Jump to content

JoelS

Honorary Members
 View Profile  See their activity

  • Posts

    34

  • Joined

  • Last visited

 Content Type 

Posts posted by JoelS

    Exploit.PayloadProcessBlcok

    in Exploit

    Posted

    I am getting messages like the following. Nothing shows up in quarantine. Over a dozen messages occur within a couple of minutes. They have happened on most but not all days. A full scan shows nothing amiss. Suggestions?
     

    Quote

     

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Protection Event Date: 9/15/23
    Protection Event Time: 8:37 AM
    Log File: 6c8cd432-53d5-11ee-89b6-18c04d03be8a.json

    -Software Information-
    Version: 4.6.1.280
    Components Version: 1.0.2117
    Update Package Version: 1.0.75315
    License: Premium

    -System Information-
    OS: Windows 11 (Build 22621.2283)
    CPU: x64
    File System: NTFS
    User: System

    -Exploit Details-
    File: 0
    (No malicious items detected)

    Exploit: 1
    Exploit.PayloadProcessBlock, C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-CimInstance Win32_VideoController | Format-List -Property DeviceId, Blocked, 701, 392684, 0.0.0, ,

    -Exploit Data-
    Affected Application: cmd
    Protection Layer: Application Behavior Protection
    Protection Technique: Exploit payload process blocked
    File Name: C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-CimInstance Win32_VideoController | Format-List -Property DeviceId
    URL:

     

    (end)

     

     

    VPN Fails to Connect

    in Windows

    Posted

    OK. KpRm deleted an old version of Farbar and a text file that I am pretty sure was completely innocuous, and did the rest of the socially beneficial stuff it does.

    Since I run MBytes (including the browser guard), have good password hygiene, avoid likely places to pick up malware, block as much content as possible without breaking sites, download only the minimum, and update everything not less than once a week (PatchMyPC only found some old C++ to update), I think I can say that that avenue is covered.

    As I mentioned, Privacy has been working ever since running MB Support. If I have further problems, I'll try uninstall/deactivate/reinstall. I hate to still not know what went wrong.

    • Like 1

    Positive reported for WINDOWS\INSTALLER\1ED5E.MSI

    in File Detections

    Posted

    Yesterday, I got a bunch of Riskware, Generic Injector detections which I understand are false positives, so I removed them from quarantine. However, today, this popped up on the report:

     

    Malware.AI.1338826517, C:\WINDOWS\INSTALLER\1ED5E.MSI, Quarantined, 1000000, 0, 1.0.40732, 1B63E81907980D144FCCDF15, dds, 01254988, 1CDE2A414CB4C7457788153E5EE4836E, EBAF35D74AD6CEB3C44CBEA81C207C9A7BB123E6D641E09678D12C9DE2770DC4

    I have it in quarantine. Is it a real detection? 

     

    Web Protection Will not stay on

    in Malwarebytes for Windows Support Forum

    Posted

    I had blue screen crashes starting three months ago, right after the Creators update of Windows. Forum assistance made all sorts of recommendations, most of which I tried and which did not work. I took it into the shop and paid a fair piece of change to diagnose. As their first step, they uninstalled MBytes and never saw a repetition of the problem.  On returning it home, I re-installed MB. Within a day I had a black screen crash (computer becomes unresponsive). On re-starting, Malwarebytes failed to boot properly (several times) and finally locked up. It kept complaining about not being able to verify licensing. I uninstalled and re-installed.

     

    A likely place to start would be for MB to check its licensing function. If the software attempts to verify that it is the licensed rather than the free edition, and the license computer says bollocks,it wouldn't be surprising if that caused an internal conflict causing real-time protection to shut off or maybe worse. 

     

    MB needs to take this problem seriously. It's obviously affecting a lot of users and it's causing problems of the kind that can seriously damage computers.

    Malwarebytes Crashes

    in Resolved Malware Removal Logs

    Posted · Edited by JoelS

    I followed your instructions and successfully ran PerfMon and Sysnative. When I got to the link for posting results from these, I get a message that the page does not exist. What PerfMon said was that a service had stopped ungracefully, resulting in a third of events not being logged in the event log. 

    Malwarebytes Crashes

    in Resolved Malware Removal Logs

    Posted · Edited by JoelS

    Ron, I have been very hesitant to rely on just Defender. So--forgive me-- I haven't done as suggested, hoping that somehow I could solve the problem in another way. I also did not have blue screen crashes from Dec. 7th until Dec. 13th.  So, even if I had turned off everything except Defender, we would have gotten a false sense that the problem had been solved. 

     

    Last night I had a BSOD  listing Clock_watchdog Timeout as the cause. Following instructions on the WIndows Forum, I ran Driver Verifier. This turned up as a Driver Verifier Error MBAM Chameleon.sys.  

     

    Could this be the problem? MBAM updates every day, so it should be current (it's 3.3.1).  

     

    If we really can't resolve this otherwise, I'll wrap up my work for the year, and try running with just Defender. But if I have to do this, I really will have to be looking at alternatives for system protection. 

    Malwarebytes Crashes

    in Resolved Malware Removal Logs

    Posted · Edited by JoelS

    Ron, I tried the Components Update on Computer #1. I had two blue screen crashes thereafter. After the second, Malwarebytes and my antivirus suite did not come up. I had to restart again. Could this represent a conflict? I have Malwarebytes on a brief delay, since I have had some problems there before.

     

    I have not yet observed another crash of MBytes after startup, however.

     

    I scanned again using Sophos. This time, aside from tracking cookies, the only thing it came up with as suspicious was Farbar (FRST64.exe).  Just to be thorough, I ran AdwCleaner. Nothing. 

     

    Anything further from looking at the logs from Computer #2? 

    Malwarebytes Crashes

    in Resolved Malware Removal Logs

    Posted

    For about a month, I have been getting messages that Malwarebytes web protection is turned off. When I try to turn it on, it will not turn on. The computer has to be restarted. I have also been getting Blue Screens of Death. I have scanned the computer with Malwarebytes, AdwCleaner, Kaspersky, Windows Defender, and Sophos. Of these, only Sophos detected anything at all; a PUP called Softonic.

     

    First, Malwarebytes is, according to Malwarebytes, supposed to detect Softonic. So it's really disturbing to find that it isn't.

     

    Second, any suggestions as to what to do? 

     

    Thanks. 

    Worst upgrade system ever for Android Premium

    in Malwarebytes for Android Support Forum

    Posted

    So Malwarebytes now wants to charge for Android. Fair enough.

    First electronic nightmare: Learning of this change arrives in discovering the icon has changed and the app is asking me for permissions to upgrade to Premium. Sure, it's probably ok, but how do I know this isn't a clever piece of malware? Someday, a hacker will figure out this would be a really good way to phish for information. 

    Second electronic nightmare: Having established that this is legitimate software, I decide to go Premium. But the Play Store declines to accept the cell provider as a payment system. Why? Who knows.

    Third electronic nightmare: Entering credit card information into a phone.  Then the credit card gets repeatedly declined. Why? Who knows? It's correct. Finally, for no obvious reason, it gets accepted. But now the Gmail password has to be provided. 

    Fourth electronic nightmare: entering a strong password on a phone keyboard. A man could go blind. The password gets rejected repeatedly.  Surrendering, it graciously allows me to claim that I forgot my password (I didn't). As soon as I enter the same password I have entered three times as the "last known password," the gates to the Google Kingdom swing open and payment is accepted. 

    Fifth electronic nightmare: So... where is the license key? Where is the receipt?  Can an advanced society actually be running on security this low? 

    Sixth electronic nightmare: The new screen asks for elevated permissions that would allow Malwarebytes to suddenly erase the phone and otherwise take drastic actions. Why is it needed? No explanations are provided.

    Bruised and battered, the customer experience is complete.

    Why not just allow for purchase of a license key from MB in the usual fashion? Why subject users to this sort of idiocy? 

    Virus detected popup on Android 6

    in Malwarebytes for Android Support Forum

    Posted

    On 12/25/2016 at 2:04 PM, GeoNez said:

    The mechanism is getting you to respond to the message.  Usually, the only two appropriate responses are to close the browser or pull the battery.  Assume there was also some: "click here to clean your device, cure cancer and make the world a better place all at the same time" button, and if you are unfortunate enough to click on it, it often proceeds to encrypt your phone and the ransom ware payload has been delivered.  You seem to have dodged the bullet, so congratulations.  Recent and complete backups are also very useful.  When in doubt, do not click.  Used to be alleged pictures of the tennis player Anna Kournikova.  The enticements vary over time.  When in doubt, do not click.

    Merry Christmas.

    Thanks, GeoNez.   

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.