Jump to content

exile360

Experts
  • Content Count

    25,228
  • Joined

  • Last visited

Everything posted by exile360

  1. It may be removing/reinstalling Malwarebytes. If so, if it doesn't reinstall it for you then you can just download and reinstall the latest version from here. Let us know if you have any trouble and we'll do our best to assist.
  2. I'm honestly not certain, but I can't see any other option that might fix it. That said, it is possible that it would retain your whitelist, and either way, it seems clear at this point that something is wrong with your plugin installation so it may not be reliable/totally secure at this point anyway so I'd still recommend it even knowing the risk of loosing settings (and even if you remove/reinstall it, if the issue persists and it did retain your settings, then you may need to remove it again and wipe out its settings as well as they may be corrupted which could be what's causing the problem in the first place).
  3. Ah, I see. Yes, fresh logs would help, in fact, rather than running Farbar on its own, please go ahead and do the following (it includes FRST/Farbar and runs it automatically so you won't need to run it separately): Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply @AdvancedSetup could you take a look at her system/logs when you get a chance? I just want to make certain there is no malware/cryptocurrency miners on her system given the symptoms (AdvancedSetup is one of our resident malware removal and general troubleshooting experts, so if there is an issue, he'll likely be able to find it).
  4. Greetings, It definitely sounds like there may be some sort of malware still hiding on the system, or at the very least some kind of fallout/components from the infection that it left behind. I would recommend that you read and follow the instructions in this topic and then create a new topic in the malware removal area including the logs and requested info by clicking here and one of our malware removal specialists will assist you as soon as one becomes available. They should be able to diagnose what's going on, and if it is malware related, remediate the issue and eliminate any remaining threats which will hopefully resolve the problem, but if not, then they will do what they can and then ask you to return here for further troubleshooting or provide additional info on how to get help or other options you might try to fix the issues you're experiencing. Good luck, and I hope that this problem is resolved quickly. Thermal issues can be the worst (I'm speaking from first-hand experience having dealt with them on numerous occasions myself in the past) but hopefully they'll be able to help you to fix whatever it is that's going on with the system and get it running properly once more.
  5. Did you try removing the extension, restarting your browser, then reinstalling the extension to see if that helps? If not, I would suggest giving that a try as it may help.
  6. Greetings, No, if that happens with your license key all you would need to do is contact Malwarebytes Support and they will deactivate the previous installations so that you may use your key again. They would not force you to buy another license just because you did not deactivate it after reinstalling it a few times. They can easily verify that the previously registered/activated devices are no longer active, and once they reset the number of activations it would make any previous installations stop working until activated again anyway so there is no risk of scamming/piracy for them to be concerned about, so you don't have to worry about them trying to force you into paying for another license when your current subscription is still valid. If you do end up having any license issues, you may contact Malwarebytes Support directly via the options found on this page and they will assist you in getting your license key working again.
  7. There is no need to apologize, I assumed you would use a translator and hoped that the translator would do a good job of translating what I wrote for you. Version 2.2.1.1043 is very old so I would definitely recommend that you update to the latest version, 3.6.1, which is available here. Your license/subscription will work with the new version just as it does with 2.2.1.1043, and if you do have any problems just let us know and we will do our best to assist you. Thanks
  8. It is metered as she mentioned, so it doesn't occur immediately (unless you check manually via the Install Application Updates button as mentioned). As for the reasoning of publishing the information first, I think it's primarily to inform users monitoring the forums/website for new release info as well as users awaiting bugfixes for specific issues, and of course for any users who do happen to have already received the update to have the information there regarding changes and fixes included in the release. Publishing the standalone installer comes later, though generally not by much, probably because the first priority is to get it started going out to existing users/customers and their installations, and since it happens silently (unlike major full version releases), many users will receive the update without even being aware until they open the program and notice the changes/fixes and/or new version information and the update, when downloaded through an existing installation, doesn't use the full installer package anyway I don't believe (I think it just downloads the new/changed components and an installation script to replace/install the appropriate files and make any necessary registry modifications and generally doesn't even require a reboot, unlike full version updates/upgrades which use the full installation package and often do require a reboot to complete the install). It is also possible that the installer might pull down the patch when updating for the first time during/following installation (though I don't believe it's guaranteed/forced as it is with the Install Applications Updates button) as long as the user is online during install (which theoretically they should be if possible anyway, otherwise they're likely to be starting out with a stale set of databases).
  9. @esheldon do you happen to have any suggestions as to how Malwarebytes could improve their implementation to better suit your needs, requirements and expectations? I ask because a huge driver for the decisions they make and features they choose to develop and implement is direct feedback from customers/users, so if you have any good ideas as to how they might make their product better, there's a good chance you may see it implemented in a future release. Obviously you don't have to answer if you do not wish to, however it could be a good opportunity for you to provide valuable feedback which you and others may end up benefiting from in the future.
  10. You're most welcome, and as always, if there is anything else we might assist you with just let us know. Thanks
  11. Greetings, I'm not a member of the staff, however I should be able to offer at least some useful info which will hopefully address some of your questions and concerns until a member of the staff is able to provide a more detailed response. Specifically with regards to ransomware, Malwarebytes has a few things going for it from a protection perspective. I will describe each in the order that they come into play during an attempted attack event where the end result would be infection of the system by ransomware and encryption of the user's files. First, the Web Protection component filters known malicious websites, both based on domain/URL as well as IP, and even blocks many known malware/crime-friendly hosts/hosting providers (entire networks and IP blocks, not just individual addresses). This stops a lot of the malicious content from ever reaching your endpoints which is particularly useful against most ransomware attacks since one of the most frequently used attack methods is through malicious advertisements and redirects on otherwise safe websites (malvertisements and malicious scripting etc.) Next, the Exploit Protection component monitors shielded applications and operating system components such as web browsers, office applications, document viewing/editing programs (Adobe Reader/Acrobat, MS Office, other PDF viewers and document editors etc.), media players, Java etc.) for exploit activities and also hardens key OS components (including augmenting existing OS protection technologies such as DEP) and also adds generic behavior based monitoring for exploit behaviors in general for many exploit attack vectors and behaviors (buffer overflow attacks, ROP, memory patch hijacks, stack pivoting etc.) which also covers scenarios where the point of attack is a malicious email attachment such as a Word document, PDF or other document type or media file which contains exploit code which is the other primary means of exploit attacks used for the vast majority of ransomware infection attempts After that is the Ransomware Protection component which monitors all processes and threads in memory in real-time and monitors both memory behaviors and filesystem events to look for any ransomware behavior patterns to stop any active ransomware attack before it is able to encrypt the user's files (as soon as suspicious ransomware behavior is detected, the process is halted and terminated then quarantined and the event is logged) As for rollback features, I don't have a great deal of details about it, however I do know that the Malwarebytes Developers and Researchers are quite aware of the fact that one of the first things most ransomware threats do is to destroy any existing System Restore points and shadow copies and to disable or otherwise cripple System Restore functionality and other built in OS file restoration functionality to prevent recovery without paying the ransom, so I suspect that whatever they are doing, it is likely employing some form of protected encryption and probably similar technologies to those used by Malwarebytes' Self-Protection component which guards Malwarebytes' processes in memory, files, folders and other data on disk, as well as critical program registry keys from being terminated, modified or deleted by any unapproved processes (basically anything outside of Malwarebytes itself; a necessity for it to be able to modify its settings when changes are made by the user as well as when databases and new program versions are downloaded and installed). With that said, I did find the following information in the Malwarebytes Cloud Console Administration guide which is available here and I found a bit more detail about this component here which details some changes/enhancements in the latest release. I hope this information is at least somewhat helpful to you and your client.
  12. The beta and the final release version are identical as no changes were made to it prior to RTM/the final release, so if you have the beta installed that's the same thing as having the final released version. If they had made any changes after beta testing then the new build would have been downloaded when you checked for updates, but there was none as you had it installed already.
  13. Sure, no problem. I'm just saying that there is an issue with a recent Windows Update published at the beginning of this month (earlier than that if you are a member of their tester/early release Insider Preview program) known to cause users' documents to be deleted and that aside from this topic, I know of no other reports about such issues related to Malwarebytes. I am not saying that it is impossible, just that I have never heard of it happening before since I started out here back in 2008 when I first started frequenting these forums or through the nearly 8 years that I was employed in the Quality Assurance and Product Management divisions of Malwarebytes for the primary Malwarebytes/Malwarebytes Anti-Malware product line where it was actually a part of my job to find bugs for the Developers as well as gather bug reports from other sources such as the forums here and other public sites to report to the Devs as well as to test and attempt to replicate on our test systems. I won't ask for logs to attempt to diagnose the problem as you already mentioned your concerns regarding privacy which is perfectly understandable, so I would instead recommend that you contact Malwarebytes Support directly via one of the options found on this page so that they can work with you directly in private so that you do not have to be concerned about anyone having access to any of your logs/information who shouldn't.
  14. Greetings, Yes, you really can run Malwarebytes alone if you wish, however if you would still prefer to continue using an antivirus with Malwarebytes then you can simply turn on Windows Defender which is included with Windows 8/8.1 and Windows 10, or if you are running Windows 7 or Vista you may install Microsoft Security Essentials. To ensure that Windows Defender is turned on, be sure to open Malwarebytes and go to Settings>Application and select Never register Malwarebytes in the Windows Action Center under the Windows Action Center section. Using Windows Defender/Microsoft Security Essentials with Malwarebytes is a very lightweight option that should have very low impact on your system performance. For more information on how the layers of protection in Malwarebytes 3 work to protect your system you may refer to the diagram and information found on this page. Please let us know if there is anything else we might assist you with and we will do our best to help you. Thanks
  15. Excellent, the reinstall probably corrected it as a new update was released today with several bug fixes including some related similar protection settings issues. You can refer to this link for details.
  16. You should be fine. I use it with a wide array of such plugins/extensions in SRWare Iron (based on Chromium). I don't use uBlock Origin, but I do use Adblock Plus, Disconnect, Ghostery, HTTPS Everywhere, Easy WebRTC Block as well as a MASSIVE HOSTS file containing well over 1 million entries and it works perfectly fine. I also use Simple DNSCrypt on my system with it along with the protection from the Immunize function in Spybot S&D and Spywareblaster (useful since I also use IE11 for a lot of my browsing). Yes, it's also available for Firefox. I was told they're working on versions for MS Edge as well as Apple Safari, but those versions aren't available yet. I'd like to see a build for IE but I highly doubt it given how different developing ActiveX is from the other platforms.
  17. Greetings, There are benefits to both, so running the two together is ideal. For Web Protection it is mainly the fact that it protects all connections/programs as well as the entire system by blocking connections to/from the blacklisted sites in the databases used by Malwarebytes at the network stack level, beyond just the browser (good for stopping hackers and remote scanners as well as attempts to infiltrate a system via any means other than your web browser). For the extension, one of the benefits is that it actually speeds up block events because it reacts more quickly than blocks coming from Malwarebytes so this can make navigating the web faster when sites are blocked. Additionally, the extension blocks many ads, clickbait sites, as well as many tracking servers; items Web Protection in Malwarebytes currently does not target/block (unless they are directly malicious/contain malware etc.). The extension also includes behavioral detection for tech support scam sites and several other web based threat types that require no block lists/signatures to use meaning it's more effective against those types, being capable of blocking sites not yet known by the Malwarebytes Research team/not contained in the block lists/databases of Malwarebytes yet (very useful considering how frequently new tech support scam sites show up and how frequently they change URLs/domains/servers to attempt to avoid being blocked by more static block lists).
  18. Logs probably aren't needed. First, try toggling the setting for context menu scanning in Malwarebytes off/on again, then restarting your system to see if it returns as that usually fixes it. If not, then you can try performing a clean installation using the Malwarebytes Support Tool as that will most likely correct it if all else fails. If the problem still persists after that let us know and we'll go from there.
  19. That makes sense since, like Malwarebytes, Microsoft uses a WFP (Windows Filtering Platform) driver to hook into the network stack (though Defender uses it for a different purpose; primarily for scanning network traffic/packet inspection while Malwarebytes only does blacklist website filtering/connection blocking which is far more high level) and if you check Autoruns (and I believe the hidden devices in Device Manager as well) you'll find at least one Windows Defender driver listed there, usually with some long semi-random string from the last time it updated. It's probably this driver removal/reinstallation through definition updates that is triggering it in your case, bypassing the tweak you performed (I'd like info on that tweak if you've got it handy by the way, as I could use it for similar issues).
  20. On the bright side, Microsoft has been doing regular monthly rollups of updates for 7 for a while now so the grand total of patches you'll have to install should be far fewer than it used to be, especially since many updates have been replaced by/rolled into cumulative update packages. Just be sure to restart when prompted to complete the installation of each set of updates then check for updates again and install any that remain, then reboot if prompted and check again, and even if not prompted to reboot after an update finishes installing, go ahead and check for updates again once it completes anyway since some updates which require no reboot are deliberately delivered alone as they cannot be installed at the same time as other updates (I've seen this happen when updating my own Windows 7 system) and just keep checking/updating until no new updates are available. Of course it is also a good idea to have the latest drivers for your hardware components handy following a reinstallation of Windows, so I would also advise visiting your system manufacturer's website along with the sites for the various primary components of your system to get their latest drivers/software (i.e. Intel, NVIDIA, AMD/ATI, Broadcom, Realtek, Brother, Killer Networking, Samsung etc.) and if you have any trouble tracking any of them down, let us know and we can most likely assist you, including if you have trouble identifying the maker of any particular hardware component(s).
  21. I do believe there is normally a prompt/notification, at least about network drives specifically. If the drive is just a normal drive attached to the system that just happens to have different permissions then no, I don't believe Malwarebytes has any such notification for that situation, however as long as you check permissions on the drive whenever something like this occurs you'll be fine. I would like to see a notification about situations like this though as that does make a lot of sense so I will take your feedback to the team and recommend that they implement permissions checks and notifications for this purpose. There's no guarantee if or when such a change might be made, however at least they will be aware of it and will take it into consideration for some possible future version of Malwarebytes. Please let us know if there is anything else we might assist you with and we'll do our best to help. Thanks
  22. Sure, no problem One alternative, assuming you can remember at least most of the changes/tweaks you've made to the browser(s), would be to use a portable build to start modifying your settings from scratch and testing after each change in the hopes that you discover which one causes this behavior, then undo that setting/change in the other browsers to eliminate the problem, however unless you can recall each and every one of them it will be slow going with no guarantee of success (not that it's guaranteed the other way either, but at the very least you'd end up with nothing more than a modified portable build which is disposable anyway).
  23. Greetings, If the folder in question is or is contained on a network drive then that would be why. The scan component of Malwarebytes is actually incapable of scanning such locations due to quirks with how Microsoft implements permissions for such drives and locations (even administrators and the SYSTEM account for the current system technically do not have full read/write access there which are the permissions/accounts Malwarebytes runs under for the scan component). In the past it was possible to scan such locations in older versions of Malwarebytes, however it wouldn't actually scan the objects on the drive even though it appeared to so this was fixed in later releases to eliminate confusion by simply having the scanner skip scanning those locations or refusing to scan them if you use the right-click context menu scan function for Malwarebytes in Windows Explorer. If that is not the issue then please let us know and also tell us more about the folder you are trying to scan such as the full path where it is located and if there are any special permissions on it that you are aware of. Also, if it is a local folder on your current system drive then please do the following as well as this may give us an idea as to why this is occurring: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Thanks
  24. That's not a bad idea, however since AdvancedSetup discovered potential signs of malware it would be best to continue working with him on that first prior to making any further modifications to the system just to make sure that nothing else goes wrong as making such changes in the middle of a malware diagnostic and removal process can make things more complicated than they need to be.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.