Jump to content

exile360

Experts
  • Content Count

    24,343
  • Joined

  • Last visited

Everything posted by exile360

  1. exile360

    mbae-test tool

    Did you configure it to execute the exploit through a protected process such as the option it has to use Internet Explorer instead of Calculator? If not, then that would be why since the Exploit Protection in Malwarebytes primarily shields web facing applications like browsers and commonly exploited processes like media players and office software (though there are some exceptions such as some of the kernel shielding components and generic process/system hardening components). When I ran the test I got detections for all but a few of the tests in the HitmanPro.Alert tool with Malwarebytes (I even reported my findings to Pedro as I thought he might find it useful). I'll perform the test again later on today after I've finished with my work and will report my findings here.
  2. You're welcome. Hopefully Google will get this issue cleared up soon so that it will no longer be an issue, but at this point I don't know as it seems they actually plan to take this feature even further soon which will be bad for a lot of third party software.
  3. OK, thanks, I just wanted to make sure just in case it was maybe an issue with the START menu shortcut only. Do you have a D:\ drive attached to the system by the way? I mentioned it earlier since that's the drive being referenced in the error and it appears to be an empty disk with no space according to your logs which likely means it was a removable drive which is no longer plugged into the system like a flash drive or external hard drive. If it is the case that you no longer have such a drive plugged in, then you can give the tool in the first post located here a try. Just follow the instructions to have it remove any drives which are no longer present and it should eliminate it, then restart the computer and hopefully Malwarebytes will then launch normally without the error.
  4. Greetings, Unfortunately this is a known issue with the latest release of Chrome. Please refer to the information in this post as well as this post for details. At this time the only option seems to be using an alternate browser such as another based on the same Chromium source code as Google Chrome (assuming you desire the same features and extension/add-on compatibility) such as SRWare Iron, Opera, or Vivaldi, all of which use the same Chromium source code as Chrome, just without Google's branding and modifications from source (i.e. their inserted tracking and advertising etc.) and they don't seem to be doing this with applications the way Chrome is either, claiming suddenly that many apps are incompatible.
  5. Greetings, Please remove the exclusions in Malwarebytes referencing locations on drive F:\ which does not appear to be attached to your system any longer. This is consistent with similar cases where a bug in the most recent version of Malwarebytes causes Ransomware Protection to fail to start whenever an exclusion exists for a location on a drive that is no longer attached to the system. Hopefully this will be fixed in the next release, however for the time being such exclusions must be removed in order for Ransomware Protection to function. Please let us know how it goes and if there are any additional problems. Thanks
  6. Greetings, Please do the following: Create a Process Monitor Log: Create a new folder on your desktop called Logs Please download Process Monitor from here and save it to your desktop Double-click on Procmon.exe to run it In Process Monitor, click on File at the top and select Backing Files... Click the circle to the left of Use file named: and click the ... button Browse to the Logs folder you just created and type MB3 Log in the File name: box and click Save Exit Process Monitor and open it again so that it starts creating the logs Wait for the stutter to repeat itself while Process Monitor is logging at least once and please note the exact time to the best of your ability based on the info displayed in Process Monitor (this will help the staff to identify precisely when it occurred which will hopefully reveal the cause) Close Process Monitor Right-click on the Logs folder on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder Please attach the Logs.zip file you just created to your next reply, or if it is too large, please upload it to WeTransfer and provide us with the link to the file download Thanks
  7. Greetings, If you are referring specifically to Malwarebytes Anti-Malware for Business, then yes, it will end on the 28th of this month according to the info quoted below: I assume that at that time you will need to change over to a different product, such as Malwarebytes Endpoint Security. It should be the closest to Anti-Malware for Business as far as the features are concerned. You can learn more about it here and you may contact Sales if you have any questions about your specific needs and environment or you can purchase up to 99 seats here and you may contact Sales if you require more seats than that. Alternatively, if you wish to change over to the cloud managed console version which is the same as far as the endpoint protection components are concerned but offers a more flexible cloud interface you may use on any device through a web browser to manage if you would prefer that over installing the local managed console on one of your servers then you may change over to Malwarebytes Endpoint Protection. Information on that version can be found here. They have a wide array of products and solutions for businesses and if you are planning to make a change, then I would also recommend checking out the available options here which includes a brief breakdown of the different features in each version along with the pricing to give you an idea of what each offers and what the estimated cost would be for your environment. If there is anything else we might assist you with please don't hesitate to let us know and we'll do our best to help. Thanks
  8. Greetings, Please follow the instructions posted in this topic as best you can and then create a new topic in the malware removal area including the logs and information by clicking here and one of our malware removal specialists will assist you in checking and cleaning your system as soon as one becomes available. They should be able to help you fix the other issues you are experiencing as well since they are probably being caused by the infection you had.
  9. If you don't want this new "feature" but still want to stick with a Chromium based browser (i.e. same features/functionality, including plugin compatibility with add-ons from the Chrome web store) then you can use an alternative such as SRWare Iron or Chromium itself (the source upon which Google's browser is based), both of which will function essentially the same except without any of the Google tracking/ad content built into it and without this new "feature".
  10. What if you open Malwarebytes directly via C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe, does it do it then as well?
  11. exile360

    mbae-test tool

    Yeah, I used to use ESET. They claim to have exploit protection in their product but I've honestly never seen it detect one. In fact, most vendors still appear to rely primarily on signatures, though most have at least migrated to a more heuristics/pattern based approach (something Malwarebytes was into from the very beginning and in fact why it was created due to polymorphic rogues and Trojans that couldn't be nailed down using traditional hashing based methods still commonly in use across the AV industry at the time). If you look at the modules that have been added to Malwarebytes over the years you'll likely notice a pattern, they've been getting further and further away from traditional signature detection methods and rely more and more on behavior based and signature-less approaches to threat and breach detection to stop malware earlier in the attack chain, something that is invaluable these days since most threats are polymorphic and many don't even use files/binaries any more so traditional detection methods are useless against them. Even PUPs are often employing rootkits these days as well as polymorphism to try to escape detection.
  12. You can try a clean install to see if that helps but I'm uncertain as the logs didn't seem to indicate any glaring issues that I could see. The only thing I found was the reference to the D:\ drive in the list of drives in the log here: Drive Letter: D: Drive Type: Removable Disk Filesystem: Unknown Size: 0B (0 % free) Physical Disk: \Device\HarddiskVolume7 It's listed as a removable drive, so perhaps it is a drive that has since been removed but left an entry in the registry that is causing this somehow but I'm not certain. Here are the instructions for a clean install if you want to give that a shot to see if it helps: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced Options on the main page (not Get Started) Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here Please let me know how it goes. Thanks
  13. Excellent, I'm glad you figured it out. Yes, it looked like several active traces of AVG were left behind which is likely why the problem occurred. Anyway, I'm glad that you got it solved and if there's anything else we might assist you with please let us know. Thanks
  14. Most AVs use a sandbox for execution/behavior detections so Malwarebytes shouldn't react if an AV does this and detects the file. Only once a process is actually mapped to memory does Malwarebytes check it, and at that point it would either be after the AV has already run its sandbox test and was allowed to run by the AV (i.e. the AV didn't identify it as a threat) or it would be too soon for behavioral detection from the AV to kick in (if the AV monitors behavior in real-time on the live system) because once it is mapped to memory, the process hasn't actually fully executed yet and hasn't been allowed to perform any functions yet so there would be no behavior for the AV to trigger on, so if it is an item that Malwarebytes detects it would be quarantined before the AV's behavior monitor would see it. The only exception I can think of *might* be Ransomware Protection since it does indeed monitor for ransomware behavior after process execution, but I have heard no reports so far of any conflicts or issues with any other products (not even other dedicated ransomware detection tools) so while a conflict might be possible, I don't know of any actual occurrences of conflicts.
  15. Yep, Malwarebytes doesn't generally do any file editing, just straight quarantine so unless that is changed, it isn't going to be able to edit the HOSTS file to just remove the individual entries it has detected. Honestly, if you use a custom managed HOSTS file, I wouldn't rely on Malwarebytes to deal with it and would just monitor it myself. In fact, if you use a tool like HostsMan then every time you update (at least by default, though it can be changed) it will replace the entire HOSTS file, rebuilding it out of the lists of sites from the most recent copies from the update sources you've chosen (it stores each in a backup location as separate files so it may merge new ones from those with updates available with existing ones from sources that may not have a new version published yet so that it doesn't have to re-download copies of HOSTS files you already have on disk).
  16. exile360

    mbae-test tool

    As I said, I don't know the specifics as it was outside my purview when I was employed by Malwarebytes, but if you don't trust the test then you can test using the HitmanPro.Alert test tool. It contains several tests that do replicate exploit behavior so you can see for yourself how the Exploit Protection in Malwarebytes deals with it.
  17. Useful if trying to water the lawn, just don't let the neighbors spot you
  18. Greetings, To start with it appears that you have both Avira and AVG installed with at least some components active for each. I would suggest removing one of them so that you have only one antivirus. It appears that you have most of AVG disabled so that's probably the one you'll want to remove. Next, I saw a long list of folders for Malwarebytes listed for pending rename operations and I suspect perhaps that the installation got corrupted somehow, perhaps during a recent update/upgrade to a new version. To fix that the quickest way would likely be to perform a clean install so please follow the instructions below: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced Options on the main page (not Get Started) Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here Once Malwarebytes is reinstalled, open it and go to Settings>Application and click on the Install Application Updates button and allow it to download and install any new components and then allow it to restart if prompted. Once Malwarebytes is installed and fully up to date you should see the following version information under Settings>About for both Malwarebytes version as well as Component package version: I would also recommend strongly that you remove Java if you don't need it for anything as it represents a major security issue as there are many exploits for Java out there even if kept up to date. To do so you may use the Java uninstall tool located here. Please let me know how it goes and if the issue is now resolved or not. Thanks
  19. Greetings and welcome, My best guess is that perhaps there is an exclusion or some other setting such as a scheduled custom scan which has been configured for a location on D:\ and that's why it is requesting a disk. I would advise checking Settings>Exclusions as well as any scheduled scans you have configured to see if that's the case and remove any entries that reference the D drive. If that doesn't solve the issue then please do the following so that we can take a look at what's going on with your installation: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced Options on the main page (not Get Started) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply
  20. You're welcome, yes I don't know what's going on with this most recent update/build, but this shouldn't have happened and I'm convinced based on the number of users affected which all started showing up this past Friday afternoon, that there is something going on causing it, likely related to the particular update server they are contacting and maybe it has a corrupt copy of the installation files or something. I don't know, but I have reported it to the team for investigation so hopefully they'll figure it out and get it corrected before too many more users are impacted by this issue when trying to update.
  21. I honestly don't know how the Malwarebytes exploit test works, but it is my understanding that it does actually replicate exploit behavior to test exploit detection, but with that said, you can also use the HitmanPro.Alert Exploit Test Tool to test it if you don't trust the Malwarebytes tool. All you have to do is add a custom shield to the Exploit Protection settings in Malwarebytes for the test EXE then run the various tests to see which ones it blocks (I don't believe it blocks all of them, but it does block most of them and I've used it myself in the past to test this very thing). The manual for the tool can be found here.
  22. Greetings, Just as with EICAR which is used for testing antivirus, synthetic tests like this don't really do anything except inform you whether or not PUA/PUP detection is active in your product if the test is supported. It doesn't determine anything with regards to the product's effectiveness at actually detecting real PUPs in the wild. With that said, I can recommend some files to test with if you wish to verify your product's PUP detection capabilities are active and you don't even have to execute them, you can just download and scan them with your product and as long as it detects them then PUP detection is enabled (I mention this since some products do not use on-access scanning in real-time in order to avoid conflicts with other products, and this includes Malwarebytes so you'd have to actually attempt to execute a PUP for Malwarebytes to flag and quarantine the item which you might not want to do if you aren't confident that PUP detection is functioning properly, though since it is a PUP it's relatively benign anyway so it won't actually do anything harmful to your system). If you'd like some suggestions on files to test with let me know and I will provide some links for you.
  23. You're welcome, if you need anything else just let us know
  24. No worries, I wasn't concerned about my HOSTS file as MB3 isn't even detecting the entry (likely due to my non-standard, though fully functional, formatting). I was simply concerned for the user and others like them who may encounter this issue now that Avast! has done what they've done to CCleaner.
  25. Fair enough, but can that individual entry be excluded from detection without excluding the entire HOSTS file? I understand if it cannot, however I'd suggest looking into it as a future feature if it can't for cases like this because malware could still hijack a user's HOSTS file when using a custom HOSTS file like this so it's important to be able to delineate undesired malicious entries from those that are deliberately being blocked by the user to protect their privacy etc. (this server is used for telemetry/cookies only as I understand it, and is not actually used by Avast! AV proper for updating or anything). Eventually I'd also like to see real-time monitoring of the HOSTS file along with certain key registry values/keys (PUMs mostly) as a means of extending the protection to more closely coincide with the remediation capabilities of the scanner for the sake of more proactive protection against such attacks, but that's a separate issue.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.