exile360

That's OK, go ahead with the rest of the instructions to post in the malware removal area and one of our malware removal specialists will assist you. It could be that an infection is preventing it from working or else it's just some kind of bug with the latest version of ADWCleaner. I'll be sure to report it to the Developers for analysis, but in the meantime I just want to make sure that your PC gets cleaned up.

Yes, many AV's keep drivers and services active even when protection is disabled so that they don't really stop monitoring, they just don't flag anything so I would suggest giving it a try with Panda removed if you don't mind just to make certain we've fully eliminated it as a possibility.

Looks pretty fast to me Yep, I suspect your hunch about Panda is correct. What happens if you disable or uninstall it temporarily and then run your scan with Malwarebytes? Does it improve? If so, then it's also possible that Panda made some changes in a recent update that may be causing this, but hopefully exclusions will resolve it; if not then you may need to report it to them and hopefully they will be willing to investigate and correct the issue.

I was dubious as well, but I suspect their reasoning for doing so is twofold; first, they probably already have something in-house that they have developed that is superior and renders Ghidrah obsolete; second, it's likely that given their no doubt massive workload just dealing with hack attempts from hostile governments, organized crime and independent blackhats and blackhat organizations (not to mention all the mass surveillance operations they're always managing; something I'm not a great fan of being an advocate for privacy), they probably figured it would be good to put a tool like this into the hands of the public/whitehats/malware researchers to help discover and mitigate vulnerabilities in the code of commonly used tools/applications/systems/devices etc. and to better stay on top of the rather devastating, run-of-the-mill threats like ransomware that always have the potential to bring any business or government systems/organizations to a screeching halt should they evade detection, and I suspect they have more important (to them at least) things to do with their time than spend all day analyzing malware to develop their own in-house AV signatures and detection/mitigation tools, so they pass this off to the public in the hopes that the off-the-shelf malware defense solutions they use will do a better job at keeping their networks secure.

Yes, Panda is a definite possibility. If it is doing a simultaneous analysis of the objects being scanned by Malwarebytes during scans that could definitely slow things down. Please let us know how it turns out. Thanks

Greetings, According to your logs there appear to be some adware/PUP items still installed in your Chrome browser so I would recommend first trying to run a scan with ADWCleaner and having it remove anything it detects, restarting your system if prompted to do so to complete the removal process. Once that's done, repeat the process until no more threats are found and do the same with Malwarebytes by opening Malwarebytes and clicking Scan Now, again restarting if prompted to complete the removal process. If the issue still persists then please follow the instructions in this topic and then create a new thread in the malware removal area including the requested logs and information by clicking here and one of our malware removal specialists will assist you in checking and cleaning the system of any remaining malware/adware/PUPs as soon as one is available. Good luck, and if there is anything else we might assist you with please don't hesitate to let us know. Thanks

Yeah, if using a large HOSTS file you need to disable the DNS Client service (and there are alternatives you can configure to use as a local hosts server to replace its functionality so you don't lose any browser performance, though I personally just use 0.0.0.0 rather than 127.0.0.1 to improve browsing speed when sites are blocked). As for Windows 10, the last I heard Microsoft actually doesn't let you edit the HOSTS file so I can't speak to that, but I've been using a large HOSTS file for years ever since XP and I currently have over 900,000 entries in my own HOSTS file on Windows 7 x64 and it's never caused me any problems.

Greetings, Assuming these are the default Threat scans then it definitely shouldn't be taking that long, though if you haven't done so already, deleting your temp files etc. may help, either using the tools built into Windows and your web browser(s) such as Disk Cleanup and the options for deleting your temporary internet files/caches/history etc., or through a specialized tool such as CCleaner. Other than that, sometimes the Research team does add new signatures to the database that may alter how Malwarebytes analyzes some files, resulting in higher resource usage and thus increased scan times overall, however on my own system I haven't noticed a great increase in scan times recently (still around 40~50 seconds total for a Threat scan, though I have a very fast SSD and a fast 4 core/8 thread CPU, all of which contribute to faster scan times). With that said, it may also be a sign of a failing disk so backing up your data if you haven't done so recently might be a good idea (I noticed you have Macrium installed, so I'd recommend going ahead and creating an image backup of the system on a separate drive just in case this one fails at any point so that you don't lose anything). Additionally, it would be a good idea to make sure that you have exclusions configured between your security products so that they don't interfere with one another. The list of items to exclude in your AV for Malwarebytes can be found in this support article and instructions on excluding other programs from Malwarebytes can be found in this support article under the Exclude a File or Folder section. If that still doesn't resolve the issue then it might be a good idea to try a clean install of Malwarebytes to see if that helps: Run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here If the problem still persists, and if you suspect that the system may be infected with malware (which is also a possible cause, especially if you're seeing general performance issues, including with other software on the system) then you should follow the instructions in this topic and then create a new topic in the malware removal area including the requested logs and information by clicking here and one of our malware removal specialists will assist you in checking and cleaning the system as soon as one becomes available. Hopefully that helps, and please let us know how it goes. Thanks

You're very welcome. If there's anything else we can assist you with just let us know.

It isn't on my system at least, though I just turned it on (I normally keep it off). I'll reboot my rig and see if this issue still persists, but yes, it's supposed to protect Malwarebytes from being tampered with or terminated.

By the way, you can find more info on the machine learning component and how it flags things (as well as further tips on how to avoid it when building your programs) in this post from the Malwarebytes Director of Research.

Yes, I've requested in the past that they offer a 'restore and ignore' function to Quarantine to allow items to be restored and added to exclusions in a single click and also to provide the option to restore/exclude an item pre-reboot and edit or delete the DoR script accordingly so that the item(s) which were removed by the user do not get deleted on reboot but it would probably be quite tricky to implement. Still, I will point them to this thread for reconsideration and hopefully it's an area where we will see some usability improvements in the future. Thanks for your feedback. Also, just in the meantime, a tip when dealing with the machine learning component: it doesn't like unsigned files or files with inappropriate version information (like files signed by Microsoft/from Microsoft Corporation etc. when they are not) which can make it tough on independent developers, so the best solution is to generally just exclude your entire working directory for your projects that way it doesn't flag any of your executables. I'm sure you've already done this but thought I should write this anyway for anyone else who might come along with a similar issue.

Hmm, I think I just found a bug. While Malwarebytes does restart itself as it should if terminated, I am able to kill any of its processes via Task Manager even with self-protection active. I'll have to report this to the team for analysis because unless something has changed with their implementation, that should not be possible if it's working correctly.

Greetings, Yes, you did it correctly Looking at your logs, the most frequent block I'm seeing is from ublockerext.com coming from Chrome, which I'm guessing is being caused by a browser add-on/extension you have installed in Chrome. If you believe this is a false positive you may review the pinned topics at the top of this area and create a new thread in that area by clicking here and a member of the Malwarebytes Web Research team will review the site and remove the block if it is indeed a false positive. If you believe the site may be malicious and need help removing the plugin/extension causing the block then please read and follow the instructions in this topic and create a new topic in the malware removal area by clicking here and one of our malware removal specialists will assist you in checking and cleaning the system of any threats/PUPs (Potentially Unwanted Programs) as soon as one is available.

Greetings, I've asked the forum moderators to move your thread to the false positives area so that a member of Research can review the FP and get it corrected. In the meantime, if you do reboot then the file will be deleted due to the Delete on Reboot (DoR) technology that Malwarebytes uses for cleanup of detected items, however once that occurs the file will be placed in quarantine and you will then be able to restore the item from quarantine in Malwarebytes. After that you may exclude the process/folder until the Research team gets the issue corrected in the database.

Greetings, The response above is an automated reply to all posts in this part of the forum to provide basic troubleshooting steps. For potential false positives there's a separate area of the forums for that with sub-forums for each component of protection. For the Web Protection component it is called Website Blocking and is located here. You should review the information in the pinned topics in that area and then create a new thread to request that the block/site be reviewed to verify whether it is a false positive or not by here and one of the Malwarebytes Web Research team members will review the site and reply to your topic.

Yes, Chameleon is the self protection driver. It loads and unloads the DLL dynamically as needed (to check for protected processes etc.), but the driver itself that runs in the background is just the .sys file so you won't see it in tools like Task Manager etc. but you can always test it as you did by trying to kill any of MB3's processes (or by trying to delete any of MB3's files from its program folder for example) and you should get an 'access denied' message even if you're using the highest possible permissions/privileges.

Excellent, I'm glad you were able to access and sync up your account info. Please let us know if you have any further questions or issues

Yes, that's normal if it didn't need to restart (which judging by the log, it didn't need to). Is everything working OK now?

Ghidra has arrived; and no, I don't mean the infamous three-headed monster (AKA "Monster Zero") that Godzilla has fought on many occasions; this Ghidra is a reverse engineering tool developed by the NSA, and its code has been made available to the public free of charge with source code to be made available soon (yes, it's going to be open source!). While this may not be exciting news for most of us, threat researchers should be very interested in this new suite of tools as it could greatly aid their efforts in reverse-engineering malware to develop countermeasures and signatures (most RE tools tend to be rather expensive (i.e. not free) and closed-source). You can read more about this exciting development here at BleepingComputer. Just be aware that before you decide to give this new tool a try, that there has been a remote code execution vulnerability reported in the tool, but mitigation for this vulnerability is included in the article so be sure to mod the code in your favorite editor before you take it for a spin.

You can use the two of them together, but yes, if a site is blocked by Malwarebytes it will simply be blocked so it can't be displayed. I personally wouldn't want to 'test' a tool like the Microsoft extension by allowing all known malicious sites to connect anyway personally, even inside a sandbox as there are some threats (as well as some prominent vulnerabilities, such as the recently discovered Spoiler Intel CPU vulnerability) that could potentially escape a sandbox/virtual space and infect the system. If I were you, I'd just use the two of them together, let Malwarebytes block the sites it detects as malicious and let the Microsoft extension handle the unknown sites that Malwarebytes hasn't positively identified as malicious. I assume that's the point of it anyway, since even Microsoft has their own blacklist/redirect tool anyway in the SmartScreen filter (which has its own Chrome extension called Windows Defender Browser Protection).

There appears to be something odd with your Malwarebytes installation. I'd suggest a clean install just to see if that doesn't clear up any issues: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here As for the PUP detection, your logs show that Malwarebytes recently detected and quarantined a driver updater program's installer. You can learn more about why in this blog article.

I just block all social media sites via my HOSTS file, so any content from their servers (including those images they embed in other pages to track you) are blocked across all browsers/processes on my system. I do think it would be a good idea to add this functionality for the privacy features of the browser extension though.

You can use the two of them together in the same browser if that's what you mean, but if you mean somehow working out a deal with Microsoft to integrate the two into a single browser extension, then no, that isn't likely to happen. Based on what I read in the extension's description, it works very differently from the way that the Malwarebytes browser extension works. It uses Hyper-V to isolate untrusted sites similar to the way that tools like Sandboxie and the like do where it traps the browser's process inside a virtual space to shield the rest of the system from anything malicious that the site might try to do (i.e. execute exploits or other malicious code). The Malwarebytes extension on the other hand uses block lists of known malicious sites along with behavior based page detection to block malicious and unwanted content, functioning on a technical level more like typical ad blocking extensions such as Adblock Plus and uBlock Origin work where it redirects malicious pages to an alternate Malwarebytes landing page.

Greetings, Did you use the same email address for creating your online account that you used for your original Malwarebytes license purchase? If not, then that could be the reason. You may find the info in this support article as well as this support article to be of some help. If you're still having trouble/the online system still isn't showing your info accurately then please contact Malwarebytes Support directly via the form on the bottom of this page and they will assist you (they have direct access to the licensing system and should be able to determine what's wrong with the license/web interface linking). If there's anything else we might assist you with please don't hesitate to ask. Thanks