LN108

Same here. All Google products are unusable with web protection on. Please fix!

OK, @AdvancedSetup. I think that did the trick. No problems today at least. Thanks!

OK, I'm attaching that zip file. I'm also attaching a txt file with the log of my earlier clean, in case that's useful. The most recent exploit block event took place at 4:57 pm PST, Friday. Thanks! Lance mbst-clean-results.txt mbst-grab-results.zip

OK, so it ran the MB Support tool, as instructed. Went back to Excel it was working fine--until I activated the AddInTools Classic Menu plugin and tried to do a "Save as" with a file. That triggered a Exploit Blocked from MB, and the program shut down. It's the "Save as" that reliably triggers this response. Ideas appreciated! Thanks, Lance

Hello Admin, Before I do this (clean uninstall, etc.), may I report that I subsequently to my message starting this tread, I found that the problem may not be connected with Excel, or with MS Office, at all--but rather with an MS Office add-in: AddinTools Classic Menu for Office. Having deactivated this add-in, the problem seems to be resolved. See also a related entry in this forum, linked below. I do want to continue using this add-in. So my question is: How can I get MB to ignore it; I've been using it for years and it seems safe enough. Thanks! Lance

Hello, Since the recent update of my MB Premium, I cannot run Excel. The program is shut down by MB with the message "Real-Time Protection detected and blocked an exploit attempt." (Screenshot attached, report copied below.) I've added Excel.exe to my allow list. No effect. I've gone to the Settings > Security > Advanced settings > Application behavior and unchecked Office WMI Abuse Prevention. No effect. I've run the "Gather Logs" function of the MB Support Tool. Zip file attached. Advice appreciated. Lance Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 9/2/21 Protection Event Time: 8:29 AM Log File: 7d7721c0-0c02-11ec-b6df-00ff0a912664.json -Software Information- Version: 4.4.5.130 Components Version: 1.0.1430 Update Package Version: 1.0.44523 License: Premium -System Information- OS: Windows 10 (Build 19043.1165) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Microsoft Office Excel Protection Layer: Malicious Memory Protection Protection Technique: Exploit code executing from Heap memory blocked File Name: URL: (end) mbst-grab-results.zip

Here's the event report (attached). Grammarly Blocked.txt

Hello, I'm running Malwarebytes Premium 4.4.2 on Windows 10. Everytime I start MS Word, Malwarebytes blocks the Grammarly add-in (latest version) from loading, identifying it as an exploit (see attached screenshot). This, in turn, prevents Word from opening. I don't see a way to create an exception for this add-in. I'd rather not have to turn off exploit protection every time I use Word. Suggestions appreciated. Thanks!

Here's the VirusTotal report: https://www.virustotal.com/#/file/ccae2d265bfe1f43bf92e71c74740c80a26b6aa6b20e85d97cbd44ccd2127e5d/detection Hmmm. I removed and reinstalled Firefox last week. Didn't seem to make much difference. Thanks! Lance

nasdaq, I should add that my Firefox sync remains off. Lance

Hi nasdaq, OK the good news is that automated connection to members.chello.nl seems to have stopped. I'm no longer getting the Website Blocked messages for that site. The bad news is that I'm now having repeated Website Blocked - Trojan messages for what seems to be an automated connection to www.timepasskatta.com, also involving Firefox. Attached are a Threat Scan report, a Website Blocked report, an Addition.txt file, and an FRST.txt file. Thanks for any advice. Lance Addition.txt FRST.txt Report Website Blocked Trojan timepasskatta.com.txt Threat Scan Report 12-18-18.txt

Let's see: it occurred while I was using Firefox. The relevant report is attached. The log is attached. Lance Report Website Blocked 12-12-18.txt Threat Scan Report 12-13-18.txt

Malwarebytes reports one instance of "Website blocked due to Malware" since I rebooted after running the FRST tool Fix. It was the same automated attempt to reach members.chello.nl . So it seems that it's not yet fixed. Lance

Thanks, nasdag-- I've completed running the FRST tool Fix function with the Fixlist.txt you supplied. The resulting Fixlog.txt file is attached. What's next? :-) Lance Fixlog.txt

Hi nasdaq, I'm afraid I don't understand your instruction. My problem is not how to attach a file to a reply message, my problem is that you have asked me to download a Fixlist.txt file that was supposed to be attached to your message, but there seems to be no such file actually attached to your initial message for me to download. Would it be possible for you to resend me the Fixlist.txt file? Lance