Jump to content

exile360

Experts
  • Content Count

    26,287
  • Joined

  • Last visited

Everything posted by exile360

  1. You're welcome, and please keep us posted on how it goes and let us know if you have any questions.
  2. It could also be that there's another issue with your system preventing it, possibly the same thing preventing the anti-exploit driver from loading though I'm really not sure.
  3. Greetings, It's likely due to the fact that the current version is no longer officially supported on Windows XP but I don't know for sure and don't have an XP system to test with at the moment unfortunately. This is a direct quote from the official Process Monitor page on Microsoft's website:
  4. It was a minor update to address an issue with licensing. You can find the details in this post.
  5. Greetings, It's possible that your browser has some kind of PUP (Potentially Unwanted Program) installed such as a plugin or extension causing Chrome to connect to unwanted sites. To check, please open Malwarebytes and click on the Scan Now button to allow it to scan your system, then have it remove anything it detects and allow it to restart your system if prompted to do so to complete the removal process. If the issue still persists or Malwarebytes didn't find anything then please run ADWCleaner and likewise have it scan your system and have it remove anything it detects, restarting your system if prompted to do so. Once that's done, if the problem still remains then please read and follow the instructions in this topic and then create a new topic in the malware removal area including the requested logs and information by clicking here and one of our malware removal specialists will assist you in checking your system and browser for any threats and help you to remove them. Please let us know if there is anything else we might assist you with. Thanks
  6. You can also install the Malwarebytes browser extension if you use Chrome (or another Chromium based browser like SRWare Iron or Vivaldi) or Mozilla Firefox. It contains the same block database as the Web Protection component in Malwarebytes 3 and also includes some additional functions such as ad blocking, anti-phishing, clickbait site blocking as well as behavioral blocking for certain common threats like tech support scam sites and fake/PUP browser plugin sites. It's compatible with Malwarebytes 3 so once this issue is resolved you can continue using it. Its only limitation is that it only guards your browser rather than your entire system the way that Malwarebytes 3 does. You can find out more and download it at the following links: Chrome Firefox
  7. I believe the OP is asking if, since ASLR is a feature implemented starting in Windows Vista by Microsoft and didn't exist in Windows XP, is there any point to this setting/function in Malwarebytes Anti-Exploit when running on Windows XP, and I believe the answer is "no" since there is no system default ASLR to be enforced, at least if I am understanding Malwarebytes' implementation of this feature correctly in that I believe, just as with their DEP enforcement feature, it relies on the system's in-built functionality to work and simply augments/enforces the system's function as implemented by Microsoft in Windows. For reference: https://en.wikipedia.org/wiki/Address_space_layout_randomization#Microsoft_Windows
  8. I switched back to my previous configuration since I get less performance issues that way (not to mention faster startup and fewer/no errors) so I've got Web Protection on again, Ransomware Protection off and self-protection off (though I don't think that module is related to the issues, I just see no point in it since I don't expect to get infected).
  9. It most likely is pretty normal depending on what you're doing at the time since the various protection components will talk to the cloud while doing their work such as the Web Protection component while browsing and the Machine Learning/anomaly detection component I mentioned which will analyze any new/unknown process it doesn't recognize leveraging the cloud to determine if it's malicious and to help train the module/system further for improving its classification/detection capabilities.
  10. Aha, that explains it. Well done I guess Windows Defender turned itself on once the other AV was removed and must have enabled that feature (Malwarebytes can't touch Windows Defenders' settings, but Defender does sort of have a mind of its own, especially when it thinks its the only protection on the PC).
  11. OK, thanks. Have you tried disabling the other protection components individually to see if that makes a difference? If that doesn't help then you might try disabling the self-protection component by opening Malwarebytes and navigating to Settings>Protection and toggling the Enable self-protection module setting to Off under Startup Options as that could also be the issue. Please let us know how it goes in your testing, both for the protection components and for uninstalling. Thanks
  12. Awesome, I'm glad to hear it. Please let us know if there's anything else we can assist you with in the future. Thanks
  13. Awesome, thanks, I'm sure this info will prove useful Hopefully they'll be able to figure out what's causing this and get it fixed quickly.
  14. The closest thing (besides the add-ons/extensions/plugins David mentioned above, which are quite common (also beware of fake "Flash Player" updates and similar scams and only download known valid plugins/updates from their original sources) would be exploits, which are essentially malicious scripts that run inside web browsers and often attempt to exploit a known vulnerability within the browser or one of the legitimate plugins you might have installed (such as Flash Player, Adobe Reader, Java etc.), however the Exploit Protection in Malwarebytes Premium is very good at stopping these kinds of 'drive-by' attacks as they are often called because it does not rely on any sort of signatures and instead looks at exploit behavior to generically block any exploit attacks in their tracks before they can do any harm to your system (including preventing them from downloading and executing any files/installers etc.) and Malwarebytes is very good at detecting PUPs as well thanks to Malwarebytes' aggressive stance on PUPs, which is much more aggressive than most other security vendors. I would also recommend the Malwarebytes browser extension beta as it is very good at stopping online scams such as tech support scam sites and many of the common types of fake/PUP browser plugin sites that try to convince you to install browser extensions that you shouldn't by making them appear to be legitimate updates for things like Flash etc. as I mentioned before. The extension is free so you don't need to wait to afford it; you can install it right now and put it to work at helping to protect your system. You can find out more and download the Malwarebytes browser extension beta at the following links; it is available for both Google Chrome (as well as other Chromium based browsers such as SRWare Iron and Vivaldi) as well as Mozilla Firefox: Chrome Firefox
  15. He asked for a screenshot of Event Viewer but I don't believe you ever provided it, and besides, that tool I posted above will collect much more than just those particular events so it could be far more helpful diagnostically speaking. You can take your time and do it whenever you have a free moment. You don't need to interrupt anything important for this. I'm just trying to help get the problem figured out and solved.
  16. So after testing for a while with Web Protection disabled and Ransomware Protection disabled, here are my findings: Installed .NET monthly preview update, a def update for MSE and an update for Silverlight Rebooted and Malwarebytes took several minutes to start and prevented one of my system startup programs (Hotkey Control Center; a hardware control/overclocking app for Clevo laptops like mine) from starting I terminated Control Center via Task Manager and tried launching it again After around 30 seconds it finally launched at the same time the Malwarebytes tray icon showed up It looks like Malwarebytes was having trouble starting and was preventing Control Center from launching; this is an issue I've never encountered before today (not coincidentally I have Ransomware Protection enabled and Web Protection disabled where I usually have it the other way around with Ransomware disabled and Web Protection enabled) and experienced no issues whatsoever running the system with Malwarebytes configured that way. I also keep self-protection disabled though I don't know if that is related or not. I replicated the issue by shutting down and later starting my system again. This time I waited and after Control Center threw an error that the system needed to be restarted for it to run, I created dump files of its process as well as MBAMService.exe (mbamtray wasn't running yet) After waiting for a few minutes mbamtray finally loaded along with Control Center (again, simultaneously as before) with the tray icon showing up at the same time as the Control Center UI Dumps were too large for the forums so I've uploaded them here. I'm glad I didn't have to force the system to shut down, but obviously it's still not ideal. I also noticed that every time I'm shutting down the system MBAMService takes much longer when Ransomware Protection is enabled to shut down (I have verbose shutdown/logoff/logon messaging enabled so I see it taking longer than usual during the Malwarebytes service shutting down phase).
  17. Nope, not really. It just prints out the last few of them to one of its logs. The tool I posted above is much more comprehensive. It also may prove helpful to have Malwarebytes output its verbose logs when the issue is occurring to see if it reveals anything helpful. To enable it, open Malwarebytes and navigate to Settings>Application and toggle the option under Event Log Data to On then restart the system and wait for at least one crash to occur, then run the Malwarebytes Support Tool again to have it gather the logs then attach the archive to your next reply: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply I'm hoping that it will be able to log more details about what's going on with the service/drivers etc. when the crash is happening which might help the Devs in figuring out the cause and possibly help LiquidTension as well in troubleshooting further.
  18. OK, thanks. It might help to get some of the Event Viewer logs just in case there's one or more related issues happening as it might give them a clue as to what might be causing this so please do the following if you wouldn't mind; this tool will grab some of your most recent Event Viewer logs: Post Event Logs: Please download VEW by Vino Rosso from here and save it to your desktop Right-click the file and select Run as administrator and click Continue or Allow at the User Account Control Prompt. Click the check boxes next to Application and System located under Select log to query on the upper left Under Select type to list on the right, click the boxes next to Error, Warning, and Critical (not XP) Under Number or date of events select Number of events and type 20 in the box next to 1 to 20 and click Run Once it finishes it will display a log file in notepad Please copy and paste its entire contents into your next reply, or if you prefer you may save the text file to a convenient location and zip and attach it instead Thanks
  19. You're welcome Nope, since you disabled telemetry, the only kind of checking in it should do would be for licensing/subscription validation, database updates, product version updates/upgrades, and of course all the cloud/AI detection stuff I mentioned. If there's anything else we might assist you with please don't hesitate to ask. Thanks
  20. It's likely traffic from the cloud component in Malwarebytes which is a part of the new heuristics/Machine Learning/anomaly detection engine which was added to Malwarebytes 3 a while back. You may find the information in this support article to be of use. Also, at least as far as I know, the amazonaws and cloudfront addresses are both parts of the CDNs (Content Delivery Networks) used by Malwarebytes for hosting databases and program updates and are likely also the same systems/servers/connections used for the cloud components I mentioned. That's just my hypothesis though, so someone from the staff may need to respond with more detail/confirmation.
  21. Yep, I just wanted to make sure just in case. Did you try disabling Ransomware Protection alone to test/verify that it's the component causing the issue?
  22. Also, please make certain that fast startup is disabled, otherwise that could also potentially cause this behavior as it may be keeping the service in memory since it prevents the system from fully shutting down. You can find out more and find instructions on how to disable fast startup here and here. This feature has been known to cause issues with Malwarebytes as well as many other programs as well as some hardware drivers due to Microsoft's implementation of the feature.
  23. It sounds like it's probably the Ransomware Protection component interfering with it based on your description. That module isn't nearly as proactive as the other components in Malwarebytes and rather than attempting to prevent infection, simply monitors process and file activities in memory and on disk to look for ransomware infections that have already infected the system to stop them, hopefully before your files get encrypted. Considering the fact that virtually all ransomware infections get onto systems through the use of exploits, the far more proactive Exploit Protection and Web Protection components (not to mention the Malware Protection component) are far more likely to stop any such attacks before they ever get to the point where the actual ransomware is downloaded and installed/executed on your system so you may safely disable it without greatly increasing your risk of infection. In fact, I've kept that module disabled almost entirely since it was first integrated into Malwarebytes (due to past performance issues with that module; though most of those have now been resolved, and because I trust the other components to keep my system safe) so if necessary, you should be OK disabling it while using your program, assuming that module is in fact the cause of the issue. You can also try excluding the program folder for your music application from Malwarebytes using the Exclude a File or Folder option and leaving the default option selected which excludes it from detection by all of the modules (which I believe you already did) and you can add the folder it is using for temp files to your exclusions, but for that one just select the Exclude from detection as ransomware only to see if that helps. It may be necessary to also exclude the data folder used by the music application which is likely located somewhere under C:\ProgramData or under C:\Users\Your Username\Application Data or possibly both.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.