Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by exile360

  1. You're welcome, I hope that it works. I'm truly sorry that you've had to go through all of this and I hope that the Developers are finally able to fix this issue soon so that you may use the latest version without risking any BSODs. Also, if you haven't yet, you might consider installing the browser extension linked to in my signature if you use Chrome (or any other Chromium based browser) or Firefox because then at least your browser will still be shielded from the same web threats as the latest version of Malwarebytes, plus it blocks some things that Malwarebytes currently can't even in its latest iteration thanks to some nifty new behavior based tech built into the extension.
  2. We may continue this discussion in another thread if you wish, but here a user is seeking assistance with their specific system and configuration so I don't think we should hijack it with such a discussion, do you? Let's please respect the user and discontinue fleshing this out in this thread.
  3. Actually, it still remains true because as new layers have been integrated into Malwarebytes, they have either been developed from the start to be compatible with other security software (especially AVs) or they belonged to products that already were (such as the Anti-Exploit and Anti-Ransomware components you mentioned). Also, whatever has been taken from ADWCleaner (nothing at this point I don't think, which is why it's still available as a separate tool/product, though JRT was integrated into ADWCleaner) would only be signatures for specific PUPs; it uses a fairly basic engine and doesn't have the same level of complexity to its syntax as Malwarebytes does so this would not cause any conflicts even once it is fully integrated. As for Binisoft, nothing from that product has been integrated into Malwarebytes 3 at this point, and even if it is in the future, this won't cause any conflicts because it is based purely on WFP (Windows Filtering Platform), the same exact technology and APIs that the built in Windows Firewall is based on in modern Windows versions (every version after XP) so it can't conflict with any third party software either, otherwise they wouldn't be compatible with Windows itself out of the box since the Windows Firewall is active by default. Malwarebytes continues to be developed with a focus on allowing the AV to check objects first to prevent conflicts, thus enabling Malwarebytes to stay out of the way and only flag something as a threat once the AV has already taken a look at it and determined it to be clean. The diagram found on this page illustrates how each layer of protection in Malwarebytes functions throughout the attack chain to stop threats throughout the process, and were an AV inserted into that diagram, its payload analysis would come before that of Malwarebytes because for Malwarebytes to check a file in real-time it must attempt to execute in memory whereas an AV analyzes a file as soon as it is written to disk (i.e. as soon as it is downloaded, before it tries to run) so by the time Malwarebytes sees the file and checks it, the AV has already had the chance to scan it and quarantine it, meaning if the AV detects it, Malwarebytes will never see it and if Malwarebytes detects it, it means the AV didn't detect it as a threat and allowed it to execute.
  4. You're welcome, and thank you for the feedback. I will make certain that it gets to the team for their review and consideration, and hopefully this is something that they will be able to address.
  5. What did you have to do to fix it? Also, do you still have the log from the scan where the issue occurred? Without that info, tracking down and fixing the problem may not be possible unfortunately so I hope that you still have it.
  6. Just to make sure as I haven't read the entire thread here, but did you also be sure to set the following two circled options to Off prior to deleting the folder?: Also, if you open Malwarebytes and go to Settings>Protection and disable the Enable self-protection module option under Startup Options you should be able to delete the folder even if Malwarebytes is running (self-protection prevents any of Malwarebytes files, folders and processes from being modified or deleted). If you already have Malwarebytes configured this way then you may disregard this post, I'm just hoping it might be helpful.
  7. Perhaps, but since each step has the potential to resolve the problem, they might not all be necessary and removing Kaspersky would only illustrate whether or not there was a conflict; it wouldn't really fix the issue, but even if that is the case, doing things like setting exclusions might resolve the problem so I think it's worth a shot at least, and the same goes for updating Kaspersky as it's always possible that a conflict has been corrected in their latest build.
  8. Greetings and welcome, Rootkit scanning is disabled by default primarily because it takes a lot longer when rootkit scanning is enabled, but also because since it uses a low level driver to scan for rootkits (a requirement for rootkit scanning), there is also the outside possibility of a potential conflict with your antivirus if you use one or other software on your system, and since the default Threat scan does check all loaded processes and modules in memory anyway, it's pretty likely that if you are infected, even with a rootkit, that at least some trace/component of the infection would be detected by the normal scan, in which case you could then enable rootkit scanning if you needed to and then perform the scan with it active. The main issue is performance though, plus the fact that rootkits aren't nearly as prevalent as they have been in the past (like around 3~5 years ago when they were far more common, at which point it was enabled by default). These days there are really only one or two major rootkit families out there, and they usually occur with other obvious symptoms of infection, including adware/PUPs that return after removing them (another case where you could then enable rootkit scanning if you saw something like that happen). I hope that helps to answer your question, and if there is anything else we might assist you with please don't hesitate to let us know. Thanks
  9. Greetings, I'm sorry that this occurred, and you can be certain that they will take fixing this issue seriously. With that said, can you please provide some additional info to help the team decipher how this happened? My suggestion would be to use the built in repair option in Windows to perform a System Restore back to as close to just before the scan with ADWCleaner where the issue occurred as you can, then perform another scan and save the log, but obviously don't have it fix anything because we don't want the issue to repeat. They just need to see what was detected to determine where the problem is, assuming it was something being changed/removed by ADWCleaner that caused it (there's a possibility it was just an issue with the cleanup process itself, such as a driver conflict or something with the built in cleanup function that occurs on restart when ADWCleaner performs final cleanup following a scan, meaning it could be a compatibility problem with some specific hardware and/or software on your system). If you could also then please run the following tool and provide the ZIP file containing the diagnostic logs that would likely be helpful as well, especially if it is a corner case as I mentioned: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced Options on the main page (not Get Started) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Thanks, and again, I'm sorry that this occurred, but hopefully it will be promptly corrected.
  10. Unfortunately given the way browser extensions function, I'm not even sure it's possible to have the controls be dynamic so that the go back option isn't present when it doesn't apply, but I will forward your feedback to the team. For the record, Malwarebytes does have a rather large QA team who handles the testing of their products and tools, however like with all QA, their testing parameters for passing or failure are determined by the specs provided by the Developers, so if the Devs do not deem it a bug for an unnecessary control to be displayed (i.e. they've chosen to use a single standardized set of controls for the block/redirect page), then QA cannot say that it is a bug. In fact, it would technically be up to the UX (User Experience) team/lead, not QA, to determine whether such a page layout/behavior is acceptable or not, and in this case I must assume that they determined that it was acceptable (having seen other plugins that block ads etc. with similar function and behavior and drawing on that as a baseline, I can understand why as I've seen others do the same thing, showing an unnecessary control sometimes due to the application of a standardized layout). So what you have highlighted definitely falls into the realm of UX and could be classified as less than ideal given certain specific scenarios, and if they determine that this is sufficient reason to change it, and assuming changing it to make the controls dynamic under these circumstances is possible and worth the additional development effort required to implement the change, then they will correct the UX issue. If not, then obviously it will remain as it is but I'm not a Dev so I cannot estimate as to the level of difficulty or what the APIs and functions for extensions allow, and of course it has to be possible not only for Chrome, but also Firefox since the extension is available for both browsers, and it's likely that they would prefer consistency across all platforms if possible, so that will also factor into determining whether or not it will be changed.
  11. Perhaps I wasn't being clear enough. What I'm saying is this is not a bug at all, just a consequence of how some malicious sites show up and are blocked. Here is an example scenario of what I'm referring to: You are browsing the web and visit a site You click a link on the site to another page of that same site, but in doing so it also triggers an automatic pop-up advertisement; the advertisement is from a known malicious source (i.e. a tech support scam/malvertisement) The Malwarebytes extension blocks the connection to the malicious ad server so that the resulting pop-up/new tab instead displays the Malwarebytes redirect block page instead of the tech support scam that would have been in its place Since the original URL and the blocked URL are one and the same, there is no "safe" previous site to return to, thus the "go back" function doesn't do anything (it's like trying to use your browser's BACK button when the site you're currently on is the first page you visited; it can't work because there is no previous page to return to) Does that make more sense?
  12. Greetings, The function of the go back option depends on how the block occurred. For cases where you were viewing a safe site and then clicked a link or were redirected to a blocked site, that option will return you to the safe site. However, if the block occurred as the result of a pop-up such as an ad redirect page (which is what I see more often than not these days, at least during my own browsing sessions) then the go back function won't actually do anything because there is nowhere to go back to since the starting point for that pop-up was the blocked site itself.
  13. Thanks for the info. If anyone requires it, the update mentioned for MS Access can be found on this page and of course you can always run Windows Update/Microsoft Update to check for and download any available updates for MS Access and other MS Office software.
  14. OK, please go to the Scan Schedule tab under Settings then double-click on your existing scheduled scan (or click on it once to select it then click the Edit button) then click on the Advanced button in the Edit Scheduled Scan dialog and then check the box next to Scan for rootkits in that section then click OK. The image below shows what I'm referring to:
  15. Yep, I'd go ahead and classify it as PUP at this point. This is way over the line, especially with its persistence, that's borderline Trojan behavior.
  16. Greetings, Please read and follow the instructions in this topic and then create a new topic in the malware removal area including the requested logs and info by clicking here and one of our malware removal specialists will assist you as soon as one becomes available. If you aren't able to complete any of the steps, such as the Malwarebytes scan since it gets stuck, then just skip that step and mention that it would not complete in your post and they will guide you on what to do to get your system cleaned up.
  17. Are the scans you're referring to being executed manually or by the scheduler? I ask because the scan for rootkits setting doesn't actually govern scheduled scans and they have their own setting in the scheduled scan editor to enable/disable rootkit scanning.
  18. It actually used to in the past, however a significant number of users complained about it stating that it was non-essential information and that they just wanted Malwarebytes to quietly do its job and only notify them if there was a problem so this was changed. I will request that they add an option to re-enable these types of notifications for the users like yourself who wish to see them, however do be aware that it is very unusual for security applications to do so these days and that Windows Defender is definitely the exception, not the rule. I personally believe that users should have the ability to customize the application's notifications to their liking, so I will make this request on your behalf, however it likely will not happen until they re-work the UI and notification system in a future major release (likely something along the lines of a version 4.0) and of course it is up to the Product team to make the final decision on whether or not to add this capability, but I will make certain that your request is heard by them.
  19. exile360

    cnet is not loading

    Yep, that explains a lot. I noticed I kept seeing CNET loading page after page at the bottom in the status bar/area (I assume these were the iframes) even with the extension disabled and it makes the page take quite a while to load even with no extensions active. I bet it's because of all of those ads and links to other content that they embed in each page of their site along with all their tracking/telemetry stuff (they tend to be heavy on that sort of thing historically).
  20. Greetings and welcome, Windows Defender processes its updates through the Windows Update interface built into Windows which is why you see alerts about new definitions/database updates. Malwarebytes handles its updates silently and automatically, checking for updates every hour by default. You can check your Malwarebytes program version, component package version as well as database version info in the Settings>About tab. Also, by default, if Malwarebytes is more than 24 hours out of date it will display an alert from the tray notifying you of the issue and prompting you to download the latest updates. Aside from that, Malwarebytes also checks for new definitions every time it performs a scan, including scheduled scans, to ensure that it has the latest updates when it scans. Malwarebytes also logs updates under C:\ProgramData\Malwarebytes\MBAMService\LOGS\MBAMSERVICE.LOG and you can locate them by searching for the phrase Starting check for updates within the log to see each instance where it checks for updates and look at the lines that follow to see when updates were available and when it downloaded them. On a typical day the Malwarebytes threat Researchers generally update the definitions 10 or more times throughout the day depending on how many new threats have been identified. You can control the frequency of automatic update checks under Settings>Protection in the Updates section; this is where it is configured to check hourly by default. If you wish to check for updates manually you may do so by either right-clicking on the Malwarebytes tray icon and selecting Check for Updates or by opening Malwarebytes and clicking on the blue word next to Updates in the Dashboard tab on the lower right side (the word is generally Current as long as the definitions are not too old) and it will also show the status there when checking for updates such as checking, downloading and applying updates when that is happening. If there is anything else we might assist you with, please don't hesitate to let us know. Thanks
  21. Greetings, To start, please update to the latest version of Malwarebytes, Component package version 1.0.391, by opening Malwarebytes and going to Settings>Application and clicking on the Install Application Updates button. Once it is installed, restart your computer and check to see if the issue is now resolved.
  22. I have suggested that they have the program sort the logs in a more logical way (by date/time or at least by event type in alphabetical order). I suspect the current sorting has to do with the actual names of the log files which you can see if you open C:\ProgramData\Malwarebytes\MBAMService\ScanResults for scan logs, RtpDetections for Malware Protection detections, MwacDetections for Web Protection blocks, AeDetections for Exploit Protection detections, and ArwDetections for Ransomware Protection detections. You'll notice that the filenames are apparently semi-randomized strings that resemble GUIDs and I suspect that the names are in some kind of encrypted format that only the Malwarebytes SDK can read and interpret.
  23. Greetings, If this occurs again, try disabling Self-Protection in Malwarebytes if you are able (or perhaps keep it disabled to see if it makes any difference the next time the problem occurs, assuming it still happens to ESET providing evidence that it would have happened to Malwarebytes as well). I don't know if it will resolve it completely, but it may at least make it easier to deal with because the self-protection driver prevents other programs from altering the files, folders and processes that belong to Malwarebytes so it could actually be getting in your way when you are attempting to correct permissions or uninstall it. You can also try running the Malwarebytes Support Tool mentioned in the above automated reply and try using the Clean option to see if that allows you to remove/reinstall it when this occurs: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced Options on the main page (not Get Started) Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here With all of that said, I've never heard of this issue before and haven't seen it on any of my own systems so there might be something anomalous with your system which causes these MS updates to create these problems with permissions. It might be worthwhile to contact Microsoft Support and see if they have any ideas as they may have encountered it before and may have a fix for it.
  24. One more thing, there are also OEM specific custom builds of hardware devices out there that use their own drivers due to differences in functionality compared to the retail/generic versions of the same hardware. One example is discussed here and there's a more broad discussion on the subject here, however I've seen many examples over the years in different systems, and since such systems tend to be the most common (i.e. branded OEM systems made by major PC brands/manufacturers vs custom machines built using off the shelf standard parts) it is quite often the case that you end up with hardware that shares many similarities to the generic off the shelf version of a particular device but may include specific functionality, tuning or additional (or removed) components that may require specific driver builds from that particular OEM/system builder. As an example, I used to be a PC repair tech and I had to keep folders full of custom/OEM Dell, HP, Compaq, Gateway and other makes of drivers for specific hardware like sound cards, TV tuner cards, graphics cards, chipsets/motherboards, USB hubs, network cards (both wired/ethernet as well as wireless) just because these special versions of hardware were out there. When you install the generic driver for such a component, at best it works OK (though perhaps with some level of lost custom functionality which may or may not have a large impact) and at worst you end up with a system that crashes (BSOD) whenever Windows boots and tries to load that generic driver for that custom/OEM component. Although such things aren't quite as common these days as they once were, with the prominence of mobile devices with more laptops and tablets being sold than ever, custom builds with drivers designed to provide longer battery life are not uncommon and using the generic off the shelf driver can sometimes result in a loss of battery up-time. It would be nice if drivers could be so generic that a scanning utility could easily point you to the right driver, but even Windows Update has been known to often download the wrong drivers for hardware and if Microsoft can't get it right, I doubt any of these smaller vendors making these driver updater utilities can either. That's why the safest thing to do is get drivers for your specific system from the manufacturer's specific driver support page for that system unless you know for certain that it isn't some custom hardware component in which case you can get more up to date drivers from the hardware vendor's website directly (AMD/ATI, Creative, Intel, NVIDIA, Realtek etc.) but even then might lose some level of functionality like lower power/better battery performance if the OEM driver was tuned differently to prioritize that.
  25. By the way, in case you're curious as to why, on a technical level, driver updaters do not work, it is because hardware vendors like Intel, AMD etc. will frequently use the same hardware ID (the ID info read from Device Manager that driver updaters scan from the registry to determine what hardware is installed to find a matching ID in their databases to provide the appropriate driver for the associated hardware) across multiple devices, even when a completely different driver/driver package applies to that particular device. That's because the hardware ID is not what hardware vendors actually use to identify specific hardware. Instead, they use the proprietary hardware model numbers, which often can only be known by physically reading it from the label on the piece of hardware itself (i.e. not within software/Windows or even the system BIOS) or by checking the system manufacturer's website (assuming they actually provide that level of detail on the individual components installed in a system they make; some do, some don't). It is because of this that driver updating programs so frequently fail to recommend the appropriate driver for many components and even Intel's own driver updating utility will fail to identify components that they themselves have manufactured (I've found this to be true across multiple systems where I've run the utility where it had multiple Intel components installed, yet still had to search for and download drivers for certain components manually because their own tool failed to identify them).
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.