Jump to content

NeoBeum

Techbench
  • Posts

    30
  • Joined

  • Last visited

Posts posted by NeoBeum

  1. I'm not sure which Windows 10 app updated and triggered these appx reg entries, but if I find it I'll post back... could be a Wireless Service pack or something to break my PC....

    Quote

    RiskWare.Injector.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\Application Experience\StartupAppTask, No Action By User, 11812, 941491, , , , , ,

    ...

    RiskWare.Injector.Generic, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup, No Action By User, 11812, 941491, , , , , ,

     

     

     

     

     

    MBAM-21-05-20.txt

  2. @Amaroq_Starwind

    Trust me, you don't want to be putting any DISM related scripts on a task schedule... google some of my posts blasting microsoft about dism... and what they broke for KB4498523 and more for 18362.1

    problems with DISM is one issue... task scheduler is an entire different issue in itself.

    i haven't read the rest of the replies, and have only read the original post, and hit reply because DISM on schedule is bad

     

    if you get a bad servicing stack this is what will happen to your recovery image:

    the right hand side is what how directory structure should be populated

    the left hand side is what the SSU did to 18362.30+

    (google: "dear microsoft 1903")

    SSU-Fkup.thumb.jpg.69498a5a1d6ab039b405bd731ae9906a.jpg

  3. Machine Learning / Anomalous 97% - False positive on Microsoft Store Windows App: Segoe MDL2 Assets

    Filename: 35640TWyTec.UWPSegoeMDL2Assets_1.1.33.0_neutral_~_8e2hdjak06jkr.appxbundle

    File: http://tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/794c8a4d-9393-4ef1-b306-b6469b6cbf4d?P1=1559379012&P2=402&P3=2&P4=Q%2bEcL%2bDN%2b0D5VMVSEYZasTa%2fTj8VD5yqN54cwqg4okYoZBxrK8yIx3X3O4uTXzcT6lym9A9z%2fK2Lq5VBReIZcA%3d%3d

     

    VirusTotal: https://www.virustotal.com/gui/file/0e140eeda17a1f0b3d23be2787412eeb8d348181056b967997472b4cbb4f5467/detection

    MBAM-SegoeMDL2-Appx.txt

  4. Thanks

    HKCR\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt
    HKCR\Folder\shellex\ContextMenuHandlers\MBAMShlExt
    HKCR\MBAMExt.MBAMShlExt
    HKCR\MBAMExt.MBAMShlExt.1
    HKCR\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}
    HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
    HKCR\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}

    Those were the same keys I was about to import.

    I just ended up re-installing and pasting in the ProgramaData. The MBAM Repair Tool has a broken URL if browsing from the malwarebytes.com homepage - I wasn't able to get a copy of it until you shared the link here.

    Maybe you could mention this to the web admins so they can fix it.

  5. Ability to export or import user settings would be useful for quick configuration on multiple devices.

    Example:

    • Export configuration for Application, Protection, Scan Schedule and Exclusions
    • Re-installation of Malwarebytes 3 to fix Windows UI Missing Context Menu
    • Import previous configuration

    This will be good for users with large exclusion lists and custom scan schedules. I am currently missing the context menu in Windows, and am dreading having to populate my exclusion list again.

  6. 1803 - e68d05a40f5c0cc7bcc2f1f58607ea8a.cab

    Scan result
    no threats detected
    File size
    8.31 MB
    File type
    ARC/CAB
    Scan date
    Mar 30 2019 23:01:06
    Databases release date
    Mar 30 2019 11:44:42 UTC
    MD5
    3d3c4aafb876d42906bcbc6bc4042ae4
    SHA1
    7e1e40bef0bee09a7c9d3dbcd5db8f2c3bdde369
    SHA256
    968f04811d404c2a06728d7fa6b4d29def1d941659cc70dfc0518415be56eb71
  7. VirusTotal has been stuck on 100% since I started typing the post... the original 2nd scan post... so has OPSWAT

     

    1809 - 1f39792e6be0d2fa858e6696a60070c7.cab

    Kaspersky VirusDesk

    Scan result
    no threats detected
    File size
    15.50 MB
    File type
    ARC/CAB
    Scan date
    Mar 30 2019 22:52:10
    Databases release date
    Mar 30 2019 11:44:42 UTC
    MD5
    c92bde8bb0ec9b2bab32ae2d6d688a53
    SHA1
    4453a985f595eb14ece1a6130519a55591cb83ac
    SHA256
    d5fe479b0e151302e89486449666ad2b2ad9bf8d4d0be9411dfa11bf79a192da
     
     
     

    1803 - 1f39792e6be0d2fa858e6696a60070c7.cab

    Kaspersky VirusDesk

    Scan result

    no threats detected
    File size
    13.32 MB
    File type
    ARC/CAB
    Scan date
    Mar 30 2019 22:56:01
    Databases release date
    Mar 30 2019 11:44:42 UTC
    MD5
    16bce742fe227b4bae17318df0a433a4
    SHA1
    942a6b891f091a72e059a1c8ffdd1b3a709ae75b
    SHA256
    6eb8a7f7e6b1e57eef1c879c3aa9fa56a090578c69930c4a84a42d2efa2de911
  8. Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 30/03/2019
    Scan Time: 22:36
    Log File: 5077ee36-52e4-11e9-864d-1c872ce2247f.json

    -Software Information-
    Version: 3.7.1.2839
    Components Version: 1.0.563
    Update Package Version: 1.0.9924
    Licence: Premium

    -System Information-
    OS: Windows 10 (Build 17763.379)
    CPU: x64
    File System: NTFS
    User: NB-G751JY\NeoBeum

    -Scan Summary-
    Scan Type: Custom Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 117956
    Threats Detected: 2
    Threats Quarantined: 0
    Time Elapsed: 2 min, 33 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 2
    Trojan.FakeMS, C:\USERS\NEOBEUM\APPDATA\ROAMING\Microsoft\Windows\Recent\1f39792e6be0d2fa858e6696a60070c7.cab.lnk, No Action By User, [725], [54561],1.0.9924
    Trojan.FakeMS, E:\WINDOWS\1809\HLK\INSTALLERS\1F39792E6BE0D2FA858E6696A60070C7.CAB, No Action By User, [725], [54561],1.0.9924

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 30/03/2019
    Scan Time: 22:26
    Log File: e55d90ca-52e2-11e9-b515-1c872ce2247f.json

    -Software Information-
    Version: 3.7.1.2839
    Components Version: 1.0.563
    Update Package Version: 1.0.9924
    Licence: Premium

    -System Information-
    OS: Windows 10 (Build 17763.379)
    CPU: x64
    File System: NTFS
    User: NB-G751JY\NeoBeum

    -Scan Summary-
    Scan Type: Custom Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 117949
    Threats Detected: 2
    Threats Quarantined: 0
    Time Elapsed: 2 min, 42 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 2
    Trojan.FakeMS, F:\INSTALLERS\1F39792E6BE0D2FA858E6696A60070C7.CAB, No Action By User, [725], [54561],1.0.9924
    Trojan.FakeMS, F:\INSTALLERS\E68D05A40F5C0CC7BCC2F1F58607EA8A.CAB, No Action By User, [725], [54561],1.0.9924

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)

     

  9. 42 minutes ago, miekiemoes said:

    Hi,

    Given these are scans from last year, mind to rescan again and let me know if these are still detected as the same?

    This since this should have been fixed for months already.

    Thanks!

    The newly downloaded iso for 1803 have come back positive.

    The cabinet files found on mu_windows_10_hardware_lab_kit_version_1803_updated_march_2018_arm32_arm64_x64_x86_dvd_12064286.iso

     

    Only one cabinet file for the 1809 HLK also scan positive for 'Trojan.FakeMS'

    1f39792e6be0d2fa858e6696a60070c7.cab

     

    VirusTotal is still processing the files... although I think the process has crashed as MBAM has frozen the files as Firefox is trying to upload

     

     

    MBAM-2019-1803HLK.PNG

    MBAM-2019-1809HLK.PNG

  10. I'm in the middle of updating my dev tools and remembered that there were two cab files flagged as 'Trojan.FakeMS' on 25/06/2018.

    So from the date, I think this may have been the 1803 HLK Download packages using the HLKSetup.exe. This wasn't from mu_windows_10_hardware_lab_kit_version_1803_updated_march_2018_arm32_arm64_x64_x86_dvd_12064286.iso.

    Though, out of interest, I am downloading that iso again just to see if the cabinet files are present.

    The two files flagged in the 'Installers' directory are:

    1f39792e6be0d2fa858e6696a60070c7.cab

    e68d05a40f5c0cc7bcc2f1f58607ea8a.cab

     

    I will post another report once the 1809 and 1803 HLK have finished downloading on my end and I get a chance to scan and upload a sample to virustotal. (Just posting this now - as I've already delayed 9 months and I will forget about it again if I don't do this now)

     

    MBAM-1803-HLK.PNG

  11. Hello

     

    MBAM3.0 on Windows 10 has flagged RSA2048Sha256GenerateKey.exe and RSA2048Sha256Sign.exe as Trojan.SpyEye.R.

     

    Both files are included for the prebuilt tools for the EFI Development Kit II at the Tianocore GitHub

    https://github.com/tianocore/tianocore.github.io/wiki/EDK-II

     

    Files on my pc match the sha256 from the virustotal scans I just did and can be  found  here 

    https://github.com/tianocore/edk2-BaseTools-win32

     

    https://www.virustotal.com/#/file/2c92b3f97792ff743abe186b77082e66fee8f8bd5040be3eca2812daa0227d41/detection

     

    https://www.virustotal.com/#/file/e91b813f4fbe3216e36a9b09c5eb36ab4acbc09cd6a4a8e91a2531579ed66e10/detection

     

     

    Curious that it should be fine as it's old and also marked as OK for the Malwarebytes response and should have been picked up by MBAM3 as false

     

    Thanks

    falsepos.txt

  12. Hello Admins,

    I need to convert this thread from a 'help me' thread to a 'bug report'

     

    I found the cause -

    MBAM doesn't have sufficient privileges to read contents in [REMOVABLE-DISK]:\$Recycle.bin

    (Removable or Dynamic maybe - it has no problems with C: - but I haven't tested while the main system disk recycle bin has contents)

    I deleted the temporary recycle bin restore directory, and MBAM successfully scanned the drive with no problems or affect on the system.

  13. The behaviour is the same on 3.1.

    Scans are smooth until it reaches that drive - then CPU is max and R/W for the drive whirring along at 200MB/s and RAM usage comes shy of 1GB.

    The desktop environment becomes extremely laggy and scan and service needs termination.

     

    06/01/17	" 01:47:07.626"	395437	0af0	1a90	WARNING	OfflineUAManager	mb::common::system::OfflineUAManager::LoadUAHivesOffline	"OfflineUserAccountsManager.cpp"	205	"RegLoadKey failed: Key=S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06012017014707620, ProfilePath=C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-20-06012017014707620-ntuser.dat, retCode=32."
    06/01/17	" 01:47:08.170"	395984	0af0	1a90	INFO	GalaxyRuleParser	mb::common::galaxyrules::SimpleRuleFileParserV2::Parse	"GalaxyRuleParser.cpp"	2973	"Successfully parsed 86311 records."
    06/01/17	" 01:47:19.648"	407453	0af0	1a90	ERROR	ScanControllerImpl	mb::scancontrollerimpl::RootkitScanner::GetBootPartition	"RootkitScanner.cpp"	3081	"Failed to find a bootable drive"
    06/01/17	" 01:47:19.648"	407453	0af0	1a90	WARNING	ScanControllerImpl	mb::scancontrollerimpl::RootkitScanner::IsBootableDrive	"RootkitScanner.cpp"	2978	"Failed to Get partition info for \\?\Volume{61e6d2ef-7953-4f31-a58f-79cb7f701b78}\, ErrorCode=(4294967295)"

     

  14. I have MBAM on my tablet on Windows 10 EDU 1703, it's configuration is the same as the settings on my main laptop. Obviously the only difference is aside from the Windows update is that I don't have multiple drives on it and only a SD Card.

    I had to reconfigure Windows Defender for the 1703 update because it was automatically enabled again. Eset is also on the tablet.

    I'll do some scans and see what happens.

     

     

    EDIT: I didn't realise there was a update to MBAM to 3.1 - the GUI is reporting everything is updated.
    I'll update and try a scan on my main laptop first.

  15. Hi,

    I think there's a problem somewhere - the only changes I made today were uninstalling KB3150513 and KB4013214 to remove Win 10 Creator's update notifications on my main laptop for the time being.

    Windows Defender is disabled through Group Policy, and I'm on the Education SKU.

    ESET 10.0.390.0 is on my system - but I've never had a problem configuring MBAM and ESET together before. So I don't think there is a conflict with ESET.

    The Hard drive MbamService was reading and writing to was one of my storage hard drives in RAID0.

    The service can be terminated and restarted.

    MBAM initiated a scheduled Hyper and Threat scan - and that's when I ran in to problems, when I was AFK and suddenly heard my laptop fans kick in... so I wondered why... and opened up resource mon.

     

    MBAM01.thumb.PNG.8160aea5eaeefcf257fcec4b0f58146e.PNGMBAM00.thumb.PNG.6e1e3b5ca6a04f116dff4b5ea3c5bb5f.PNG
     

    Spoiler

     

    
    05/31/17	" 22:33:30.762"	43562	06d4	14f0	INFO	AeShimImpl	AeShimImpl::MbaeStart	"AeShimImpl.cpp"	358	"MBAE started."
    05/31/17	" 22:33:30.762"	43562	06d4	14f0	INFO	AEControllerImpl	mb::aecontrollerimpl::AEControllerImplHelper::StartProtectionImpl	"AEControllerImplHelper.cpp"	483	"Protection Started"
    05/31/17	" 22:33:30.809"	43609	06d4	0d24	INFO	DriverCtrl	CDriverControl::StopDriver	"DriverControl.cpp"	690	"DriverCtrl stopped MBAMChameleon"
    05/31/17	" 22:33:30.809"	43609	06d4	0d24	INFO	SPSDK	Uninstall	"SelfProtectionUser.cpp"	177	"SelfProtection driver was successfully removed."
    05/31/17	" 22:33:30.824"	43625	06d4	0d24	INFO	SPSDK	Install	"SelfProtectionUser.cpp"	73	"SelfProtection driver was successfully installed. Path=<C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE>."
    05/31/17	" 22:33:30.824"	43625	06d4	0d24	INFO	SPSDK	Install	"SelfProtectionUser.cpp"	109	"SelfProtection StartDriver was false - 1"
    05/31/17	" 22:33:30.824"	43625	06d4	0d24	WARNING	SPControllerImpl	mb::spcontrollerimpl::ProtectedItemsHandler::Add	"ProtectedItemsHandler.cpp"	62	"Given path is already in the protected items list: Path = C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\, Type = Folder."
    05/31/17	" 22:33:30.840"	43640	06d4	0d24	ERROR	SPSDK	SetGpIfeoProtection	"SelfProtectionUser.cpp"	606	"SelfProtection Failed add/remove hash LE=2 (0 - 1)"
    05/31/17	" 22:33:30.840"	43640	06d4	0d24	ERROR	SPControllerImpl	mb::spcontrollerimpl::SPControllerImpl::InitGpIfeoProtection	"SPControllerImplHelper.cpp"	290	"Failed to Clear the driver hash list - status code = [11]."
    05/31/17	" 22:33:30.840"	43640	06d4	0d24	INFO	SPControllerImpl	mb::spcontrollerimpl::SPControllerImpl::InitGpIfeoProtection	"SPControllerImplHelper.cpp"	326	"Protecting C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\assis
    
    
    
    06/01/17	" 00:00:16.364"	5249171	06d4	0c14	WARNING	GalaxyRuleParser	mb::common::galaxyrules::SimpleRuleFileParserV2::Parse	"GalaxyRuleParser.cpp"	2964	"Unknown rule type encountered (37). Data may be missing or invalid."
    
    ...
    
    
    06/01/17	" 00:00:33.327"	5266140	06d4	0fc4	WARNING	ScanControllerImpl	mb::scancontrollerimpl::RootkitScanner::IsBootableDrive	"RootkitScanner.cpp"	2908	"Failed to Get partition info for \\?\Volume{61e6d2ef-7953-4f31-a58f-79cb7f701b78}\, ErrorCode=(4294967295)"
    ...
    ...
    06/01/17	" 00:00:33.343"	5266156	06d4	0fc4	WARNING	ScanControllerImpl	mb::scancontrollerimpl::RootkitScanner::IsBootableDrive	"RootkitScanner.cpp"	2908	"Failed to Get partition info for \\?\Volume{9acb6671-56fe-46cf-ad46-6503f91c3d21}\, ErrorCode=(4294967295)"
    
    06/01/17	" 00:00:33.343"	5266156	06d4	0fc4	WARNING	ScanControllerImpl	mb::scancontrollerimpl::RootkitScanner::IsBootableDrive	"RootkitScanner.cpp"	2908	"Failed to Get partition info for \\?\Volume{df8b59e8-9ff4-11e5-9e13-cc3d826bf4c1}\, ErrorCode=(234)"
    06/01/17	" 00:00:33.358"	5266171	06d4	0fc4	WARNING	ScanControllerImpl	mb::scancontrollerimpl::ScanLocations::EnumerateProcesses	"ScanLocations.cpp"	137	"Failed to get the process data for pid [0], error code = [87]. Will continue with the other processes."
    06/01/17	" 00:00:33.358"	5266171	06d4	0fc4	WARNING	ScanControllerImpl	mb::scancontrollerimpl::ScanLocations::EnumerateProcesses	"ScanLocations.cpp"	137	"Failed to get the process data for pid [4], error code = [5]. Will continue with the other processes."
    06/01/17	" 00:00:33.358"	5266171	06d4	0fc4	WARNING	ScanControllerImpl	mb::scancontrollerimpl::ScanLocations::EnumerateProcesses	"ScanLocations.cpp"	137	"Failed to get the process data for pid [456], error code = [5]. Will continue with the other processes."
    06/01/17	" 00:00:33.358"	5266171	06d4	0fc4	WARNING	ScanControllerImpl	mb::scancontrollerimpl::ScanLocations::EnumerateProcesses	"ScanLocations.cpp"	137	"Failed to get the process data for pid [648], error code = [5]. Will continue with the other processes."
    06/01/17	" 00:00:33.358"	5266171	06d4	0fc4	WARNING	ScanControllerImpl	mb::scancontrollerimpl::ScanLocations::EnumerateProcesses	"ScanLocations.cpp"	137	"Failed to get the process data for pid [740], error code = [5]. Will continue with the other processes."
    06/01/17	" 00:00:33.358"	5266171	06d4	0fc4	WARNING	ScanControllerImpl	mb::scancontrollerimpl::ScanLocations::EnumerateProcesses	"ScanLocations.cpp"	137	"Failed to get the process data for pid [748], error code = [5]. Will continue with the other processes."
    06/01/17	" 00:00:33.358"	5266171	06d4	0fc4	WARNING	ScanControllerImpl	mb::scancontrollerimpl::ScanLocations::EnumerateProcesses	"ScanLocations.cpp"	137	"Failed to get the process data for pid [812], error code = [5]. Will continue with the other processes."
    06/01/17	" 00:00:33.374"	5266187	06d4	0fc4	WARNING	ScanControllerImpl	mb::scancontrollerimpl::ScanLocations::EnumerateProcesses	"ScanLocations.cpp"	137	"Failed to get the process data for pid [1772], error code = [5]. Will continue with the other processes."
    06/01/17	" 00:00:37.702"	5270515	06d4	236c	ERROR	MBAMCoreImpl	MBAMCoreImpl::ClassifyLoadPoint	"MBAMCoreImpl.cpp"	431	"Cannot classify load point. FilePath member is invalid."
    06/01/17	" 00:00:38.046"	5270859	06d4	236c	ERROR	MBAMCoreImpl	MBAMCoreImpl::ClassifyLoadPoint	"MBAMCoreImpl.cpp"	431	"Cannot classify load point. FilePath member is invalid."
    06/01/17	" 00:00:38.218"	5271031	06d4	236c	ERROR	MBAMCoreImpl	MBAMCoreImpl::ClassifyLoadPoint	"MBAMCoreImpl.cpp"	431	"Cannot classify load point. FilePath member is invalid."
    06/01/17	" 00:00:39.171"	5271984	06d4	0068	ERROR	MBAMCoreImpl	MBAMCoreImpl::ClassifyLoadPoint	"MBAMCoreImpl.cpp"	431	"Cannot classify load point. FilePath member is invalid."
    06/01/17	" 00:21:37.727"	6530531	06d4	0880	INFO	AEControllerImpl	mb::aecontrollerimpl::AEControllerImplHelper::DoAppInjectedNotification	"AEControllerImplHelper.cpp"	2085	"App Injected (Mozilla Firefox (and add-ons))"

     

     

    Quote

    The backing-file for the real-time session "WDC.BE95A9B1-DE15-4B78-B923-A12AB70BE951" has reached its maximum size. As a result, new events will not be logged to this session until space becomes available. This error is often caused by starting a trace session in real-time mode without having any real-time consumers.

    Spoiler

     

    
    - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    - <System>
      <Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" /> 
      <EventID>16</EventID> 
      <Version>0</Version> 
      <Level>4</Level> 
      <Task>0</Task> 
      <Opcode>0</Opcode> 
      <Keywords>0x8000000000000000</Keywords> 
      <TimeCreated SystemTime="2017-05-31T14:30:17.247154500Z" /> 
      <EventRecordID>382241</EventRecordID> 
      <Correlation /> 
      <Execution ProcessID="1748" ThreadID="4036" /> 
      <Channel>System</Channel> 
      <Computer>NB-G751JY</Computer> 
      <Security UserID="S-1-5-18" /> 
      </System>
    - <EventData>
      <Data Name="HiveNameLength">120</Data> 
      <Data Name="HiveName">\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-2566739444-624617511-4086259774-1001-06012017000017036-UsrClass.dat</Data> 
      <Data Name="KeysUpdated">0</Data> 
      <Data Name="DirtyPages">0</Data> 
      </EventData>
      </Event>

     

     

     

     

     

     

     

    MBAMSERVICE.LOG

    MBAM-SCANLOGS.txt

  16. Hello

     

    I have a multi display system and MBAM has a small UI draw bug where menu options will be drawn on a display other than the display that the main application is open on.

    I've attached a screen capture.

     

    Current display configuration is

    [1][2*][3]

    With 2 being the primary display, and 1 set with the Windows taskbar.

     

    Thanks

     

    EDIT: 1 is technically the Primary because it is a laptop, I just dragged the taskbar to the laptop display so I can have the other 2 for other things without taskbar clutter

    MBAM-BUG001.png

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.