topangajack

Thank you, MWB Support (LiquidTension). Although this turned out to be a Microsoft problem, I am very grateful for your interest in getting it resolved. If roles were reversed, MS would never have been so accommodating.

LiquidTension - Thanks for the clarification. Since the problem is with Microsoft, I plan to restore my machine to a point prior to the faulty MS definition update, and temporarily turn off MSE auto scanning and updating. Hopefully MS will correct this soon. Thanks!

Dutchman, the MWB tech people will probably come up with a fix soon. I'm shutting down my pc and will check back tomorrow. (fingers crossed) Good luck -Jack

Same issue using Microsoft Security Essentials on a Win 7 machine. MSE keeps shutting down. What to do?

Firefox. I went ahead with the installation and everything seems fine. License activated automatically, etc. Thanks!

Glad to hear the OP resolved their issue. Seems like the latest upgrade still has some rough edges to work out. Should I wait for fixes to be built into the installer? Thanks

I am very grateful for your help! Things could have gotten ugly without those .msi files. Lesson learned: Never delete files from quarantine unless you know it's safe. Thanks again! John

Attached is the log file. Thanks for helping! e3599b68-1a2d-11e9-9e04-6431501fbe1a.zip

Great! BTW - I did attach a scan summary to the original post - but I guess it's not the same as "logs" (?) Thanks

Rich, my apologies, but I will not have access to the PC in question until tomorrow at the earliest. Thanks, John

Several of my Windows .MSI installer files were quarantined as infected with Trojan.Emotet. I [impulsively] deleted the files from quarantine. Now I see that there was a FALSE POSITIVE problem and that these files were probably OK. They may also be important! I realize that I jumped the gun by deleting them, so the question is, is there any way to find them and restore them? I tried a data recovery tool (Recuva) and found nothing. I also tried System Restore twice but they would not complete - "missing file" error. Please see attached Scan Summary. Thanks! scan.txt

Good News! The lastest MWB update fixed the problem! The quarantined files were restored and Express VPN is again working. THANKS Rich Matteo /shadowwar and all the other fine folks at MWB! This is how customer service should work - I'm very impressed.

Thanks for the speedy reply! So, do you think I should white list it, or wait for the update. I don't need the vpn immediately. Edit: I think I answered my own question

Today, MWB scans of two Win 7 PCs detected RiskWare.BitCoinMiner in Express VPN. The files were quarantined and the vpn no longer works. I contacted Express VPN and they claim this is a False Positive. Scan log: "Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/12/17 Scan Time: 11:30 AM Log File: MWB Scan 9-12-17.txt Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.160 Update Package Version: 1.0.2786 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Hyper Scan Result: Completed Objects Scanned: 2124 Threats Detected: 4 Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 0 min, 59 sec -Scan Options- Memory: Enabled Startup: Disabled Filesystem: Disabled Archives: Enabled Rootkits: Disabled Heuristics: Disabled PUP: Enabled PUM: Enabled -Scan Details- Process: 1 RiskWare.BitCoinMiner, C:\PROGRAM FILES (X86)\EXPRESSVPN\BOOTSTRAP\AMD64\NSSM.EXE, No Action By User, [94], [434082],1.0.2786 Module: 1 RiskWare.BitCoinMiner, C:\PROGRAM FILES (X86)\EXPRESSVPN\BOOTSTRAP\AMD64\NSSM.EXE, No Action By User, [94], [434082],1.0.2786 Registry Key: 1 RiskWare.BitCoinMiner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ExpressVpnService, No Action By User, [94], [434082],1.0.2786 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 RiskWare.BitCoinMiner, C:\PROGRAM FILES (X86)\EXPRESSVPN\BOOTSTRAP\AMD64\NSSM.EXE, No Action By User, [94], [434082],1.0.2786 Physical Sector: 0 (No malicious items detected) (end)" Can you confirm that this is a FP? Thanks

No external devices plugged in except wireless mouse. Just 1 monitor. No CD or DVD in tray. Still will not boot. Are there any tools that you recommend that I can download (I have a laptop available - using now) that might get the desktop to boot and repair windows? Or, do you think I will have to remove the hard drive and reformat (it in another PC?) What do you suggest? Thanks

Yes, I can get that screen asking to boot from CD or DVD, but it will go no further. It is not able to boot. It just hangs and does nothing. Thank you for white listing the file, but I am more concerned about my HDD being totally disabled after MWB instructed me to re-start in order to delete the file. I do not know how I can recover my system or even reinstall windows under these circumstances.....

thisisu, I will check back in later. I hope we can avoid having to buy and install a new copy of windows. Thanks for your assistance

In the meantime, I think I found a copy of the old installer file for the IDrive program that produced the Ransomware quarantine. CAUTION: I changed the .exe extension to .doc so I could attach it here for you. You will need to change it back to .exe if you want to test it (carefully, of course) IDriveSetup.doc

It gets this far and stops. No activity on hard drive per indicator light

I've tried Last Known Good configuration several times. No luck. I'll try Disable auto Restart... now. FYI - see post No. 5 for photo of BSOD screen

Safe mode does not fully load. It hangs... see photo of hang when "Safe Mode with Command Prompt" is selected.

Also, photo of initial MWB alert of IDrive as "Ransomware"

Model? HP Pavilion p6610f - a desktop. Secure Boot enabled? Not sure. I made no changes (that I am aware of) concerning this since purchasing the computer. Flash Drive? Yes, I have a 32gb usb flash drive Photo attached.

Hi, thanks for your advice. I downloaded the IDrive file 3.4.4.0 long ago at https://www.idrive.com/online-backup-download [now it says, "Downloads for accounts created prior to 11-23-2011 - WINDOWS"] I have a set of HP Recovery Discs that I made when I first got the PC. Unfortunately, running them never results in any usable dialog screen, message, and no progress bar. The best I get is a blue screen with pretty sun-rays and a mouse cursor. Nothing else appears. Running windows repair, system recovery, and startup repair brings up the same blue screen with no hard drive activity indicated by the light on the case. I can find no way to get past this. This was a stable system prior to MWB trying to delete the suspect file.