including Scan for Rootkits. Check the box next to this option and your scheduled scan will include active rootkit scanning. We generally recommend using the Threat Scan as it is designed to look in all locations where malware installs as well as all active processes and threads, and when rootkit scanning is active, it also checks all locations where an active rootkit can be installed such as the boot files/partitions, registry hives and system files and drivers so you don't have to run a Custom Scan if all you want to do is make sure the system isn't infected with anything, including rootkits. Also, as long as you store your downloaded files in a standard location such as your desktop or the default downloads folder, Malwarebytes will scan all of those files for you as well during the Threat Scan (and of course, the active real-time protection components will guard you from infection in a wide variety of ways, including checking any process that attempts to execute in memory). Please let us know if that resolves your issue or not and if there is anything else we might assist you with. Thanks
  22. You're within your rights to request a full refund if you don't want to wait it out. Obviously we hope you'll stick with us, but no one wants you to pay for a product that you aren't happy with either. If you decide to request a refund, the information on who to contact and how may be found here or you may contact Malwarebytes Support directly via the options on this page. Version 3.4.5 may be safely downloaded from here. FileHippo always has older versions of the software archived for download and I've used them for years. That said, if you want my advice, I'd suggest sticking with 3.5.1 and disabling Web Protection for the time being to eliminate the BSODs and start using the Malwarebytes browser extension beta which is currently available for both Chrome and Firefox as it uses the same databases as Web Protection in addition to using signature-less behavior based capabilities to block other malicious sites that Web Protection does not as well as blocking many ads and tracking servers for privacy: Chrome Firefox The reason I don't recommend 3.4.5 is because many other issues have been fixed since then, and many more new capabilities have been added, including many improved detection and removal capabilities for the various protection components in Malwarebytes 3 which are not backwards compatible with older versions like 3.4.5, so even though you get the same databases, some of the content of those databases as well as some of the signature-less capabilities which have been improved in the other modules since 3.4.5 will be unavailable to you.
  23. Yes, unfortunately this has been a tough issue to fix completely. They actually did correct several of the underlying issues that were causing some of the BSODs in the past couple of releases, however the one you guys are seeing appears to be the most persistent and I believe the only one they haven't been able to nail down yet, but hopefully, thanks to all the memory dumps and logs/data you guys have provided, they'll finally get this last one fixed as well; I hope in the next release. I know that's what they are trying to do anyway, but of course it isn't fixed until it's fixed, so until then all we can do is wait and hope.
  24. OK, well that's odd. Please try restarting the system once more then try the button one more time, but if that doesn't work then perhaps a clean install is in order to try to get it straightened out: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced Options on the main page (not Get Started) Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here Once it's installed again, try once more to use the Install Application Updates button and hopefully this time it will download and install it for you. Please let me know how it goes. Thanks
  25. If they try to charge the old card and fail, they should send you an email asking you to revise your payment information at which point you may do so if you wish, or you can contact them via the information listed on this page to go ahead and update it if you know that you want to renew and want the new payment info to be ready when the time comes. Either way you should also receive one or two notices from them via email when the time draws near which will likely include pricing and term info, including any special offers/discounts they might have for you as a returning/renewing customer. edit: Also, if you've set up the My Account feature in Malwarebytes then you may log in there to revise your payment info as detailed here. With regards to the issues, I hear you, there have definitely been a lot of issues with Malwarebytes 3 over the past year or so, however thankfully they have been getting fixed gradually with each release and it is now more stable than it's been in a long time, at least for most users (though there are still some issues the team is still working on so I cannot say that everything has been fixed yet, but they are trying). I'm hoping that this next release, which will likely be due within the next few months (possibly sooner, depending on how long it takes and what their release schedule looks like), will fix at least most if not all of the major remaining issues with Malwarebytes 3, but until the publish a beta for affected users to start testing to verify, we really can't know so until then it's best to just keep an eye on the forums, particularly this area where they conduct 3.x beta testing for pre-release builds to see how things go for the users trying it out and what they report with regards to the particular issues they were impacted by previously.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.