Jump to content

exile360

Experts
  • Content Count

    23,604
  • Joined

  • Last visited

Everything posted by exile360

  1. It's possible that one or more of the components/files wasn't updated properly and may still be an older version resulting in this issue. In order to documented for the Developers, please do the following: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced Options on the main page (not Get Started) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Once that's done, go ahead and do the following to see if it corrects the problem: Run the Malwarebytes Support Tool once more Next, click Advanced Options on the main page (not Get Started) Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here Once that's done, be sure to reboot your system at least once after the installation is complete, then test to see if the issue is fixed or not. Please let us know how it goes and please provide the requested logs for the sake of our Developers so that they can troubleshoot the issue further in case it was a problem with the installer. Thanks
  2. Greetings, Yes, there have been several issues related to the Ransomware Protection component which have caused performance issues. Most of them should be corrected in the latest release published a few days ago. To make certain you have the latest version, open Malwarebytes and go to Settings>About and you should see the following information for Malwarebytes version: and Component package version:, but if you do not, then go to Settings>Application and click the Install Application Updates button and the latest should be downloaded and installed:
  3. It was caused by the recently released Component Update (CU) being installed, version 1.0.374. I saw exactly the same behavior on my own system when the update silently downloaded and installed itself. It occurred because the components of some of the real-time protection modules in Malwarebytes were replaced by the update and had to be shut down/restarted to unload the old and load up the new into memory. It's nothing to be alarmed about and as long as Malwarebytes is now functioning normally then there shouldn't be any issues, but please do let us know if any problems do occur.
  4. Correct, it was the CU 1.0.374. Programs like SUMo always seem to get the version info wrong because Malwarebytes updates components and the individual file versions do not necessarily reflect the same version info as the entire package/installer (for example, if you check Programs and Features to see what version it shows for Malwarebytes and compare that to Malwarebytes various files and their versions which you can easily do by running the Malwarebytes Support Tool and checking the mbst-check-results.txt file you'll see that they use lots of different version numbers) and the version info for an individual file only changes when the Developers have modified that particular file, so if a file doesn't change from one release to the next, then that file's version info is left intact. There is no beta in testing at this time to my knowledge and I know of no 2527 build, so I'm not sure where they got that version info from.
  5. 3.5.1.2522 is still the latest. There was a CU (Component Update) released recently that changes the Component package version: to 1.0.374 (listed under Settings>About) so if that's what yours shows then you're all up-to-date:
  6. exile360

    Welcome :)

    Welcome, and thank you for helping provide undetected samples, I know the Malwarebytes Researchers will appreciate it
  7. Most of them still do, and the ones that don't are crippled and typically useless against many of today's threats that deliberately block communications with security related servers. It's OK if the antivirus is on the system first and is able to prevent the infection from getting in, but if anything gets through and is able to infect the system, it can render the AV helpless by cutting off communications with its servers which is when you end up needing a remediation tool that doesn't have to connect to the internet to function. Something like Malwarebytes.
  8. Excellent, if there's anything else we can help you with just let us know. Thanks
  9. Also, in case anyone was wondering, this is just as true for the Windows version as well. I use ad blockers in my browsers alongside Malwarebytes Premium without any issues, and I even use the Malwarebytes web browser plugin (currently in beta) as well and I haven't had any problems so far.
  10. Greetings, Yes it does, via the Scan tab if you select Custom Scan you may select which drives to scan. Also, if the right-click context menu Scan with Malwarebytes option is enabled (which it is by default) you may right-click on any drive to scan its contents. Beyond this, Malwarebytes also checks all running processes and threads in memory, regardless of where their physical files might reside when performing scans that include the memory scan phase, including the default Threat scan, so if a malicious item is active in memory, it should be detected regardless of where it is located. If there's anything else we can answer for you, please let us know. Thanks
  11. Excellent, thanks for going to all this trouble to help us diagnose this issue. It's very helpful to our Developers and we greatly appreciate it
  12. A new component update for Malwarebytes has been released, version 1.0.374. I don't know if this specific issue was addressed or not, but it's worth a try if you wish to give it a shot. To install it, open Malwarebytes and navigate to Settings>Application and click on the Install Application Updates button and it should be silently downloaded and installed. Once it has installed and you see the new build number reflected in the UI, I'd recommend restarting the system at least once to confirm that the new components get loaded into memory, then perform your test again to see if it makes any difference. If you do try it, please let us know the results. Thanks
  13. Thanks David I haven't used AIR in ages (used to use it for 1 web streaming service but they no longer require it as they've now switched over to Flash). I tried to dig up a generic "latest" URL for downloading AIR but couldn't find one anywhere. The best I could do was this, which you must know the version # for the latest release in order for it to work (in this case 30.0): https://airdownload.adobe.com/air/win/download/30.0/AdobeAIRInstaller.exe If you change the 30.0 in that URL to whatever the build is that you wish to download it should work to provide you with the standalone offline installer without having to go through all the offers from Adobe's advertisers/partners etc. So to sum up, whenever a new version of Adobe AIR is released, use the following URL, modifying the ##.# section to match the version of the latest build that you're trying to download/install: https://airdownload.adobe.com/air/win/download/##.#/AdobeAIRInstaller.exe I don't know if they ever use the last number following the decimal (.) so I left it there just in case, should they ever publish point version updates (like minor patch releases etc., for example, version 30.1 etc.) but assuming they don't, then all you should need to do is modify the first 2 numbers to match the build then leave the third number (the one following the .) as 0. I've also got the direct links for the various versions of Reader, however they use an FTP server for that and currently I believe the old free Reader has been discontinued/replaced by Adobe Reader DC, so you should be able to use the internal updater to patch it more easily (I just occasionally launch reader then click Help>Check for Updates... then allow it to download/install any updates if available, though there haven't been any for at least a few months now.
  14. Just run the scan with Malwarebytes that causes the crash. Once the system crashes the memory dump will automatically be created (that's why you had to change those settings in Windows, to force it to create the kernel memory dump when a crash occurs). After the crash happens, you should then be able to boot up the system again and find the memory.dmp file he requested in the Windows folder.
  15. Also keep in mind that throttling also occurs automatically after a certain number of seconds of sequential reading or writing of data from/to the drive. I don't know the specs for the 970, but I've got a 960 PRO 1TB and it's rated at 130 seconds for reads and 160 seconds for writes. I don't know the throttling temps for the 970, but the 960 PRO is rated at up to 75 degrees C and I would assume the 970 would be higher, though if Samsung says it's 70 degrees (which is the same as the older 950 series) then I guess I'd have to take their word for it. I also found out that the stickers on the 960s and 970s contain copper to operate as a heatsink and that the controller on the 970 has a nickel plated cover/coating for the same purpose (since the controller is the component that generates the most heat and tends to be the most negatively affected by it). I was also doing a bit of research on possible third party heatsinks for NVMe SSDs and I found a few cheap solutions from Amazon that might work (I'd need something particularly low profile since I have a laptop) so I might end up purchasing one if heat becomes an issue, though so far in my testing my temps have been pretty stable, usually within the 50C~60C range. I just performed a Threat scan and my drive temp maxed out at 55C during the scan (7x64 SP1, fully patched) with the total scan time taking 2 minutes and 20 seconds with the filesystem portion only occupying the last minute or so of the scan (not counting the rootkit scan at the beginning prior to the memory scan phase which went by pretty fast, though technically it is scanning portions of the disk during this phase, but the temp never went up above 50C during those phases). During the scan it checked a total of 232,346 objects. The most notable lag was, as usual, during several portions of the memory scan phase which suffered from noticeable pauses at several points during which it didn't appear to be making any progress until it finally moved on (it typically does this around 4 or so times during each scan) though high CPU usage was fairly consistent throughout, including during these 'pauses'/hesitations (I assume they have something to do with heuristics and/or optimization of the later phases of the scan, and/or possibly the anomalous threat detection component since it relies on cloud analysis for checking of unknown objects).
  16. By the way, the Exploit Protection in Malwarebytes also already covers both Java and Flash browser plugins, so exploits which attack them should be detected/prevented (along with other browser based exploits). In fact, any plugin you run within a protected/shielded browser should be protected from exploits and 0-day vulnerabilities thanks to Exploit Protection in Malwarebytes Premium.
  17. Greetings, Thanks for the suggestions, though there are a few of them at least which are actually already covered in Malwarebytes Premium as well as some of the other offerings from Malwarebytes: Malicious IP addresses are already blocked as well as malicious domains/URLs and there's also a (currently free) Malwarebytes browser plugin for Chromium and Firefox/Mozilla based browsers (Edge support coming soon) which is currently in beta that blocks additional items, including malicious pop-ups, tech support scam sites, phishing sites and tracking servers, many of which are blocked not just through positive identification of specific domains/URLs or IP addresses, but also via behavioral detection (such as tech support scam sites that try to prevent you from closing their pop-ups etc.). The Web Protection in Malwarebytes is also very good for preventing DDoS attacks as it blocks many of the servers and networks known to be used in such attacks, though it doesn't specifically target DDoS/DoS attacks behaviorally (your router/hardware firewall should cover this, and you can use a software firewall such as Windows Firewall Control which was recently acquired by Malwarebytes and will most likely be integrated in some form into the main Malwarebytes Premium product at some point down the road). With regards to malicious scripts in websites (as well as documents and other non-executable/non-PE files), these are already covered by the signature-less, behavior based protection in the Anti-Exploit component of Malwarebytes Premium and the same goes for any other hidden malicious content found on webpages you visit (both HTTP and HTTPS, though I'd strongly recommend using a plugin such as HTTPS Everywhere to force all sites you visit to use HTTPS as it has become the standard and even Google is beginning to push websites to switch over to HTTPS; more info here, here, here, here, here, here, as well as here). Regarding pop-ups, while I already mentioned the Web Protection in Malwarebytes Premium as well as the Malwarebytes browser plugin beta, there are also already excellent pop-up blockers built into all modern web browsers (the most robust I've found of the 3 major web browsers based on my own experience so far is the one built into Internet Explorer when cranked up all the way so that it blocks all pop-ups and asks you to allow pop-ups from sites that attempt to display them, though the ones built into Chrome and Firefox are pretty good as well, though some pop-ups do get past them, at least in my experience). With regards to privacy, refer to the Malwarebytes browser plugin I mentioned as it blocks common tracking servers to protect privacy, and beyond that, the cookie blocking capabilities built into all web browsers is also quite useful in that regard, especially if you max out the setting so that it blocks all cookies (though this will prevent some sites from working such as pages you have to sign in to use so you'll need to add those to your exceptions/allowed lists in your web browsers). Regarding ports, this too is the job of a hardware and/or software firewall (including your router if you use one for connecting to the web) and since Malwarebytes acquired Binisoft as I mentioned above, a software firewall will likely be integrated into Malwarebytes Premium before long. For both antivirus and other security software compatibility as well as CPU and memory performance, Malwarebytes is always striving to improve these areas and the latest release, version 3.5.1 Component Update 1.0.374 is the best so far so if you haven't got it yet, open Malwarebytes and go to Settings>Application and click the Install Application Updates button to get it With regards to both remote access as well as sharing, these can easily be secured in Windows (I tend to disable them completely personally as I never use them) and should also be secured by your software firewall (again, as I mentioned before, since Malwarebytes acquired Binisoft, this should be covered in the future once it is integrated into Malwarebytes Premium) Regarding stealth malware including spy tools, backdoors, Trojans and rootkits, these all should already be covered by the various layers of defense built into Malwarebytes, including its various behavior based signature-less components as well as those which do use signatures and of course the anti-rootkit component built into Malwarebytes which detects hidden/stealth objects such as rootkits. For webcam security, while it is possible to have a software tool alert the user when a program attempts to activate their webcam, I personally prefer a more robust hardware solution such as the covers you can purchase that cover the webcam to prevent its use physically even if it is switched on without you knowing so that you can simply remove/open it deliberately only when you wish to use your webcam. Any threat, malicious link, attachment etc. embedded in an email should be detected/blocked by the various protection components in Malwarebytes, even though it doesn't explicitly integrate a plugin into email clients the way many AVs do, it does still check any URL you click as well as any remote URL the message might attempt to load any content from so that it is blocked if it is a known malicious server, and thanks to the malware protection and exploit protection in Malwarebytes Premium, any malicious attachment should be detected as well as soon as you try to open it/execute it (we leave scanning attachments/email content on download to the AVs as this is one of the ways that Malwarebytes maintains good compatibility with them as attempting to do otherwise would create conflicts with them, so they get to scan the content first so that if they miss it and you try to run it/click it, Malwarebytes will then step in and block/detect/quarantine the threat). While Malwarebytes does not include any specific anti-spam components (again, we leave this up to the AVs as this is one of their areas and we don't want any conflicts), we do target/block known spam/scam domains/URLs/IPs etc. so that if you should click on a spam address in an email, it should be blocked by Malwarebytes, especially if you have the new beta Malwarebytes browser plugin installed in your default browser. With regards to unencrypted websites, see my comments above regarding HTTPS Everywhere as well as the info about Google starting to attempt to force HTTPS for the entire web (and many others in the industry are following suit) so if a site isn't secure, especially if it's a site where you intend to enter any personal information, including your name, email and especially any purchase info such as a credit card number etc., then I would strongly recommend not doing so as you want such information to be secure, and securing the info on your end via some plugin wouldn't be sufficient, if they aren't providing HTTPS then I would question their commitment to securing user data and wouldn't trust them with it even if I were able to force the communication of that info to be secure. It's just a bad idea to give a site like that your info no matter what. I hope that helps to clarify things. You have a lot of solid ideas there, and many of them likely will be addressed in the time to come as these new components are integrated into Malwarebytes, and for many of the others your antivirus should cover them and we don't want Malwarebytes to conflict with your AV, so Malwarebytes must be careful about what kinds of features they choose to implement. I will definitely advise the Product team on any new ideas you provided which would be a good fit for Malwarebytes if it's an area they aren't already covering, and if you have any additional ideas in the future please let us know as we're always looking for such feedback/ideas. Thanks
  18. A new version of Flash is available again (version 30.0.0.113) so don't forget to update if you use Flash in your browsers (run Windows Update/Microsoft Update if you use Microsoft Edge which has Flash integrated). Refer to this post for detailed instructions on how to check your currently installed Flash Player version as well as how to perform a clean uninstall/update/upgrade of Flash for all of your web browsers, including my special post-uninstall cleanup tool for removing remnants/leftovers not removed by the normal uninstaller or Adobe's dedicated Flash uninstall tool (also linked on that post) as well as ensuring that no Flash plugin components from the old version are left behind to help make certain that when you do update/upgrade you're actually running all the latest, most secure Flash components/modules.
  19. Thanks for the info, now that Malwarebytes own WFC (refer to the info here as well as here) I'll be sure to make the team aware of it so that they might hopefully adjust how Malwarebytes is handled by default accordingly to eliminate this issue.
  20. Greetings, According to the information on this page the most recent version is 1.80.2 released on 5/26/2016. As of yet to my knowledge the Anti-Ransomware and other technologies/products have not been integrated into the main Anti-Malware product for business yet. If there is anything else we might assist you with please don't hesitate to let us know.
  21. I agree with your comment, a reinstall shouldn't be necessary. I'll report this to the Product team again to see if I can get the issue escalated.
  22. There are also several fixes you can try listed on this page. In my experience with issues like this, the most likely fix to work is the one that resets Windows Update by deleting the SoftwareDistribution folder etc. (the one listed under How to reset Windows Update using Command Prompt).
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.