Jump to content


  • Content Count

  • Joined

  • Last visited

Posts posted by Fab4

  1. I installed Malwarebytes 3.0 trial version and I noticed in Windows Security Center under Virus and Threat Protection it says another AV was active (meaning Defender was no longer the active AV) According to this forum's FAQ's, it says: "If there is only a Microsoft antivirus registered and active, we will not register in Windows Security Center in order to preserve the benefit of layered security."

    I don't have any third party AV installed. Why does the AV protection in Defender become inactive after installing Malwarebytes 3 (trial version)?  I want to purchase a subscription to the premium version but I want to be able to have the Virus and Threat protection with Microsoft Defender activated.  The FAQ's on this forum mentions something about changing a Malwarebytes 3 setting to force Malwarebytes 3 to “never register. How do you de-activate only the Malwarebytes AV security layer?           

  2. Hello Ron,

    First of all, I deleted the FRST folder in safe mode.

    The real reason I'm responding back is related to a question that I was hoping you can share your thoughts / or a comment regarding the malware that was just removed.

    After my initial individual efforts using Malwarebytes3 and AdwCleaner, and also through your guidance, my system now starts to try automatically installing the Intel Software Guard Extensions (SGX) driver. The automatic install repeatedly fails after becoming stuck in queue.  

    My question is probably outside the boundaries or scope of this forum, but I was wondering whether SGX may have been waiting to install until recognizing a clean system. The driver tries to install since SGX was set up to be supported in a ready state on my system from the factory configuration in the BIOS setting known as 'Software Controlled'.  

    I was wondering whether you know if Windows 10, upon recognizing a clean system and the platform enabled is now trying to install the driver.  I wasn't aware my system even met all the full criteria for SGX until noticing these repeated failures to install the driver.      

    Thank you     

  3. The system is running fine thank you... No signs of infection.

    I'll check to verify that the OEM has the latest network driver.

    3 hours ago, AdvancedSetup said:

    If there is anything else I can assist you with please let me know.


    I found the files quarantined in C:\ FRST\Quarantine\C \ProgramFiles(x86)\DriverToolkit  

    Questions: Do you recommended (deleting) the quarantined files?  Can this entire path directory be safely deleted?  

  4. Hello

    I've attached all the log files per the instructions.

    DriverToolkit PUPs were removed from C:\ProgramFiles(x86)\DriverToolkit.

    I'm not at all familiar with the Farbar recovery scan tool. I'm not sure what the tool performs. I don't know where to look to find the quarantined DriverToolkit PUPs 

    The Fixlog reported under =Remove Proxy= that 4 registry entries were removed. Also Fixlog reported C:\Program Files(x86)\DriverToolkit  => moved successfully    




    Addition.txt FRST.txt AdwCleaner[C02].txt MB3 Threat Scan.txt Fixlog.txt

  5. alrighty okey-doke then. Since almost 24 hrs passed since my post, I assume the standard protocol on this forum for reaching the support team is to first attach the mbst-grab results zip file. I don't know why exactly this would necessitate invoking a response unless if my screen shot didn't show the same files that are on the list of quarantine files from the Malwarebytes log (file:14) posted on the Removal Instructions

    I do need to bring to attention one fact however and that is this. I ran AdwCleaner BEFORE running Malwarebytes 3. AdwCleaner quarantined most of the DriverToolkit PUP's.  Therefore I believed it necessary to attach the log file(s) from AdwCleaner  (before and after quarantine) 

    Sorry if I've stepped on anyone's feet. I'm still learning the nightclub two-step      

    mbst-grab-results.zip AdwCleaner[C01].txt AdwCleaner[S01].txt

  6. I ran into a big problem with the Windows 10 feature update that I couldn't solve. I contacted Microsoft the first time in like 10 years. I requested level 2 support... and MS offered to troubleshoot the headache by remotely assist. Without my consent or knowledge they installed DriverAssist by Megaify Software. Seriously, to troubleshoot a problem with Windows update?  Unfathomable.

    After screaming obscenities, I ran Malwarebytes and AdwCleaner to scan & quarantine the PUP's and registry entries. Malwarebytes quarantined all except four files in a folder called C:\Program Files(x86)\Driver Toolkit . Two files are driver package installers (DPInst64.exe and DPInst32.exe) that Virus Total lists as Signed files, Valid signatures by Microsoft Corporation. The other two are dynamic link libraries (msvcp100.dll and msvcr100.dll), again which Virus Total blessed.

    I want to delete the entire folder - Driver Toolkit. I don't know why MBAM wouldn't touch them with all the PUP's it found in that folder. Ideas on the best way to handle these ?   

    MalwareBytes Forum.JPG

  7. I have the feature update of version 1809 build 17763 Windows 10 that I received in December 2018 through the Windows Update process. I have been running Windows 10 without any issues whatsoever (knock on wood). The previous version I undated from also had no issues either which was version 1803.

    I enabled the Windows ransomware protection just last month for the first time and it performed flawlessly without any issues. It automatically creating protected folders and allowed me to add apps through the Controlled Folder Access in Windows 10 settings.  

    Approximately the week following after enabling Windows ransomware protection, I installed the Premium 'trial' version of Malwarebytes, unaware that Malwarebytes premium comes with anti-ransomware. After I installed the Malwarebytes trial version, I began to notice issues with not only Windows ransomware protection that I had not seen before, but also my printer unable to print from a browser.  I only recently purchased a new Dell XPS desktop 1 year ago.

    This is a breakdown of issues I've experienced :

    1) Windows notifications prompts me that ransomware protection is blocking the apps I already added as allowed apps while running them from a USB thumb drive.  

    2) After deciding to focus on resolving the printer issue and troubleshooting with Dell on the printer, the only resolution to fix the print issue was to perform a system restore . I saw only two choices of system restore dates to select - the date MalwareBtyes was installed and after it was installed. I selected the former. The printer issue was resolved and Malwarebytes could no longer be ran.

    3) My focus turned toward troubleshooting the Windows ransomware protection. I'm still receiving Windows notifications whenever I run a portable app from the USB drive that says these apps are being blocked even though the apps were already added. I can see those apps added under Controlled Folder Access in Windows settings.

    My concern is that I can see a lot of remnants of Malwarebytes that are scattered throughout my system files and registry. The most logical method I know to successfully remove all of the traces and leftovers would be to re-install the MalwareBytes trial version, and then perform a clean un-install with an uninstaller tool. The problem with that method however is my system already installed the trial version, so I will not be permitted another re-install.

    After reflecting back on what sequence of events had to have caused these issues, I have to derive from those experiences that all of the issues began prior to the restore which leads me to conclude the installation of the MB application likely caused a conflict

    I can only make a request at this point to Malwarebytes if it's at all possible, on whether a temporary key for re-installing the trial version could be issued so that I can perform a clean un-install.  It would be the easiest and cleanest method. However if there is a better resolution, I am most willing to give something else a try.

    Thank you in advance      



  8. After the acquisition last year and the fact that one can't download Windows Firewall Control directly from Malwarebytes official website, does Malwarebytes offer support to a user where they might be experiencing with the latest version?  A recent article on Ghacks cited their source from Malwarebytes asking users to uninstall the current version of Windows Firewall Control manually before they run the installer again.  Other than the measure to uninstall previous versions, there are very few posts that I could find on Malwarebytes forum about problems encountered.  It would build greater assurance if one knew who to turn to for support. At least, I'd feel better knowing if I ran into a problem with Windows Defender Firewall. I've already made recent changes to the default settings to block all outbound traffic.   

    I never used WFC before and I haven't installed it yet. I thought I would perform all the changes from the settings in Defender first before installing the application. Then after installing WFC, the options to add rules to allow programs to make connections would prevent Defender maybe from having the tendancy to complain, or maybe a least amount of notifications. I'm currently running Malwarebytes Premium so I suppose no news is good news on the MalwareBytes forum about WFC running at the same time potentially conflicting with one another. 


  9. Further reading on Google has led me to more understanding behind Google's bolstered efforts, beginning on Chrome (beta) for Android (64.0.3282.29). This was supposed to include big changes on the browser's security side. It was in version 64 that it's pop-up blocker features behavior was included so that it would be more efficient at blocking re-directs.

    After disabling Javascript for the very first time today as suggested, I noticed an inability to log in to some online accounts. 

    Yet my device has been updated to Chrome stable version 64.0.3282.119 ever since Feb. 1st with the stronger pop-up blocker, and my browser experienced one instance as I mentioned at the beginning of this thread.

    I'm finding that I'm often misunderstanding the terms frequently used  - Ads and Pop-ups. These seem to mean those commonly related less threat-like, nuisances.

    Malvertising , however, seems to be a term more suited to  differentiate what appeared to have occurred on my stable Chrome browser. Security features often seem lacking better descriptive term(s) or else they use the terms 'Ads and Pop-ups' interchangeably to mean a security threat similar to the four or five occurances that happened on my Chrome browser.

    Certainly, Ads that  'pop-up' in a window that have an 'X' to close that window while viewing the website page, can not be the identical type of threat as when on a web page that suddenly opens links in new tabs and re-directs the old tab to a new URL.

    Google just released Chrome for Android 65.0.3325.53 (beta) on Feb. 6. I'm planning to wait for the stable version from Google Play to be available to see whether any security bugs may have been found in 64. In the meantime, I'll have to keep toggling JavaScript 'on' and 'off'.






  10. Thanks. I've been actively looking for another Browser for Android. In addition to Opera that you mentioned, I've been reading about Firefox as an option to mask the Browser and OS. I can't remember for certain whether it had , or still has built-in UA masking script to spoof sites to thinking you're using another browser. 

    I know Chrome (for desktop) has an extension offered by Google. The odd thing about that is, Google states it does NOT increase your browsing security? So I can't see the reason why Google developers created it.

    Thanks for the tips !





  11. Thanks. I see. It started to concern me if it has a potential to spread malicious software. Or maybe I'm confusing the Browser User-agent with something different. 

    Then based on the analogy of looking both ways for traffic before crossing, based on the specific content I received, then this Browser User-Agent is similar to vehicular traffic that one has no control over, but one needs to be cautious of (URL), since these nefarious sites can pick up browsing habits, and choose to target whomever based on what that person had been searching with their browser which was reported to the web. Am I sort of correct? I didn't read about this on MB.

  12. Hey

    Would it be impossible for a brand new 'bone' stock Android phone to be infected with malicious software from Scareware or Prize pop-ups? I have seen about five of them since getting the phone and setting it up - most were spoofing Google, saying my device was infected. The most recent was spoofing Amazon saying I won $1,000. 

    I had been using Chrome only while accessing the internet on my home wifi network while signed into my Google account,  and shutting down the phone after the Google spoofs occurred. On the most recent last pop up that was spoofing Amazon, I answered the three survey questions, and shut down the phone right away ( I know, I took the bait and I was stupid) but hey, Amazon really does promote through their 3rd party affiliates a sweepstakes. It's posted on their actual site. 

    Anyway, I just purchased an Essential PH-1 which has zero, nada, no reports of adware/malware ever being shipped on any phone. Essential Products is new start up that just released their first flagship phone last year.

    I've downloaded only one app onto this phone from Play Store since buying it (late December), but I was already receiving the Scareware before I downloaded the app.

    The only other scenario I can think of that might have started this on my phone is Chrome sync is involved someway.  I called my ISP to ask them to run diagnostics to find if an attacker changed my DNS server setting, or if my router's remote admin interfaces we're hacked. They said nothing seemed to show evidence of this occuring.

    Consider then if any data had been maliciously manipulated by an attacker who got control of one desktop which uses a Chrome browser (specifically an unsupported Chrome browser on an unsupported Windows OS desktop), would it be then possible that this data could be spread via Chrome sync and cause spoofing scareware to appear on the Android phone? (Only one Google account exists). 

    Here is how I understand what might explain this better. 

    Google Chrome (both the desktop and mobile versions) records a significant amount of data –  from internet browsing activity,  bookmarks, tabs, passwords, and more  – and syncs across all of the devices logged into with that Google account. As soon as a login into a brand new device is made with that Google account, all of the previously synced data is brought over and saved to the new device, resulting in an overhaul of the Chrome application on that device.

    Can this be possible?? I know Chrome for mobile doesn't have extensions or apps.

    If not, could someone provide another explanation?

    And back to asking the original question again after reading this thread, 

    Would it be impossible for a brand new stock Android to be infected with malware from Scareware / pop-ups?






Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.