exile360

Yes, unfortunately without more details there really isn't much to go on, but my suspicion is that either it is as I suggested that the threat had done some damage at some point, or possibly it could have even been an underlying issue with the system that was already present but only manifested once put through the process of scanning/removing the threats with ADWCleaner (for instance some kind of problem with corrupt disk sectors or something similar, though again, this too is merely speculation). Yes, FileHippo is a legit site. I refer users to it often whenever one seeks an older build of Malwarebytes as they keep a long running archive of past software versions for the programs they host. If you are able to get into contact with your friend it might shed light on the situation if he were to run the following tool and submit the resulting ZIP file containing logs that it gathers to Support for analysis; though honestly after the OS has been reinstalled there is not likely to be any evidence of whatever caused the issue anyway so it might not be worth it, but in case your friend is interested in doing so here are the instructions: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply

It's most likely just a leftover trace. Conduit is a very old threat so if it was ever active on the system, it's probably long since been removed and ADWCleaner is just detecting the leftovers.

I did a quick search and I came across this topic on Tom's where they were saying that a file called C:\END belongs to Conduit which is a well known PUP (Conduit Toolbar, a search hijacker essentially) and I suspect that's why this is being detected, most likely via a heuristics signature designed to target that threat. Only Research would know for sure though.

Greetings, From the sound of it there was most likely either some kind of infection that damaged the system in the process of either trying to prevent itself from being removed or that damaged the system during removal (such as corruption of the registry; a definite possibility). Such occurrences, while rare, unfortunately do happen which is why it's very important to prevent threats as much as possible and to keep regular backups of important data. Obviously without analyzing an image of the system no one can say for certain precisely what went wrong or what caused the issue, so this is just my speculation based on your description, however if incidents like this were common we'd have far more users complaining about it as ADWCleaner and Malwarebytes other tools and products are used every day by millions of people around the world and I assure you that if something like this were at all common, the tool would be pulled for analysis and correction immediately because the last thing anyone at Malwarebytes wants is for their users to suffer issues like this. If you are able to gather any more data about the incident please don't hesitate to either post it here or if you prefer to keep it private, contact Malwarebytes Support directly to submit it. They may be contacted via the form on the bottom of this page if you do decide to contact them.

You'll probably need to contact Malwarebytes Support directly to get any discounts/bundled pricing. To do so, please use the form on the bottom of this page. If there's anything else we might assist you with please don't hesitate to let us know. Thanks

It depends on the type of license. The lifetime licenses were always just for a single device, while some of the yearly subscription licenses are for 3 devices (in fact when Malwarebytes first went to a subscription licensing model, all of the subscription licenses were initially for 3 devices; they later changed it to allow users to purchase single device licenses for a lower price).

You may be able to fix the Windows Defender issue by changing a setting in Malwarebytes. Open Malwarebytes and navigate to Settings>Application and under Windows Action Center select the option Never register Malwarebytes in the Windows Action Center then reboot your system and you should have both Malwarebytes and Windows Defender fully functional.

It depends on when the update went out, but usually it shouldn't take too long. That said, if you still see the site being blocked even well after it's been whitelisted/removed from the database then it could be an issue with your browser or system cache such as the DNS cache or website history needing to be cleared. You can do this manually or through a tool such as CCleaner. If after that the block still persists then try restarting the system, but generally clearing the cache does the job.

Greetings, Please read and follow the instructions in this topic and then create a new topic in the malware removal area including the requested logs and information by clicking here and one of our malware removal specialists will assist you in checking and clearing the system of any threats as soon as one is available.

Yes unfortunately you cannot manually exclude registry entries in the consumer version, however you can exclude a registry item easily from a scan. Just perform a scan so that the registry item is detected then uncheck the checkbox next to the detection and click Next then when prompted on what to do with the remaining detection select the option to always ignore the item and it will be added to your exclusions so that it is no longer detected in future scans.

Greetings, Please read and follow the instructions in this topic and then create a new topic in the malware removal area including the requested logs and information by clicking here and one of our malware removal specialists will assist you as soon as one is available in checking and clearing your system of any threats. It definitely sounds like something may be on your system causing these repeated infections/detections and they should be able to help you to get the issue sorted out and your system cleaned up.

I'd suggest going ahead and contacting Support directly to deal with this. I definitely don't want you to have to go without your protection any longer if possible. Please fill out the form on the bottom of this page to submit a support ticket and they will be able to look up your license info and get everything reset so that you can activate it again on your system.

Yeah, it's definitely a hassle, but hopefully it will pay off in the long run. The upgrades really are worth it though, as I have been watching since version 3.0 was first released and I've observed all of the issues/bugs that have come up and seen first-hand how the product has become more stable with each release, including this most recent one (though obviously this issue is a nuisance for those affected by it; though of course I could be wrong about that and it may in fact just be coincidence and reinstalling it a set number of times just causes it to reach the limit for the number of devices/activations, even if done on the same system, though this too is just speculation on my part as it is only a possibility). Anyway, I do hope you are able to get it working properly again, but please let us know if you still have any problems and we'll do our best to help.

I'm glad you were able to resolve the issue. If there is anything else we might assist you with please don't hesitate to let us know. Thanks

You can sign up at My.Malwarebytes.com using your current email address and use the option there to add a license key and it should add that lifetime license to that account so that you can manage it. Once that's done you should be able to use the Deactivate all function to reset the number of installations/activations so that you can get it activated on your system once more. The links in my post above provide all the details on how to do this. If you still have trouble or would rather have Support reset the key for you then you may either wait for @LiquidTension to return or you may contact Malwarebytes Support directly via the last link in my post above and they will be able to take care of it for you. I suspect that the reason for this issue is due to recent changes in the license activation system on the backend in the most recent version of Malwarebytes though I haven't heard anything official from anyone within the company so that's just my personal speculation based on my own observations recently.

Sure, no problem. You're free to leave it enabled if you wish, however I'd suggest at least testing disabling it once to see if that is even the cause of the problem or not as it may not be, so it would be good just to eliminate that as one of the potential causes.

Yes, it appears that toolslib.net (the host for ADWCleaner) is having server issues. I tried several downloads on their site and all of them came up with the same error. I will be sure to report this to the team.

By the way, while I have no samples, I did find the following removal guides from the Malware Removal Self-Help Guides section of the forums here that mention fake Flash Player plugins/updates that you may find useful in your research: Removal instructions for Search Manager Removal instructions for Taskhostw Miner

Greetings, Not that I know of unfortunately as the primary focus of Malwarebytes is generally on the latest threats still found in the wild/still infecting/attacking systems, not on long dead/inactive samples and threats. The sharing of samples is against the rules here unless you are a member of one of the authorized groups with access (downloads of attachments in the Research Center where samples are uploaded for analysis and addition to Malwarebytes' threat databases are prevented unless you are a member of one of those authorized groups). If you are an independent threat researcher familiar with the safe handling of malware and the means to hunt down new unknown samples then you might consider participating in sample submission in the Malwarebytes Research Center and once you have submitted enough new/previously unknown samples they will make you a member of the Malware Hunters group and will be granted access to download the samples submitted by others. It is done this way to protect users who are here for help from accidentally downloading and infecting themselves with any of the threats submitted to Research for detection. I hope that answers your questions, and if there is anything else we might assist you with please don't hesitate to let us know. Thanks

Greetings, Those detections are generic PUM (Potentially Unwanted Modification) signatures that will generally target things like policy restrictions and default system settings alterations which are frequently made by malware as a part of their attacks such as restricting access to certain system tools (i.e. regedit, Task Manager etc.) or to attempt to prevent security applications (like Malwarebytes) from running. In this particular case, those detections represent changes to the default file associations for the file extensions/file types listed, which, at least according to the image are for .exe, .bat, .com, .pif, .scr and .reg files, all of which are executable file types and/or scripts. I suspect that either your systems administrator has altered these settings, a tool such as System Mechanic or some other system settings 'tweaking' tool was used and these settings were changed for security reasons (breaking file associations for certain file types can prevent users from executing them should they be part of a malicious payload, for example opening a .reg or .bat file with notepad rather than the command prompt or registry editor), or an actual malware infection has modified/broken these file associations. You can find out more about PUM detections along with further examples in the following Malwarebytes Support articles: PUP and PUM FAQs for Endpoint Security customers PUM detection definition and recommended approach Group Policy registry keys detected as PUMs in Endpoint Security If you suspect that the system may be infected then please contact Malwarebytes Business Support directly via the form on the bottom of this page and a member of Support will get into contact with you via email as soon as possible to assist you. I hope this helps, and if there is anything else we might assist you with please don't hesitate to let us know. Thanks

Yep, looks good to me. Now hopefully they'll be able to get these FPs corrected for good this time. I don't know how the internals of the engine/detections work, but it should theoretically be possible to simply whitelist any Zonemap\domains entries that contain a value data of 4 which refers to the restricted zone (since no actual threat would ever place its associated sites into the restricted zone, and instead would definitely configure them to the trusted zone which is zone 2, all of which is documented by Microsoft on this page).

Yep, that explains it, and I bet I'm right about why it launches too. It's probably just checking to determine if there is any media on the drive(s) to add to your library and when it sees that they are empty/no data, it exits automatically, and of course since Windows Media Player is one of the default shielded applications, each time it launches Malwarebytes displays the notification about it being shielded/protected.

Greetings, The Malwarebytes browser extension beta should work on mobile operating systems as long as the browser is compatible. You can learn more about it and find download links in the topics listed below: Chrome Firefox Also, specifically with regards to mobile operating systems, Malwarebytes does currently offer a version of its flagship product, Malwarebytes, both for Android and iOS depending on which operating system/type of smart phone you have. You can learn more about each version here and here and just like with the Windows version, aside from malware, Malwarebytes for mobile also specializes in targeting and preventing PUPs (adware, spyware and similar junk) much like ADWCleaner does. I hope that helps clarify things and if there is anything else we might assist you with please don't hesitate to let us know. Thanks

Greetings, While that definitely sounds odd, it could just be a matter of one of the default Windows behaviors occurring whenever a new storage device (like the card reader built into the printer) is plugged into the computer. I believe by default that Windows Media Player is configured for several autoplay functions related to removable media/devices like looking for and importing automatically any music and video files that might be present on those storage devices, so Windows may simply be monitoring and calling for that function in Windows Media player whenever those devices are added to or removed from the PC which causes the Windows Media Player process to execute in memory, thus causing Malwarebytes to display this message since Windows Media Player is one of the default shielded applications that it will inject its anti-exploit DLL into for the purpose of monitoring for malicious exploit activity and behaviors. In fact, I bet if you monitored Task Manager when attaching/removing your printer, that you'd see one of Windows Media Player's processes enter memory briefly each time that occurs (it will most likely start with wmp if you sort the list of processes by name). I hope that answers your question, but if not please let us know, and if there's anything else we might assist you with please don't hesitate to post again. Thanks

Thanks. You can go ahead and run Autoruns again and re-enable those two items by checking the checkbox next each one and they'll load normally the next time your start your system. As for the continuing issue with Malwarebytes not activating, I'm not certain but I suspect either something is blocking the connection or it may be a problem with it not validating its security certificate correctly. Either way I'll request that a member of the Support team take a look and assist. @AdvancedSetup or @LiquidTension could one of you please take a look and assist? Thanks One of the Malwarebytes Support team members should be along soon to assist and hopefully get this issue resolved. Thank you for your continued patience. Hopefully resolving this issue won't take long.