Jump to content

exile360

Experts
  • Content Count

    24,328
  • Joined

  • Last visited

Everything posted by exile360

  1. I have a correction to make. I was mistaken in my statement that these notifications could not be controlled. They actually can, however they are located under a separate setting. Please refer to the settings highlighted/circled in RED in the following image: If you disable the first setting, program updates/upgrades will not be downloaded at all. If you disable the second, you will not receive notifications when those types of updates/upgrades are available so you may disable those notifications at will, or permanently if you see fit to do so. I apologize for the confusion, for some reason I had it in my head that these were unconfigurable as the notifications upon completion of a scan are (those still cannot be disabled as far as I know, even if nothing is detected).
  2. Greetings, In addition to the info requested by Firefox above, you might also test by disabling the Web Protection component alone in Malwarebytes 3 (leave its service enabled at startup, allow it to run, then right-click on the Malwarebytes tray icon and click Web Protection: On and then click Yes to the User Account Control prompt) then test to see if the websites work correctly and let us know how that goes, as that will help to isolate the exact cause of the issue if it turns out that disabling Web Protection resolves it.
  3. Just to add a bit to what the others have already provided; if you are using Chrome (or any other Chromium source based browser like SRWare Iron etc.) or Firefox, you can install the Malwarebytes browser extension beta so that you'll at least still have Malwarebytes web filtering for your internet browser (the most commonly targeted program by malicious sites/servers by far) as it uses the same databases as the Web Protection component in Malwarebytes 3 does, and even adds capabilities that Malwarebytes 3 doesn't have such as behavior based detection/blocking of certain types of malicious sites even if those specific sites/servers aren't yet in the Malwarebytes web databases, including tech support scam sites (lockscreen "you're infected" type pages that try to convince you that you need to call their number for support), phishing sites, clickbait links/ads, and even blocks some categories of sites not covered at all by Malwarebytes 3 such as many ads (not just malvertisements) as well as many tracking servers to protect your privacy (a category not currently covered by Malwarebytes 3). The only downside is that it only works to shield your browser, unlike the Web Protection component which will block all connections to/from your PC for all programs/your entire network connection, but it's still very useful and I highly recommend it whether you're able to keep Web Protection turned off or not (it's also designed to work in tandem with Web Protection in Malwarebytes 3 when both are installed and active). Links to the betas for each browser can be found in my signature at the bottom of this post, but I'm also including them below in case my signature changes at some point or isn't visible for any reason: Chrome Firefox
  4. Greetings, While it is true what Firefox says regarding using the Quit function in the tray (and in fact, this is the only way to cleanly terminate all of Malwarebytes background processes/services etc. as even disabling all protection components individually still leaves several of these running), it is also unfortunately true that there's no way that Malwarebytes can know why it is unable to connect to a server when it attempts to do so, which is why the message is displayed when offline. Were it being blocked by a firewall, a DNS hijacking Trojan, or just a disconnected cable, the result is the same so it simply reports its status as an alert so that you are made aware of the issue in case it is something that you are able to troubleshoot/correct should you need to use the software (i.e. for updating/scanning etc., as well as any of the features which rely on web access to function such as cloud features which it has in some of its components for both scanning and protection). I understand that this doesn't alleviate the problem, however I'm simply trying to explain why it happens and the logic behind having it do so. And again, as Firefox mentioned above, once you quit Malwarebytes via the tray's Quit Malwarebytes function, it takes all of Malwarebytes components out of memory (including all processes/services you can see in Task Manager, as well as drivers and DLLs which are also loaded into memory as well as some being loaded into other processes/threads that you can't see) so for offline gaming, if you want the best performance possible, this really is your best option. In fact, many AV/AM products these days don't even offer such an option to completely terminate all of their modules/components/processes from memory, so having this ability is very useful for users such as yourself who want the highest level of control to free up all resources possible for offline gaming (something I myself used to do quite frequently, and I'd kill my connection and security apps in the same way, including Malwarebytes).
  5. CORRECTION: while I still fully stand by my assessment and opinions stated below, I realized that you can actually control whether or not notifications for available program updates/upgrades are displayed, although it is under a separate setting from the other/standard notifications. Please refer to the image in my response here and I apologize for any confusion I might have caused with my error. Greetings, While I am inclined to agree with the vast majority of your sentiments, I do have to disagree on one point, however that is primarily because of my experience as a former Malwarebytes employee so I have first-hand internal knowledge of how things are done with regards to new program iterations and the emphasis on development of new detection and protection capabilities that the company has and how those changes come about and affect all versions of the software after their release. The thing is, the vast majority of changes that take place in the software with regards to engine modifications for the scanning components, enhancements to any of the protection components for the Premium version and database syntax changes that may take place (which are pretty much never backwards compatible with older versions because there's no way they could be without an updated interpreter to read/understand them, i.e. a new scan/protection detection engine) are requested directly by the Malwarebytes Research team as a way of targeting new threats and/or attack methods that the previous versions could not, or methods of making detection of known threats that it can deal with already more efficient to cover more known and unknown threats (i.e. heuristics and the like) and once a new version with such an enhancement is rolled out, the Research team generally transitions over to using the new syntax/capabilities very rapidly (which makes sense since they specifically requested those features to allow them to do a better job at killing more threats) so users of older versions of the software, even if only out of date by a single minor Component Update, often end up with a less capable product for protecting their system and detecting threats than the latest one released (even when the same versions of the databases are installed, again, because the older engine cannot read/understand any new syntax/methods so it is designed to ignore the parts it can't read to avoid false positives and errors). Obviously it is your choice, and again I totally get wanting the software just to be quiet and do its job so that you can go about the business of using your PC for your own purposes, be they for work, play, homework/school or anything else so the last thing you want is some chatty/nagging software constantly getting in your face with alerts about one thing or another. It's just my opinion, again based on my first-hand knowledge having worked on the product myself for many years in the past, that alerts about updates/upgrades really should not be ignored. In fact, I typically will myself check for new program updates manually on a regular basis (accomplished by launching Malwarebytes and visiting the Settings>Application tab and clicking on the Install Application Updates button as the methods of checking for database updates found in the Dashboard and tray's right-click context menu are not guaranteed to offer/download these updates/upgrades, but that particular button in that tab overrides that and forces it to check for/download any existing program updates). I usually do so at least once a month, often on Patch Tuesday when I perform other maintenance update related tasks such as installing any new Microsoft/Windows Updates and Adobe Flash (also usually updated by Adobe on Patch Tuesday to coincide with Microsoft's regular monthly patching schedule) and I take that as a reminder to go ahead and update any other critical apps such as my anti-malware software, Adobe Reader, my browsers and other security related or frequently targeted (by exploits and the like) web-facing apps that might need an update. Again, it is your system and I agree that you should be able to run it as you see fit, which includes, if you so desire, the ability to silence any specific notifications and types of notifications from your anti-malware software regardless of my or anyone else's personal preferences, habits or recommendations. The ability to have more granular control over notifications is something that has been requested more than once and it is in the backlogs for their list of things to do in the future, however it's obviously not the highest priority compared to certain other key items, and likely is awaiting the next major UI change at least as it would be a pretty extensive modification to allow that level of control and customization so I cannot say that it will necessarily be implemented very soon, but I do believe that it will be corrected at some point. I'm sorry that I cannot offer anything more concrete, however please know that your request is not being ignored; it's just a matter of priorities and compiling specific features into the product when they make sense (i.e. when they've embarked on the task of doing a new UI overhaul for the product, likely to coincide with a major version update like a hypothetical "4.0" or at the very least a "3.6" etc.). I hope this admittedly lengthy reply has been at least a little helpful, if not informative, and thanks for the feedback, it will be reported to the Product team (hopefully to impact, at least slightly, the prioritization of this feature for when the appropriate time/release does come to be worked on by the team).
  6. Greetings, You may find the information found here as well as here and in this article to be helpful, at least regarding this specific detection. While the Researchers have added details on many detections in the Malwarebytes database to the online threat database, they have not had the time or resources to add them all. For any other PUP detection it can be useful to familiarize yourself with the criteria Malwarebytes uses for determining when something is PUP which can be found here. You can also deduce common patterns with regards to various types of software that might be targeted as PUP by Malwarebytes by searching the term "PUP" in their online threat database found here. Often times the vendor names alone will be sufficient to clue you in as to the purpose of detection for other similar apps (for example, PUP.Optional.PCOptimizerPro, PUP.Optional.CosmosSystemCare, PUP.Optional.SuperCleanup, PUP.Optional.DriverPack, PUP.Optional.DriverToolkit, PUP.Optional.SlimCleanerPlus, PUP.Optional.PerfectRegistry, PUP.Optional.GlobalSystemMechanic, PUP.Optional.DriverSupport, PUP.Optional.DriverTuner, PUP.Optional.DriverUpdate; as you can likely deduce, driver updaters and registry cleaners/optimizers are frequently detected as PUP). As for the logic behind detecting these types of applications, a bit of info from outside Malwarebytes: https://decentsecurity.com/#/registry-cleaners/ https://support.microsoft.com/en-us/help/2563254/microsoft-support-policy-for-the-use-of-registry-cleaning-utilities https://www.howtogeek.com/171633/why-using-a-registry-cleaner-wont-speed-up-your-pc-or-fix-crashes/ https://www.howtogeek.com/162683/pc-cleaning-apps-are-a-scam-heres-why-and-how-to-speed-up-your-pc/ https://lifehacker.com/5482701/whats-the-registry-should-i-clean-it-and-whats-the-point https://lifehacker.com/5033518/debunking-common-windows-performance-tweaking-myths http://www.tomshardware.com/answers/id-1857635/good-free-automatic-driver-updater.html There are many such tools out there, yet if you investigate you'll find that the vast majority are made by companies who have a lot in common with one another and don't share space with prominent first tier software or security tool vendors (the likes of most of those listed on VirusTotal for example or mentioned frequently by the likes of Gartner in their quarterly reports about the status of the various areas of the security industry). When you look into many of them you will find that they are small marketing machines relying more on things like SEO and aggressive affiliate sales, aggressive and/or deceptive advertising practices (and often bundled installers with other more reputable/desirable apps) to generate downloads/sales and outside of their own sites and those of paid affiliates, you seldom find many (if any) actual users singing their praises (for example on tech forums and tech sites like WildersSecurity, BleepingComputer, TomsHardware, MajorGeeks, LifeHacker, Microsoft Technet etc.). In fact, usually the only sites where you might find anything positive said about such tools are sites where they are incentivized to generate downloads and/or sales of said tools/products (again, like affiliates and the like where they gain profit by convincing you to download/install/purchase said tool). On the other hand, you'll frequently find large numbers of individuals naming specific tools/utilities/apps that they hold in high regard or that they recommend across all these sites/forums even though they have nothing to gain in doing so. Likewise, you'll frequently find tools like driver updaters, registry cleaners and system performance optimizers decried as snake oil and the like by both tech folk and individuals and frequent recommendations against their use or at the very least proclamations that they are of little or no real value to improving the working status or performance of a PC. In fact, to date I know of no independent testing performed by anyone that showed that any of these kinds of tools have ever done anything to improve the performance of a system in any measurable way, be it system boot time, application loading time, internet download/upload speed or any other performance metric that can be objectively measured. Considering that these types of utilities have existed for decades and yet no such data exists, I believe that says something about the incredible claims made by most of these vendors producing these kinds of "tools". With regard to "fixing" PCs, again, I've never seen any evidence where someone had an actual issue that was fixed by running one of these utilities. I have seen actual specific repairs and tools designed to correct specific issues do so, but never any of these general "error fixing", "system optimizing", "registry curing" utilities being so aggressively advertised which make such claims. I'll give you an example. If you take a look at Tweaking.com's Windows Repair or even their Simple/Advanced System Tweaker utility, all of them contain tons of actual specific fixes/tweaks which are known to serve specific functions and purposes. They do not simply attempt to "scan" the entire registry and search for "errors" and then claim to fix them (when in fact, what those other apps are doing is simply looking for orphaned registry values which point to files no longer on disk, something that serves no real purpose for fixing any actual PC/OS issues). They have specific fixes for specific issues and specific tweaks with specific functions. I am not advocating their use, so don't misinterpret this as some kind of endorsement, but what I am saying is that they have created tools that have compiled specific known functions into a single application rather than putting together a simple scanner and claiming it to be a fix-all solution for every PC problem under the sun. If Microsoft themselves are not able to create such an application when it is their code that the operating system runs on, how can all of these other vendors have done so? I am skeptical to say the least. It is your system and what you choose to run on it or not is your business, so if you do not agree with my assessment that's fine, I won't argue. However, the reason these kinds of apps are detected as PUP by Malwarebytes I believe has been made clear. If you disagree, then simply perform a Threat scan with Malwarebytes, click the checkbox at the very top of the scan results screen to clear all of the checkboxes in the list and click Next, then when prompted on how to handle the remaining/unchecked items, click Ignore Always and they will be added to your Exclusions in Malwarebytes so that they are no longer detected.
  7. Oh, hehe, I was referring mainly to Spywareblaster and the FPs. I'm familiar with them because I've seen them before and have used Spywareblaster for so many years that I recognized the detections as soon as I saw them and knew what they were. I cited an example in the thread I linked to of an old app called PestPatrol that used to be one of my go-to tools long ago before Malwarebytes existed (it was made by eTrust/Computer Associates/CA). It used to detect those entries all the time for the same reason that ADWCleaner did, because it was looking for malicious sites being added to the trusted sites list for IE in the registry. I've seen other apps detect them as well over the years. It's just one of those things I've had a decent amount of experience dealing with, not unlike when a scanner detects my massive HOSTS file as a threat even though every entry is there to block malware, ads, scams, telemetry and trackers etc.
  8. You're welcome, I've been playing with these apps for a really long time so it's all old news to me, but I'm glad to share the knowledge
  9. Regarding the torrent trackers, that's because peer-to-peer apps like Bittorrent use a wide range of IP addresses, including many which are shared, some of which will contain malicious content so sometimes they are blocked. However, since connecting to those IPs through your Bittorrent client is harmless, you can exclude your Bittorrent client's process from Web Protection so that it is no longer blocked without sacrificing protection for your browser and other processes/programs. You can find more info about P2P blocks here and instructions for excluding a process from Web Protection can be found here. Just follow the instructions in the section under Exclude an Application that Connects to the Internet.
  10. If privacy is a concern you can delete the attachment and contact Support directly via the options on this page and they will assist you privately through email or direct chat that way you don't have to expose any info publicly (the logs will show user account names from Windows).
  11. Greetings, Currently only major version releases are published there, so to keep up to date it's a good idea to keep an eye on the top of this are as even the smaller Component Update releases are documented there (such as the recently released Component package version 1.0.391). The major program version is still 3.5.1, however the latest CU is 1.0.391 and you can check by looking in Malwarebytes under Settings>About: If you do not have the latest Component Update installed you may go to Settings>Application and click the Install Application Updates button and it should then download and install the latest version for you. I'd advise then rebooting your system (even if not prompted to do so) if you're using the Premium version so that the latest modules get loaded into memory (some of them, such as the Anti-Exploit component may be loaded into other processes/threads and therefore may not load the newer versions until a reboot occurs). If there is anything else we might assist you with please let us know. Thanks
  12. Yes, it's been around for several years now and was recently acquired by Malwarebytes in 2016 (they also acquired JRT [Junkware Removal Tool] around that time as well) and they updated the look to make it fit in with Malwarebytes' other products and tools. The FP issue is a recent development that started with version 7.2.2 which was released earlier this week. The Developer is aware of the issue and should have it corrected soon. Unfortunately it's not uncommon for Spywareblaster to trigger such detections and as a longtime Spywareblaster/Spybot S&D user myself, I've seen plenty of apps that detected the entries they create unfortunately, primarily due to the fact that some threats will add such sites to the trusted sites list for IE in the registry which uses the exact same keys/structure as the entries created by Spywareblaster and Spybot to place them in the restricted zone (it's a difference of a value of 2 vs a value of 4, but many products just check for the presence of the sites in those keys at all to determine whether or not to detect them and that's where the FPs come from).
  13. They may have been false positives. There have recently been a couple of FP issues with certain registry detections in the latest version of ADWCleaner (build 7.2.2) including detections of entries created by Spywareblaster and Spybot Search & Destroy's Immunize function so if you've used either of those, that's likely where the detections came from and you should restore them from quarantine and then scan again and exclude them if this is the case. You can find more details about this issue in this thread.
  14. Greetings, Until these get fixed you should be able to exclude them via the recently added right-click Add to Exclusions List function (just right click on each detection and you should see it listed as an option) and they will no longer be detected in future scans.
  15. Greetings, I'm sorry the program isn't functioning properly, but hopefully we'll be able to correct the issue for you promptly. If you would, please do the following so that we can take a closer look at your installation as that will likely give us a clue as to what might be causing the problem: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced Options on the main page (not Get Started) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Thanks
  16. Greetings, It appears that Malwarebytes is deliberately detecting this application, however it is not identified as a threat, it is a PUP (Potentially Unwanted Program), which is a subjective rating given to various types of applications which Malwarebytes deems potentially undesirable by users. More often than not, when a registry related application is detected as PUP it is because it either includes a "registry cleaner" or "system optimizer". You can find out more about this classification here as well as here and here. If you do not want Malwarebytes to detect the program then just perform another Threat scan and once it completes, click on the checkbox at the top of the results list and that will clear all of the checkboxes for all of the detections, then click Next. You will then receive a prompt asking what to do with the remaining unchecked items, simply click Ignore Always and that will add all of the entries to Malwarebytes exclusions list so that they are no longer detected by future scans or real-time protection. If there is anything else we might assist you with please don't hesitate to ask. Thanks
  17. Excellent, I'm glad to hear it I figured that would work, but I wasn't certain, though it has been my experience that most Microsoft apps tend to retain their settings when you reinstall or upgrade them, so it was a pretty safe bet.
  18. It's not so much that Malwarebytes removes the EXE (there would be a copy in quarantine if it had removed it) as it is that Malwarebytes interrupted the upgrade process so that after OneDrive's installer had already removed the old version, Malwarebytes interrupted the installer before the new version could be created on disk (the scenario appears to be something like OneDrive update installer is downloaded and launches>Uninstalls existing/previous build of OneDrive with the intention of installing the new version in its place>Malwarebytes interrupts the install of the new version (preventing the new version from being installed, resulting in the main EXE no longer being present)). It should be possible to just reinstall OneDrive and it should hopefully retain its settings (though you might want to check with Microsoft Support on that to verify) because in theory that should be no different than an upgrade install (which as I mentioned, removes the previous version prior to installing the new one anyway) and its settings should be stored in the registry so they shouldn't get wiped out by reinstalling it. Just make sure that if you do try this that if there is any option in the installer to perform any kind of "clean" install, that you opt out of it so that it retains your existing settings. In fact, you can probably check on the status of its settings by looking in the registry under the HKLM\Software\Microsoft\OneDrive and/or HKCU\Software\Microsoft\OneDrive keys as one or both would be the most likely places for its settings to be stored, though again you can check with Microsoft to verify and they should be able to point you to the correct area for its settings.
  19. Greetings Sat, My apologies that no one responded to you sooner, but if you still require assistance with this then please read and follow the instructions in this topic and then create a new thread in the malware removal area including the requested logs and information by clicking here and one of our malware removal specialists will assist you in checking and cleaning your system.
  20. OK, go ahead and post a fresh debug log and a new set of diagnostic logs using the Support Tool I linked to in my previous post so that we can take a look at what's going on. Also, can you try running it in Safe Mode with Networking to see if it works there? Please let us know how it goes and post back with the requested info and logs. Thanks
  21. By the way, I noticed in the images you posted that you're running an older version of Malwarebytes. Please open Malwarebytes and navigate to Settings>Application and click on the Install Application Updates button. It should then download and install the latest Component Update 1.0.391 (the images you posted show CU 1.0.374). Once that is complete, you can verify it under Settings>About where it should show Component package version: 1.0.391. After that, restart the system to make sure the new components are loaded into memory.
  22. Thanks for letting me know, and no problem at all, I'm just glad we were able to get the issue resolved. If you require anything else in the future please don't hesitate to let us know. Thanks
  23. Also, please verify that you are running the latest version of Malwarebytes 3. Open Malwarebytes and go to Settings>About and you should see the same version numbers listed in the below image: If you do not have the same versions, navigate to the Application tab and click on the Install Application Updates button and it should then proceed to download and install the latest build. Once that completes, restart the system and perform another scan to see if the issue still remains. Please let me know how it goes. Thanks
  24. Greetings, Please download the latest version of ADWCleaner, version 7.2.2 from here and let me know if you are still seeing the detection issue. Thanks
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.