Jump to content

exile360

Experts
  • Content Count

    23,521
  • Joined

  • Last visited

Everything posted by exile360

  1. While this obviously shouldn't happen, you could exclude the file and Malwarebytes should stop detecting/blocking it, assuming the filename and location are static. Just add it as an exclusion in Malwarebytes via the Exclude a File or Folder function. That is, assuming it's being detected as malware. If it's some other component blocking it like Web Protection or Exploit Protection then different steps may be required. Let me know and I can assist with that as well. edit: I just realized it's most likely the Web Protection component blocking it given the location of this thread and the name of the process, so to exclude it from Web Protection you'd need to go to Settings>Exclusions and click Add Exclusion then select Exclude an Application that Connects to the Internet then click Next and navigate to the location of that EXE and select it. That should prevent Malwarebytes from blocking its updates/connections going forward regardless of what changes are made to the Web Protection databases so that you'll never have to worry about this again, at least as long as that exclusion exists.
  2. By the way, assuming this scam got you through a web browser pop-up that told you your system was infected that you weren't able to dismiss, then you might consider installing the beta of Malwarebytes for Chrome or Malwarebytes for Firefox (depending on which browser you use) as it is a very effective, free tool which blocks, among other things, tech support scam sites: Malwarebytes for Chrome Malwarebytes for Firefox It is free, at least for now while it's in beta (I do not know if it will remain free once released or if it will be integrated into Malwarebytes 3 Premium) but at least for now it should prove most helpful in stopping these types of scams from attempting to pop-up in your browser.
  3. Greetings and welcome You may either access one or more of the other systems where the license is activated, launch Malwarebytes and navigate to My Account via the button on the top right then click on the Deactivate License button on the bottom or you may click Go to My Account and log into the web portal (you can set it up if you haven't done so yet) and manage your licenses and devices from there. If you still have trouble then you may contact Support directly via one of the options on this page and they will assist you as soon as they are able in deactivating one or more of your other installations/devices.
  4. Greetings, It sounds as though this may have been a tech support scam. A tech support scam is when a scammer/con artist contacts you claiming to be from a legitimate business, usually a major software or hardware provider such as HP, Microsoft or even Malwarebytes when in fact they aren't actually affiliated with any of those organizations and just want to charge you an absurdly high price for their "premium support" which often includes the repair of issues that don't actually exist (usually prompted by a pop-up ad in your browser that you cannot dismiss prompting you to call their support number for assistance, claiming that you are infected when it's really just an annoying ad). If it was a scam, you should contact your credit card provider or bank that issued the card you used for payment to this organization and tell them what happened and they should be able to get your money back and you'll also likely need to get a new card issued as you don't want the scammers to have your legitimate card info as they might attempt to make further charges to it without your knowledge or approval. Lifetime licenses for Malwarebytes haven't been available for several years now and that's likely why they gave you version 1.75 because the crack/keygen they're using to generate the fake licenses they're selling likely do not work with the current Malwarebytes version and you'll probably find that you have problems with the key as soon as you attempt to upgrade. Also, Mcafee works just fine with Windows 10, but they likely didn't have a crack/working key for it which explains why they gave you Malwarebytes (and version 1.75 of Malwarebytes is not an adequate antivirus replacement, though version 3.x is now that it includes many more layers of protection). More information on tech support scams can be found here: https://blog.malwarebytes.com/tech-support-scams/ Also, if you believe that they may have infected your system then I would strongly recommend you read and follow the instructions in this topic and then create a new topic in the malware removal area including the requested logs and information by clicking here and one of our malware removal specialists will assist you one-on-one, free of charge with checking and clearing your system of any threats (we do not charge for our support and anyone claiming to be from Malwarebytes and attempting to charge for assistance is lying).
  5. I know that I've seen a post about this in the past, but I don't recall what, if anything fixed it. I do believe it was indeed related to the use of multiple desktops/monitors. Your monitors running at different resolutions is a likely culprit. Also, if you unlock the taskbar and try moving it to a different edge of the screen, then move it back to the bottom does that change it at all or fix it?
  6. Yep, you can create a support ticket instead if you prefer the logs be kept private Just inform them of what the issue is and why you're providing the data, including the workaround (disabling Self-Protection) that way they're sure to provide the info to the Dev team. The option to create a support ticket can be found on this page.
  7. Greetings Paul, Yes, it sounds like you've encountered a known issue with Ransomware Protection or the issue mentioned with Self-Protection as mentioned above. If you disable just that component in Malwarebytes does the issue go away (try each one individually to determine which it is, with the other enabled to rule it out)? As for logs, they could certainly prove useful for the Devs. If you wish you may do the following: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced Options on the main page (not Get Started) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply It could also be useful to get a memory dump from both MBAMService.exe and WINWORD.EXE to provide further details: Press CTRL+SHIFT+ESC on your keyboard to launch Task Manager and make sure the Processes tab is selected then click on Show processes from all users Attempt to launch Word then proceed with the next step for each process while it is still trying to load but before it has completed (you might have to repeat it if you don't have time for both while it's still launching; reboot the system and try again if it launches too quickly the second time as caching may affect it) Click on the Image Name column header twice to sort the processes alphabetically then scroll down the list until you find MBAMService.exe then right-click on it and select Create Dump File then do the same for WINWORD.EXE Navigate to the temp folder where they were created (you'll see it in a pop-up dialog after the dump is created) and move them to your desktop or some other convenient location where you can easily find them Select both files then right-click on one and hover your mouse over Send to and select Compressed (zipped) folder then attach the resulting ZIP file to your next reply, or if it is too large, go ahead and upload it to a filesharing service such as wetransfer.com and provide us with the download link
  8. Thanks for the update, I'm glad that you guys were able to work this situation out With regards to the hassle involved, I think it comes down to the issue I mentioned previously with the duration of a license/subscription being the main hurdle. I don't think most organizations would want to have to renew some of their seats on one date and other, more recently added seats on another, but without starting each subscription/seat from the date of purchase an organization would end up paying for time they aren't getting (in the case of seats added later/mid-term of their existing subscription) meaning they'd be paying full price for seats to only get protection for the same duration as their original/existing seats. The only alternative would be to do something like a monthly license term, which I don't think too many organizations would find ideal since most would probably rather pay for at least 1 year at a time rather than having to renew each month to keep their seats/subscriptions current. Maybe some kind of middle ground could be created for this purpose such as a special add-on pricing for additional seats where you only pay for the remaining portion of the current subscription term for the new seats up front rounded off to the nearest month or quarter or something like that, this way the new seats could still be set to expire/renew on the same date as the existing seats without being charged a full year for a partial term, but I don't know if the Malwarebytes licensing/pricing/ecommerce model would allow for this or not, but it would probably be the best solution for this kind of situation.
  9. Cylance, SentinelOne and all the others claiming to use AI are using exactly what I mentioned in my response above. It isn't in any way, shape or form true "Artificial Intelligence". It's just basic Machine Learning and Decision Tree algorithms and the like which use varying degrees of complex math and existing samples of both clean and malicious files to attempt to classify and identify new/unknown files either as safe or malicious. Malwarebytes already includes technologies based on these kinds of models and also already has the cloud analysis component (another aspect of Cylance and the like) built in as well for uploading and analyzing new/unknown samples for further enhancement of the engine (that's the Machine Learning part in action). The problem is, if you base a product entirely on these kinds of technologies with no threat researchers and no definitions/signatures then you're going to end up missing a lot of malware and you're going to end up with a lot of false positives (we've tested, we know) so the Malwarebytes approach is to combine these kinds of technologies with the existing tech, continue to do research and both automated and manual threat analysis which allows Malwarebytes to better adapt when threats change (remember, if all AVs used these techniques then it would be very easy for the bad guys to fool them; all they'd need to do is make their threats look enough like legitimate/safe files, a trick they've used for years now). There is no single 100% effective silver bullet technique when it comes to threat detection, because just as soon as you discover something that works effectively, the bad guys discover what you're doing and deliberately write their next wave of infections to trip it up so that they aren't detected (the bad guys buy AVs too in order to test and see whether or not their threats are detected and they also have multi-engine scan tools similar to VirusTotal for this purpose).
  10. Greetings, These appear to be false positives. During scans Malwarebytes creates temporary backup copies of your system's registry hives and I believe that's what those files are that are being detected by MSE. You should set exclusions for Malwarebytes in MSE and it should eliminate the FPs: Additional info on configuring exclusions for Malwarebytes in your antivirus may be found in this support article. Please let us know if this does not resolve the issue and if you have any further questions or issues. Thanks
  11. Malwarebytes scans a lot of areas in the registry, however it does so in such a rapid manner that it isn't able to display them as it scans. It goes through files and folders pretty fast so you only see a small portion of what it is scanning, but with the registry it's even faster and it typically gets through it in a manner of seconds even though it scans a very large portion of the registry. Because of this, even if it were coded somehow to display each and every location it scanned, they would go by so quickly that you would not be able to read them. You could use a tool that monitors programs such as Process Monitor to see where Malwarebytes is scanning, however such tools are typically a pretty big drain on resources so I wouldn't advise doing so frequently, but it might be handy if you just want to do it once to see what Malwarebytes is doing. You can filter by the process MBAMService.exe which is the process used by the scan engine for Malwarebytes (it also performs some tasks for protection as well in the Premium version).
  12. Greetings, Unfortunately due to the way that scans function, once the results have been processed there is no way to return to the previous detections so you have to perform a new scan. There are a few reasons for this but the main one is that Malwarebytes cannot confirm that the other items it detected previously are still present (not to mention the fact that it generally requires a reboot for cleanup) so it requires you to perform a new scan to deal with any items that might remain. Also be aware that some detections might be connected to one another, and removing only specific ones might cause the others to no longer be detected by subsequent scans. This is because of a heuristics detection technology built into Malwarebytes called Linking which can detect additional traces and infection components based on other items it detects. Because of this you should always remove all detections following a scan unless you are certain that an item is a false positive, in which case only the item(s) you believe are false positives should be ignored and the rest should be removed.
  13. Greetings, True AI doesn't actually exist yet. Products that claim the term are actually referring to things like machine learning (which Malwarebytes already has/uses in some of its components) and threat detection algorithms (also in use by Malwarebytes already for some of its detection capabilities) which are not by any real definition, Artificial Intelligence. Malwarebytes uses a combination of technologies, including those that several in the industry currently refer to as "AI" (again, not one is actually using any form of true Artificial Intelligence because it doesn't exist yet) as well as more traditional threat detection signatures (the updates), however the vast majority of signatures in use by Malwarebytes are themselves heuristic pattern signatures designed to target more than a single/specific threat, and instead are designed to target entire threat families and sometimes multiple families of threats. It's one of the reasons Malwarebytes tends to be so good at 0-hour threat detection where it is capable of detecting a new, never before seen threat without requiring a signature update to do so. Malwarebytes also uses signature-less behavior based detection methods such as those built into the Anti-Exploit and Anti-Ransomware components of Malwarebytes which require no signatures/updates to remain effective at detecting new attacks and threats.
  14. Yes, the issue is that they display this scan results screen at the end of every scan and it never gets dismissed until you click that Close X entry/button which means that if you happen to not notice it (which is rather easy to do since it's just text and doesn't even look like a legitimate control in my opinion), then you're cut off from the normal scan options/functions that are supposed to be presented on that screen. It's something I've mentioned to the team more than once and I hope that eventually they'll just do away with it or have it automatically revert to its normal appearance after a set amount of time (like 30 seconds or something) since a user can always browse their scan logs/history to find the results of their last scan anyway, which renders this screen redundant. It would be different if there were detections pending a decision from the user to decide whether or not to remove them, but it does this even for clean scans where nothing was found.
  15. Greetings and welcome I found a few items that should prove useful. First, it depends on the type of device, and second it depends on the operating system you're using on your device. Now with those caveats out of the way, here are a few links which should prove helpful: https://answers.microsoft.com/en-us/windows/forum/windows_10-other_settings/how-to-really-change-computer-name-in-windows-10/936232bb-8765-4223-81ed-36d9153b06d0 https://support.microsoft.com/en-us/help/295017/how-to-change-a-computer-name-join-a-domain-and-add-a-computer-descrip https://answers.microsoft.com/en-us/windows/forum/windows_8-security/how-do-i-change-the-computer-name-on-surface-pro/d40eb9df-25a0-434d-ab1b-108b0622d752 https://answers.microsoft.com/en-us/windows/forum/windows_10-security/how-do-i-change-the-computer-name/47dd3e8f-1dd8-4508-8c0d-b504dc12a73d I hope this helps, and if it doesn't or you need info on anything else just let us know. Thanks
  16. You're welcome It's an interesting subject and a difficult challenge to assess the performance of these products, especially with a threat landscape so varied these days with so many malware authors out there trying to develop new tricks to evade detection. Given the complexity of how Malwarebytes functions in real-time, with so many different layers of defense operating at different points in the attack chain, it makes side-by-side testing rather difficult, so to play fair they had to step aside and let the AVs have their fair shot at the threats because many of the layers in Malwarebytes operate very early in the attack chain before any actual malware binaries are even present. That's why only the results of scans were included and why they aren't showing any of the real-time threat blocks from Malwarebytes.
  17. Most of the results in the heatmap have to be from users of the free version of Malwarebytes since the Premium version would have stopped these threats and quarantined or blocked them from getting onto the system if its realtime protection was active which would prevent them from being detected by scans. It was done this way to illustrate without any doubt that the resident AV has had a chance to analyze and stop the threats being detected by Malwarebytes and to show that they just didn't and that the threat was able to get onto the system to the point where a Malwarebytes scan was able to detect it.
  18. Greetings, If you click on the Scan tab, if you see the first tab and it says Scan instead of Scan Type and shows something similar to the image below then you need to click on the Close X item as highlighted in the image in red and you should then see the normal 3 scan options again: Please let us know if that resolves the issue for you or not. Thanks
  19. No, actually that map/page excludes PUPs. If it did include PUPs the results would probably be several orders of magnitude larger than what is reflected. Only actual malware detections are included, and only detections from scans, nothing from any of the real-time protection components in Malwarebytes. With regards to MRG and other tests, you have to understand that they are using a specific set of handpicked samples versus the live real-time data being pulled from our heatmap which shows real world results based on live threat detections. It illustrates that results from a controlled test set of specific threats/threat types etc. isn't necessarily an accurate representation of how a product will perform in the real world against live threats and real world scenarios.
  20. Before you put too much stock in such tests, you might want to take a look at this, this and this. That second link shows live data in real-time that starts from the point you load the page (no historical/archived data) and only includes detections coming from Malwarebytes scans for detections that are actual malware (PUPs are excluded as are all real-time detections from Malwarebytes) from systems where a third party antivirus is active, meaning anything detected got past the antivirus completely and was then detected via a scan with Malwarebytes, which only uses Malwarebytes traditional threat signatures and basic heuristics algorithms (none of the newer, more advanced and more effective/more proactive signature-less components like Anti-Exploit, Anti-Ransomware and Web Protection etc.). With regards to you still being ranked as a "New Member", that's just because the software used for these forums (IPS) ranks all regular members as "New" until they reach a certain number of posts regardless of how long they've been a member. I understand that in many cases (including your own) it doesn't really make sense, but that's just how the forum software was programmed by its creators unfortunately. I don't recall how many posts are required for your rank to change, but I'm sure one of the Admins here can answer that if you really wish to know the specifics. Edit: Here's an example. I loaded the page while composing this message, and within the last few minutes that it took me to write it, I've already got the following results: Also keep in mind that statistically speaking, the number of users running each AV will impact the results so it isn't a 1:1 reference, just live data from real world systems and real world threats across systems around the world where scans are being performed with Malwarebytes.
  21. By the way, something for Thunderbird users (as I happen to be one myself): https://blog.mozilla.org/thunderbird/2018/05/efail-and-thunderbird/
  22. More info: https://motherboard.vice.com/en_us/article/3k4nd9/pgp-gpg-efail-vulnerability https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now https://www.eff.org/deeplinks/2018/05/not-so-pretty-what-you-need-know-about-e-fail-and-pgp-flaw-0 https://efail.de/ In a nutshell, common implementations of PGP in many email clients have been compromised by this vulnerability and if anyone is able to get copies of your email messages (the encrypted copies stored in your email client or online in the servers that keep their backups etc.) then they may be able to trick your email client into decrypting them and sending the decrypted content directly to them as though they were you reading your own messages. This means the could potentially gain access to your messages without necessarily needing to crack your password or other security measures required to access and read your email.
  23. In addition to the default, can you also try disabling just the Ransomware Protection component (right-click the Malwarebytes tray icon and click Ransomware Protection: On then click Yes to the User Account Control prompt) to see if that eliminates the issue? I'm tracking issues with this component and want to see if this case is related. Thanks
  24. You're welcome Yep, they do plan to release a version for Edge; more info on that here, though most likely not Internet Explorer since it's such a different browser and doesn't support the same kind of plugin structure/capabilities etc. that the other browsers do the way that Edge does (refer to the info in my own post in that thread to see what I'm referring to; Microsoft made it really easy to port over plugins from Chrome to Edge deliberately). Internet Explorer on the other hand uses the older, more proprietary ActiveX format which isn't widely used or supported any more, and eventually MS themselves won't be supporting any versions of IE either, probably sometime after Windows 7 is retired since it's the last OS to include IE without including Edge which is due to happen in 2020.
  25. Sorry about that, I didn't realize it was the Support Tool that was crashing, I thought it was the Malwarebytes 3 installer. Thanks dcollins for posting the info about mb-check.exe.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.