Jump to content

exile360

Experts
  • Content Count

    28,440
  • Joined

  • Last visited

Everything posted by exile360

  1. Thanks. What happens if you right-click on the Malwarebytes tray icon and select Quit Malwarebytes? Does it have any problems terminating completely from memory? You should be able to see all of its processes end on their own in Task Manager, usually only taking a matter of seconds depending on what's going on at the time. I'd like to know if it hands up there too. Please let me know. Thanks
  2. That's great news, thanks for letting us know I knew they made a lot of changes and bugfixes for Web Protection in this most recent release, but I wasn't certain if any of those changes/fixes would impact this particular issue or not, so thanks for the confirmation. I will be sure to let them know.
  3. Try restarting the system. After an item has been quarantined it may not be possible to restore it until after a reboot in case Delete on Reboot (DOR) was set to remove any remnants of the previously detected items after system restart to prevent removing an item, restoring it from quarantine, then having it permanently deleted (with no backup copy in quarantine) after the system is restarted for the first time following a scan/remediation. It's the same way with Malwarebytes 3 where you'll find that after removing an item with a scan, it often cannot be restored from quarantine until the system has been restarted.
  4. Thanks. It looks like UAC isn't set to defaults and Malwarebytes had a problem deleting some files that it would normally remove. Resetting UAC to its default settings might fix it. To do so refer to the information on this page as well as here. Next, reboot your computer and then perform a clean installation of Malwarebytes to remove those files I mentioned and start fresh to see if that resolves the issue now that UAC has been reset: Run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here Please let us know how it goes and if the issue is resolved or not. Thanks
  5. Excellent, I am glad that I was able to help you to get the software working again
  6. That is alright, we will get the issue fixed. Please download this file and then extract it and move it to C:\Windows\System32\drivers\etc to replace the file that is already there. Once that is done, restart your computer and you should be able to activate Malwarebytes with your license key. Please let us know how it goes. Thanks
  7. Excellent, I'm glad to hear it. If there's anything else we can help with please let us know. Thanks
  8. Just to add a quick note; in addition to what Maurice mentions above, if you no longer have access to the email address you used when you originally purchased your license then you may need to add your license manually. To do so, follow the instructions found in this support article once you have created your account at My.Malwarebytes.com using your current email address.
  9. Greetings, I'm sorry that this issue occurred, but hopefully we can get the problem fixed quickly. To start, please try disabling Fast Startup. You'll find instructions on doing so here as well as here. Once that is done, try rebooting your system a couple of times to test and see if the issue is resolved (it may still occur on the first system restart, but hopefully won't on the second one and going forward thereafter). If the problem still persists then please do the following so that we may take a closer look at your system configuration to try and determine what the cause of the issue might be: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Please let us know how it goes, and if necessary, provide the requested ZIP file. Thanks
  10. Hello again, I looked deeper at some of the logs you provided and I believe I was able to discover the cause of the issue. The following entries need to be removed from your HOSTS file as they are preventing Malwarebytes from accessing the licensing server to activate your license key: 127.0.0.1 telemetry.malwarebytes.com 0.0.0.0 keystone.mwbsys.com 0.0.0.0 serius.mwbsys.com 0.0.0.0 keystone.mwbsys.com Instructions on resetting the HOSTS file to defaults can be found in this Microsoft support article. Once that is done, try activating Malwarebytes once more to see if it now works and let us know if it was successful or not. Thanks
  11. Greetings, It looks like you may have used an older version of the Support Tool or something went wrong with it while it was running as your logs appear abnormal. Please do the following to see if it helps: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here Once that is done, if Malwarebytes still won't activate properly then please do the following (be sure to use the new version of the Support Tool you downloaded from the link provided in my instructions above): Run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Please let us know how it goes, and if necessary, provide the new ZIP archive. Thanks
  12. Definitely; the Developers are always anxious to find out about any new issues so that they can attempt to discover the cause and hopefully fix them in upcoming releases. It is of course also possible that whatever it is, it may be an issue which has already been reported and a workaround found for it so it's at least a possibility that we may be able to help resolve the problem and allow upgrading to the latest version; which is something we always recommend as new detection capabilities are added to nearly every release (3.8.3 included) which the Research team who create the threat signatures and databases tend to use more and more frequently as time goes on since the latest tech is usually the most effective, especially for detecting the newest threats since most of these improvements to the engine are made at the direct request of the Research team so that they can do their jobs more efficiently and often have a successful method for detecting one or more new types of threats that older versions weren't capable of detecting, and since new signature types are not backwards compatible, the threats that an older version can detect, even when only one or two releases behind, can differ drastically from the threats detectable using the latest version even if the database versions are the same (older builds are written to deliberately skip/ignore signatures that they are not familiar with/do not understand in order to prevent breaking older versions when new signature types are in use). I understand if there is a major issue preventing the upgrade to the latest release, however if there is anything we might do to help the situation we'd be more than happy to do so, and if possible, it really would be more secure for your system if you were able to get the latest version installed. One thing I'll mention with regards to gaming specifically since that was also mentioned; there is a setting called Play Mode under Settings>Application in Malwarebytes which, if enabled, can be used to disable notifications whenever a specific program or list of programs is/are running in fullscreen mode. Adding programs to the list is similar to creating exclusions. Detailed instructions on using the feature can be found in this support article. Obviously it won't help if you don't ever want to see a notification, however it will prevent them from being displayed during gaming sessions so you can play uninterrupted.
  13. Greetings, I'm sorry that you are experiencing this performance issue, but hopefully we can assist you in getting the issue resolved. Please begin by opening Malwarebytes and navigating to Settings>Application and enable the option for event log data; this will cause Malwarebytes to create more detailed logs about what it is doing which will hopefully provide insight for the Malwarebytes staff as to why this is happening and hopefully lead to a solution. Once that option is enabled, replicate the issue a couple of times, or if you can't reliably replicate it deliberately, then simply wait for it to happen again and make a note of the approximate time that it happens. Once it has happened again, respond to this thread with a fresh set of logs from the Malwarebytes Support Tool along with info on when you saw the issue return so that we may correlate the data in your logs with the approximate timing of the events to determine what was going on with Malwarebytes at the time. I would also suggest, if you are able to do so, creating a memory dump of the MBAMService.exe process using Task Manager while the issue is occurring; it might be tricky to do so, but could prove most valuable if you are successful. To do so, follow the following instructions (I recommend keeping Task Manager open/active and proceeding with steps 1-4 while trying/waiting for it to happen in order to save time and increase your chances of catching it in the act): Create Memory Dump using Task Manager in Windows: Open Windows Task Manager by pressing Ctrl+Shift+Esc on your keyboard or by right-clicking on your taskbar and selecting Start Task Manager Select the Details tab (click More details at the bottom if you don't see the tabs) and click the Name column header to sort the processes alphabetically if they aren't already Scroll down the list until you locate MBAMService.exe Right-click on it and select Create Dump File; Windows should proceed to process your request Once it completes it should reveal the name and location of the dump file in a small dialog Navigate to that location in Windows Explorer and copy and paste the file to your desktop or any other convenient location where you can easily find it Right-click on the copy of the file you created and hover your mouse over Send to and select Compressed (zipped) folder Zip and attach the ZIP file you just created to your next reply, or if it is too large, upload it to a file sharing service like WeTransfer.com and post the download link here Once that's done, go ahead and disable the event log data option in Malwarebytes again (you don't want to leave this option enabled as those logs can get pretty big really fast with all those additional entries).
  14. Yes, in Windows 10 Adobe Flash Player is built into MS Edge, so it gets updated every Patch Tuesday along with the other Windows Updates that Microsoft roles out. Adobe has been updating Flash Player on the same monthly schedule that MS roles out their updates for several years now, at least as long as Flash Player has been integrated into MS Edge, and I believe even longer than that; it's why I always update Flash if I have it installed every Patch Tuesday when I do my Windows Updates and that's also why I created this post sometime back to remind others to do the same, especially since Flash was much more popular back then and still required for many commonly used sites like YouTube etc.
  15. Yep, it definitely sounds like it's just coming from the game/launcher doing server lookups (I'm sure they retry/refresh the list periodically as well to keep up to date ping and player stats and server listings so it's likely to happen frequently when the game's loaded, especially when viewing the server list).
  16. It definitely seems likely; the fact that I found one of those exact servers pretty quickly in an online search indicating it was being used for an Arma 2 mod seems like way more than coincidence (I bet the same mod dev created an Arma 3 mod server on the same IP; the post I found on Steam's forums was from way back in 2014 so they've probably moved on to developing for Arma 3 by now). As for why they happened when you weren't running the game, I can only speculate, but if perhaps Steam or some other launcher app that you use for one of your games is also used for Arma 3, then it's quite possible that it was doing a sort of 'preemptive' lookup to cache likely server lists that you might want to connect to. I'd say just keep an eye on it, and as long as you see those exact same IPs being blocked each time you play your game, then it's a safe bet that this is the reason for the blocks you saw and it shouldn't be anything to worry about. Other than that, if the blocks don't occur when playing your game(s), then it might have simply been a case of one or more rotating ads on one of the webpages you had open in the background being blocked because they too will often use shared servers (not to mention the fact that some ads actually are malicious, often containing exploits or other drive-by malware which is something referred to in the cyber-security industry as 'malvertising'; a term you've probably heard before elsewhere on the web).
  17. Hello again. Please read and follow the instructions in this topic and then create a new topic in our malware removal area by clicking here and post the requested logs there and one of our malware removal specialists will assist you in checking your system for any threats and guiding you in removing them if found.
  18. Greetings, It's likely that during the upgrade process the shell extension DLL that Malwarebytes uses for displaying that option in Windows Explorer failed to register properly, which sometimes happens, but should be fairly easy to resolve. Usually this can be fixed simply by performing a system reboot, however if that fails to resolve the issue then please open Malwarebytes and navigate to Settings>Application and toggle the option for adding Malwarebytes to Windows Explorer off and then on again by clicking on the switch once to toggle it off, waiting a few seconds, then clicking the switch once more to toggle it back on. If the option still doesn't show up after that, then try restarting the system one more time and see if it returns then. If it's still not working properly then please try the following: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here Please let us know how it goes and if the issue is resolved or not. Thanks
  19. Greetings, Was one of the games you were playing Arma 2: DayZ Mod by any chance? I only ask because one of the references I found to one of the blocked IPs from your logs indicates that someone set up a custom server for that game/mod there a while back. If that's the case then it's likely that the blocks just came from one or more of the games you were playing when doing their usual thing of looking up open game servers to play on (and it's still pretty likely even if you were playing a different game). By their nature a lot of online multiplayer games tend to generate web blocks from Malwarebytes on occasion because they will often use peer-to-peer and connect to a multitude of different servers across many hosts/hosting providers, and like any P2P app this makes them prone to sometimes connecting to servers which are used for perfectly benign activities, like hosting a game server for an online multiplayer video game, as well as playing host to someone who operates in the nefarious field of malware development and/or distribution, and since Malwarebytes will often block entire IPs (especially for cases where the bad guys constantly change/rotate the domain names/URLs they use to try and evade detection) and even entire IP blocks/IP ranges (especially for certain hosting providers known to be rather unscrupulous about dealing with abuse reports and having reputations for being 'malware friendly') so Malwarebytes has a tendency of sometimes blocking some of the connections a peer-to-peer application tries to make. It's generally nothing to worry about, and as long as you're not still seeing the blocks when not doing anything online with your PC and you aren't seeing the same blocks constantly (in this case, the only two I saw were 58.218.66.186 at port 57585 and 188.165.255.150 at port 65430) then you should be fine. Just keep an eye on things, and if the blocks return, particularly when playing one of the specific games you were playing when the blocks originally occurred, then you can bet that's the likely source of the blocked connections. As long as it isn't disrupting your gameplay there's no issue, however if it causes a problem then you can exclude your game's executable from the Web Protection in Malwarebytes using the procedure described under the Exclude an Application that Connects to the Internet of this support article and it should no longer block any connections for that application. As for the reason you saw multiple (i.e. 6) notifications is because of the way that networking in modern Windows version works. It will generally 'retry' an unsuccessful connection (including one that was unsuccessful because it was blocked by Malwarebytes) twice before giving up, which results in not just 1, but a total of 3 blocked connection attempts for most web blocks that occur, and while they are hidden (like when playing a fullscreen game), the notifications 'stack up' so that they are all displayed immediately, in sequence as they occurred, one after the other as soon as Malwarebytes is able to display them once you've returned to your desktop which is why they showed up when they did as soon as you tabbed out of your game. I hope this helps, and if you suspect you may be infected or if you just want to make sure for your own peace of mind then please read and follow the instructions in this topic and then create a new topic in our malware removal area by clicking here and one of our malware removal specialists will assist you in checking and clearing your system of any threats as soon as one becomes available. Please let us know if there is anything else we might assist you with. Thanks
  20. Greetings, The easiest way to exclude an installed application that you update frequently and where the path changes frequently as you describe would be to temporarily disable the Malware Protection component of Malwarebytes just before you're going to install the latest version after you've downloaded the latest installer but before you actually run it, then run the installer and get it fully installed, then open Malwarebytes and click the Scan Now button on the Dashboard, allow the scan to complete, then uncheck the top checkbox on the upper left of the scan results to clear all of the detected items, ensure that they are all components of the application you wish to exclude, then click Next and when prompted on what to do with the remaining detections, select the option to always ignore them and they will be added to your exclusions. Additionally you may configure Malwarebytes to ask you what to do when any PUP is detected using the drop-down menu provided under Settings>Protection under the Potentially Threat Protection section for PUPs by selecting Warn User. When Malwarebytes detects a PUP with real-time protection it will prompt you on what to do with it, and when you scan, PUP items will automatically be unchecked (though still shown in the list of detections) which will make them easier to exclude as described above if it is something you wish to keep while you can check the box next to anything you wish to remove. With regards to what Malwarebytes detects as PUP and why, please refer to the information in the following links: https://www.malwarebytes.com/pup/ https://blog.malwarebytes.com/malwarebytes-news/2016/10/malwarebytes-gets-tougher-on-pups/ https://blog.malwarebytes.com/cybercrime/2015/06/digital-snake-oil/ https://blog.malwarebytes.com/cybercrime/2015/06/driver-updaters-digital-snake-oil-part-2/ https://blog.malwarebytes.com/cybercrime/2015/07/pup-makers-digital-snake-oil-part-3/ https://blog.malwarebytes.com/threats/registry-cleaner/ https://blog.malwarebytes.com/puppum/2016/12/why-malwarebytes-detects-pc-pitstop-as-potentially-unwanted/ https://blog.malwarebytes.com/malwarebytes-news/2017/11/winning-the-battle-against-pups-on-your-computer-and-in-u-s-district-court/ https://blog.malwarebytes.com/puppum/2016/07/pup-friday-cleaning-up-with-5-star-awards/ https://blog.malwarebytes.com/puppum/2016/08/systweak-redux-our-response/ Regarding legal precedent, please refer to the following articles which cite two cases involving Malwarebytes and vendors blocked as PUP: https://blog.ericgoldman.org/archives/2017/11/section-230c2-protects-anti-malware-vendor-enigma-v-malwarebytes.htm https://blog.ericgoldman.org/archives/2018/09/section-230-helps-malware-vendor-avoid-liability-for-blocking-decision-pc-drivers-v-malwarebytes.htm The following links should also prove informative as to why many items are classified as PUP by Malwarebytes: https://decentsecurity.com/#/registry-cleaners/ https://support.microsoft.com/en-us/help/2563254/microsoft-support-policy-for-the-use-of-registry-cleaning-utilities http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html https://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2853053 https://www.howtogeek.com/171633/why-using-a-registry-cleaner-wont-speed-up-your-pc-or-fix-crashes/ https://www.howtogeek.com/162683/pc-cleaning-apps-are-a-scam-heres-why-and-how-to-speed-up-your-pc/ https://lifehacker.com/5482701/whats-the-registry-should-i-clean-it-and-whats-the-point https://lifehacker.com/5033518/debunking-common-windows-performance-tweaking-myths https://www.howtogeek.com/198758/never-download-a-driver-updating-utility-theyre-worse-than-useless/ http://www.howtogeek.com/98465/htg-explains-when-do-you-need-to-update-your-drivers/ https://www.howtogeek.com/233115/the-only-way-to-safely-update-your-hardware-drivers-on-windows/ http://www.tomshardware.com/answers/id-1857635/good-free-automatic-driver-updater.html http://www.tomshardware.com/answers/id-1974868/trusted-driver-updater.html https://www.howtogeek.com/172839/10-types-of-system-tools-and-optimization-programs-you-dont-need-on-windows/ https://computer.howstuffworks.com/question1751.htm https://lifehacker.com/5415355/do-you-really-need-more-than-4gb-of-ram https://www.tomshardware.com/reviews/memory-module-upgrade,2264.html https://www.howtogeek.com/128130/htg-explains-why-its-good-that-your-computers-ram-is-full/ https://techlogon.com/2011/03/28/will-more-ram-memory-make-my-computer-faster/ I hope this helps, and if there is anything else we might assist you with please let us know. Thanks
  21. Excellent, I'm glad you were able to get it sorted. If there's anything else we might assist you with please let us know. Thanks
  22. Greetings, Please refer to the information in this support article. If you wish you may also contact Malwarebytes Support directly by filling out the form on the bottom of this page and they will assist you by deactivating auto-renewal for your subscription. I hope this helps and if there is anything else we might assist you with please let us know. Thanks
  23. By the way, you may also find the information in this post to be helpful. It also deals with creating an exclusion for Exploit Protection.
  24. I'm more familiar with the consumer product honestly, I just know that the Exploit Protection component handles exclusions differently. There should be an option when creating an exclusion to select something like 'Exclude a previously detected exploit' or something similar; that's the option you want. It should be in the same area as the other exclusions you created, you just have to select the right option. You can instead try excluding based on the file's MD5 hash, but I don't know if that will work either.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.