byteback

This has been going on intermittently for several months. Today, the popup messages are appearing every 15m to 30m. Basically, I'm being advised that MB is blocking these sites: kenmwqdfig.com and tdtxjhel.com, with addresses of 216.21.13.14 and 216.21.13.15. Obviously, if MB is blocking them, then OK, sorta, but is there likely to be some hidden file on my computer that's generating these attacks? I'd like to 'cut 'em off at the pass' if that's possible :-)

Re my Windows 7 Ultimate SP1 update situation, I can definitely confirm that installing only KB4474419 was enough for Malwarebytes to update itself to 4.4.4.126, 1.0.43778 Update package , 1.0.1404 Component Package. Previously, I was all set to install every update noted in Advanced Setup's post. From his list, the only update I already had was 3140245. I was missing 3020369 (tho I have 3020370), as well as 3125574 and 4490628. The list also shows 4516655 and 4516065, following 4474419. I haven't bothered with those two, but maybe they might be required for some future Malwarebytes update? Re the update process itself, it's a while since I've been in the thick of PC work, and have somewhat lost the plot (81 y.o) but I managed to run the msu for KB4474419 that you'd linked and it was only necessary to get offline, then re-liven Windows Updates (which has been off for 2-3 years) after which Windows found the msu without me pointing to it, and installed it. After rebooting I got back online and Malwarebytes updated itself. Quite painless! Thanks Imacri, Porthos and Advanced Setup 🖖. Live long and prosper!

Imacri, thanks heaps for your detailed tips 👍

Hi. I have a licensed Malwarebytes Premium, v.4.4.2.123, Update pack 1.0.43416, Component pack 1.0.1358. I'm a retired PC builder and serviceman. My main computer is running Windows 7 Ultimate and I don't wish to update to W10. Also, I have Windows Updates turned OFF. It's been off since my last reinstall, about two years back. I'm being offered the latest version of MB but it seems to need an SH2 update. Is there a single update file I can download to enable me to install the latest version of MB? Thanks.

Too complicated. I fixed it myself.

MB4.1 Premium: Every day MB finds one SysTweak entry and quarantines it. It's here: Registry Key: 1 PUP.Optional.SysTweak, HKU\S-1-5-21-3036637762-1997984611-3646881626-1000\SOFTWARE\Systweak, Quarantined, 793, 327156, 1.0.22824, , ame, However, a registry check (using RegSeeker 4.7) shows that there are eighteen more SysTweak entries that MB doesn't comment on. See attachment. I can easily delete these entries manually, but I'm curious as to why MB ignores them. Any ideas?

Sounds like a plan

This file, then? C:\ProgramData\Malwarebytes\MBAMService\config

Oh, one more question: Is it possible to save the MB configuration in case of a reinstall?

Good post, thanks for your help 🙂

Thanks. Yeah, I've been using reports to copy paths. Obviously, the programmers failed to properly conceal that function from lesser mortals 🤭 Re excluding folders and drives, I think I'll have to select only my SSD OS drive to 'protect'. And keep looking for a more user-friendly AV app Cheers

Ah, well. At least I can stop searching for the Edit button.

Durn! How do I edit my posts? Crazy app just turned my letter c (I'll keep it lower case) into a smiley

exile360: Sorry, didn't see your post. Scheduled scan, I think. It's set to do it once a day. As I said to Porthos, maybe I should just restrict scans to 😄

Know what you mean, been building and servicing computers for 25+ years. Like a lot of techs I have a love-hate relationship with AV apps. Can't live with 'em and can't live without 'em Maybe I should just set MB to concern itself solely with my SSD C:\ drive. Pretty much all it holds are the OS and a few apps.

exile360: I could have said that better. What I meant was that both boxes were already unchecked. I didn't have to uncheck them. So files are being quarantined without being directed to do so. Porthos: No, not PUPs, executables. But, harmless exe's from an outfit called Nirsoft. The guy writes lots of small apps that are very useful for techs. The more I think about this issue, the more I respect my old NOD32 AV. It could be instructed to just warn about threats, then wait to be told what to do about them. Obviously, AV programmers mostly need to protect the bunnies-people who neither know of, or care about the files that flow in and out of their computer, as long as they're protected from harm. But there's also a sizeable chunk of AV consumers who know what they're doing, know not to click on every exe they find, know to hit the reset button at the slightest hint that the computer has suddenly begun to behave oddly, know to do regular and proper backups, etc, etc. But these guys still need protection, albeit on a level that they can ultimately control. It's like owning a guard dog - you want it bark when it thinks it sees a burglar, but you also want it to learn that it's not to bark at your mates and relatives.

Thanks Porthos, but both ares show the items unchecked 😞

Thanks, you had me quite excited for a moment, but then I found that ' Quarantine all threats automatically ' was already unchecked. 😞

1) Sorry, I dashed that off in a hurry. The notification isn't that big a deal - it's more that the file in question is not only out of reach, but it was put there without my intent or permission, and now I have to interrupt everything I'm doing to reboot, possibly jeopardizing data, before I can retrieve the file. But after that, I have to tell MB to exclude that file from future scans, and that, in itself, is time consuming. Unless I can find the report, and save it as a text or excel file, I can't cut and paste the file's path. I've used a screen grab app to record the path, but even then, it's necessary to read the jpg or png and type the path manually. It really is a PIA.

I think 'expert' users would be glad of the opportunity to do that. But the that irritates me the most is the requirement to reboot before I can restore the quarantined item. I usually have 20 - 30 Firefox tabs open, together with several Word docs and a possibly a game or two and it's a real nuisance to have the app bleating at me to restart the machine.

exile360, thanks, I get it. Let's hope 'they' fix it. Firefox: Good call, I made the changes, cheers 🙂

Firefox, thanks, I'll check out that setting. exile360: I'm not sure what you mean. When I manually enter the path of a file (that isn't there because it's been banished) I can't complete the exercise because the target file can't be 'pointed to'. Hard to explain, hope you get my drift 🙂

Can't find an edit button so I'll post anew: Re my comments above, I'd be quite happy to use command lines to do any of those actions.

exile360: Thanks for your response. Shame about the DOR. However, this nuisance could be ameliorated if MB could be programmed to ask before it acted. NOD32 had this ability. OK, it mightn't be a good idea for inexperienced users to have to decide if a certain file was dodgy or harmless, but there could be an 'expert' setting in the app. I think this should be looked at. As a computer builder\serviceman for 30 years, I know exactly which of my files could be seen as dodgy by an app, but are actually harmless. It's a PIA to have MB keep making arbitrary decisions without consulting me. Oh, and re the copy\paste function. If that's to be implemented, it should be noted that the file in question may not actually be in the location, because MB has already moved it into quarantine. Therefore, you can't enter the path manually because the file isn't there any longer. However, this shouldn't be a problem for a clever programmer...