Jump to content

ChrisL

Members
  • Content Count

    6
  • Joined

  • Last visited

About ChrisL

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I have the 3-device licence for Malwarebytes Premium, when I go into My Account on this site it tells me I have two of my three licences activated. I know I've activated it on my desktop PC, but I don't know what device the other licence is activated on. I don't have a laptop and I've only just installed it on my tablet so it's still on the free 30-day trial licence. It's possible they're both on the PC, because I re-installed Windows a few weeks ago, but I was careful to deactivate MB before I did so, so it shouldn't be activated twice on the same machine. Is it possible to see what devices MB thinks I've activated? All I can see is a link to Deactivate All, so I could click it then re-activate it on the PC which would clear out the unknown one, but is there any way of getting the MB site to tell me where it thinks my licences are activated? If not it could be a useful feature to add, even if it only listed the machine name or MAC address.
  2. Update: I tried turning on Windows Defender and got a message to say it was turned off in Group Policy, so unless there's some component running which hasn't been turned off by GP, Defender can't be running. It's strange that MBST reports it as enabled though. I've enabled boot logging in MSConfig and uninstalled MB using the uninstaller in MBST, in case it's more thorough than the mb-clean utility. It's quite possible that MBST just invokes mb-clean, but you said MBST was "the newer and improved version of a log gathering and clean tool" so I thought I'd try it. (Is MBST a better cleaner than mb-clean, or are they the same?) I rebooted the machine and checked the log file. It said that it had loaded a couple of the MB drivers, mbamswissarmy.sys and MbamChameleon.sys, so somehow they'd survived the reboot. I rebooted again and checked the new boot log and they hadn't survived that one. farflt.sys wasn't listed in either of the boot logs. I've re-installed MB, it went on and started up okay and I was able to turn off the anti-ransomware. So far the machine seems stable, MB has updated itself but I haven't yet run a scan. The boot log says Loaded driver \SystemRoot\System32\Drivers\mbamswissarmy.sys Loaded driver \SystemRoot\system32\DRIVERS\mwac.sys Loaded driver \??\C:\Windows\system32\drivers\mbae.sys Loaded driver \SystemRoot\System32\Drivers\MbamChameleon.sys Loaded driver \SystemRoot\system32\DRIVERS\mbam.sys Loaded driver \SystemRoot\system32\DRIVERS\farflt.sys So it's successfully loaded farflt, but I've now told MB not to use it. I'll use the PC for a while and see if it remains stable, if so I'll try re-enabling anti-ransomware. I'll report back shortly, but if the log files I uploaded last night give you any clues as to what's been happening I'd be very interested (I'm sure you'll be interested in what the problem is/was as well!) Thanks
  3. It took a while to run the MBST tool, as it involved installing .NET 4 and then installing about a million updates for it, but I got there eventually. I hope you can find something useful in the vast amount of information it's gathered! Skimming through the wealth of information one thing caught my eye, which may or may not be relevant. In the file mbst-check-results.txt it says Anti-Spyware Product : Windows Defender Up To Date: Yes Enabled: On However if I try to run Windows Defender from Control Panel it says that "This program is turned off" and invites me to turn it on, so is part of it enabled and blocking MB from either installing properly or running? mbst-grab-results.zip
  4. MB wouldn't run, even though it appeared to be installed, it said it couldn't connect the Service. I couldn't re-install over the top of it, so I used MB-clean, rebooted and installed from start. I got the BSOD as soon as it had finished, presumably as it tried to run. The BSOD said something like "farflt.sys unloaded without closing running processes" (or something along those lines). I've rebooted and logged in again in Normal mode, the machine seems stable but MB won't even try to run, it says it can't connect the Service when I try to launch it from the Desktop icon. The Service is listed in Services but not running, when I try to start it manually it times out with a message "Error 1053: The service did not respond to the start or control request in a timely manner". I've turned AVG off to test MB, the service still won't start. (I've had AVG running alongside MB for three or four years, so they should be able to co-exist happily.) Windows Defender is off. I've added MB to the Allowed list in Windows Firewall. Something is now stopping MB from starting for some reason. There's no other security software running, but I seem to remember a message when I was installing to say that Windows was going to block something or other and was I okay with that. I can't remember what it was now, but MB ran (albeit problematically) for some time after the installation, so that probably isn't the problem anyway. I've looked at Event Viewer, there's nothing much that jumps out at me apart from a few notifications that the MB service didn't start (details below) and a notification that a timeout was reached (30000 milliseconds) while waiting for the MB service to start. There are also three entries under Applications and Services Logs/Microsoft-Windows-WER-Diagnostics/Operational that say "Possible heap corruption detected (exception code 3221225477). Initiating further diagnostics." Hopefully these symptoms might give you a further clue as to what's happening! - System - Provider [ Name] Service Control Manager [ Guid] {555908d1-a6d7-4695-8e1e-26931d2012f4} [ EventSourceName] Service Control Manager - EventID 7000 [ Qualifiers] 49152 Version 0 Level 2 Task 0 Opcode 0 Keywords 0x8080000000000000 - TimeCreated [ SystemTime] 2018-09-01T18:43:22.953737100Z EventRecordID 3260 Correlation - Execution [ ProcessID] 504 [ ThreadID] 5096 Channel System Computer DC-7800 Security - EventData param1 Malwarebytes Service param2 %%1053
  5. Hi, Thanks for the quick reply, the Memory.zip file is at https://we.tl/t-OnBXGrOARj For information, MB isn't running at all at the moment and the PC appears to be completely stable in normal mode. Thanks!
  6. I'm getting the BSOD with farflt.sys listed as the cause. I've seen that others have had the same problem, but the topics were fairly old so I thought it best to start a new one. The machine is an HP Compaq PC. I reinstalled Windows 7 Pro 32-bit yesterday and put all the software on top, including MB Premium. I had to install MB twice because it errored, but it went on okay second time and I was using the PC for a few hours without problems last night. As well as installing software like Office, and setting up Outlook, I've run Windows Update and installed all the updates it wanted, including SP1. This morning it started BSOD on boot, with farflt.sys given as the culprit. Windows runs okay in Safe Mode but not in normal mode. Following instructions given in other posts I ran mb-clean in Safe Mode, which seemed to work okay, rebooted into Normal Mode, which came up okay, then re-installed MB. It seemed to install okay but didn't even wait until I rebooted before it went BSOD. I've run FRST and MB-Check and attached the zip file, and also attached the minidump file from one of the BSOD's, so I'm hoping someone will be able to tell me what's wrong. I'm running AVG Free - does MB "fight" with AVG? The built-in Windows virus checker is running as well, so is there a problem there? I've also installed Trusteer Rapport, which my bank recommends, but it's created by IBM so should be safe. I don't want to have to turn off anti-ransomware in MB, as the main reason I bought MB was because I was the victim of a ransomware attack a few years ago, which fortunately didn't cause much damage as I saw what was happening very early and stopped it. If anyone can tell me what's happening and how to stop it I'd be grateful. mb-check-results.zip 090118-29406-01.dmp
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.