Jump to content

Dave-H

Honorary Members
  • Posts

    118
  • Joined

  • Last visited

Everything posted by Dave-H

  1. The registry keys are certainly protected, I get "access denied" if I try to change them, but I can kill MBAMService.exe with Task Manager. It immediately runs again if I do, but it does terminate. I don't know if that's expected behaviour. I can also stop the service using the Services MMC as well, as I mentioned in an earlier post, but I gather from the reply that is expected behaviour. 🙂
  2. Yes, you could well be right, this is all very strange indeed! Actually the anti-exploit protection, where the original problem was, seems to be fine now, it's the self-preservation module I'm now having issues with! I must say that I'm now sorely tempted to just leave the self-protection service on system start and not boot start, and hope that it's still doing everything that it should in that mode. The main program certainly seems to be happy that the early self-preservation protection is enabled in that mode. Presumably it won't start quite so early in system mode as it will in boot mode, but I don't know how much the delay would be and whether that compromises it in any way. 🙂
  3. Yes, I did wonder about that, and I tried two earlier versions that people online said worked fine with XP, 3.20 and 2.96. Neither of them worked to log the system boot either! All the versions I've tried, 3.50, 3.20, and 2.96 seem to work fine when run normally, logging all the system activity as they should, but the boot logging system doesn't seem to do what it should at all. Another mystery. 🙂
  4. Really sorry about this, but I'm having real trouble getting a boot log out of Process Monitor! I can set it to produce one, and it seems to be doing all the right things, setting a boot service in the registry to run on the next boot, using PROCMON24.SYS as the driver, but when I reboot, nothing happens and nothing is recorded. I've looked and looked online, and I can find no reason for this. There are no error messages being logged, but I can only assume that the temporary boot service that Process Monitor is installing to do this is not actually running for some reason, in the same way as the mbamchameleon boot service isn't running! Any ideas? 🙂
  5. BTW, we have now moved a long way from my original subject title for this thread! Would it be possible to change it to something more general like "Malwarebytes Installation Problems on Windows XP"? 🙂
  6. Thanks, but I have already done that procedure many tim Thanks, but I have already done that many times before, and the end result is always the same, I doubt that doing it again will be any different! After the uninstall and clean the re-installation seems to go fine, but the self-protection module is shown as being completely turned off. If I try to enable the self-protection module, the interface just immediately and permanently freezes. I obviously can't alter the early start setting either as the main setting isn't switched on. It's shown as being on, but greyed out. The only way I've found to fix this is to manually change the mbamchameleon service's start type from "boot" to "system" in the registry. As I said earlier, the service is actually running eventually when it's set to "boot" but only after an initial error message in the Windows log that it had failed to start. It's then logged as actually starting about 5 seconds after the error message was logged. Cheers, Dave. 🙂
  7. Hi again. I've just checked the Windows System Log again, and if the mbamchameleon service is logged as having failed to run, it does in fact then run according to the log, exactly five seconds later! This delay is presumably what's causing the problem with the interface, as it thinks the service isn't running as it didn't start on boot, but when you try to run it by switching on the self-protection, it can't do it because the service is in fact running by then, and the consequence of trying to switch on a service already switched on causes the interface to crash! It obviously isn't enabled properly anyway, as I can still change its startup type by editing the registry, which I shouldn't be able to do if it's working properly, as it's one of the registry keys which should be protected by it. 🙂
  8. Hi again and thanks. I tried the 4Shared link and it worked fine for me, so I don't know what's wrong there. Anyway, I have uploaded it to WeTransfer too now. The link is - https://we.tl/t-u9fzUuVS2g I set the mbamchameleon service to boot start in the registry, and when I restarted I again got the Windows System Log message that it had failed to start ("The following boot-start or system-start driver(s) failed to load: mbamchameleon.") It is still set to start type 0 in the registry. The "enable self-protection module" option in the MB interface is shown as off, and as before if I try to turn it on the interface just permanently freezes and has to be forcibly terminated. However, after running your two commands, the Windows System Log now says that the service was started ("The mbamchameleon service was successfully sent a start control."), although the MB interface hasn't changed. The query.txt file is attached. Cheers, Dave. 🙂 query.txt
  9. Hi again, sorry for the delay! I did a test install of Firefox 52.9 ESR on Windows 10, and the Malwarebytes extension did not work in it. I think that proves that the problem is nothing to do with the operating system, it's the Firefox version. I guess it just doesn't work with 52 ESR for some reason, and I guess in that case it won't actually work with any versions of Firefox earlier than a certain point. If you can find what the earliest version it will work with is, that information should be added to its download page, and in fact it should be blocked from installing on versions it won't work with! Cheers, Dave. 🙂
  10. Hi again. I've done a bit more experimenting, and I've managed to get things back to running as they were before. It appears that the self-protection settings do simply change the start type of the mbamchameleon service. If self-protection is completely switched off, the service is set to type 4 (disabled). If it's on but not early start, the service is set to type 2 (automatic), and if the early start is on it's set to type 0 (boot). That makes perfect sense, but it's that last configuration that doesn't work, the service will not start as a boot service. Setting it manually to start type 1 (system) seems to work around this, and the service presumably still starts early enough for the early start setting to show as being on. Why it won't start as a boot type service is a mystery though. Cheers, Dave. 🙂
  11. Thanks, yes I looked again and the link you gave is to version 3.50 of course! D'oh! I guess that is the last version, and runs fine on XP as you say, despite what they say. I guess being part of Microsoft they're not allowed to acknowledge the existence of XP any more, in fact I'm surprised they haven't remove the reference to Vista now too! Anyway, I ran Process Monitor, and then tried to switch on the "Enable self-protection module early start" option again, and still nothing appeared to happen. I stopped the trace and saved the file. It's here - https://www.4shared.com/file/VGdDwxZrda/Logfile.html I don't know what it will show though, as I say the function seems to be completely non-functional at the moment. Cheers, Dave. 🙂
  12. Hi, thanks and sorry for the delay in responding, I was very busy yesterday away from home most of the day! I switched off "Enable self-protection module early start", waited 10 seconds, and then it wouldn't turn on again! Even after a reboot it's still off and won't switch on. The normal self-protection on/off option is still apparently switched on. The version of Process Monitor that you gave a link to doesn't work on Windows XP, it needs at least Vista. I do already have version 3.50, which I suspect is the last that does work on XP, I assume that's OK for any further testing? Cheers, Dave. 🙂
  13. Thanks, I've done that and the logs are attached. I also switched on the enhanced log collection function. "Enable self-protection module early start" indicates that it is switched on. Both the log gatherings were done with the mbamchameleon service startup type set in the registry to "system" (type 1) instead of "boot" (type 0) which is the default. Cheers, Dave. 🙂 mbst-grab-results-prereboot.zip mbst-grab-results-postreboot.zip
  14. Thanks @rakeshsejwal! I suspect that the problem is just the old version of Firefox, not the operating system it's running on. When I have a chance I will do a test install of FF 52.9 ESR on Windows 10 (I have a multi-boot machine!) and see if it works on that. If not, that will prove it's the age of the Firefox version that's the problem with the add-on, and in that case the wording on its Firefox extensions download page should be amended to reflect that. At the moment it doesn't say that there's any restrictions on what versions it will work with. 🙂
  15. No problem, Happy New Year! 👍 The issue is that although the extension appears to install OK, it doesn't then actually do anything! No numbers ever appear on its icon, and it's not putting up any warnings on test websites. It does work fine with Firefox 64 on Windows 8.1, but I'm trying to use it with Firefox 52 ESR on Windows XP. Firefox 52.9 ESR is the last Firefox version that will run on XP. 🙂
  16. Thanks everyone! Good to be made aware that MB and EMET don't play well together. It's good to know that MB in fact does everything that EMET does, and I'm sure a lot better, as you have to use quite an old version of EMET if you're still running XP. I have now disabled EMET. EMET I'm sure cannot be the cause of the problems however, as I did several installs of MB in a clean boot environment, with nothing running except the core services that Windows needs to run. This included EMET of course. This made no difference to the MB installation. Anyway, MB seems to be running OK now, touch wood. The only anomaly still present, which is still there even after getting rid of EMET, is that the mbamchameleon service will not run as a boot start service, only as a system start service. I tried putting it back to boot start, and it no longer ran on system startup. Whether leaving it like this compromises any of the MB protection I don't know. You are right that my system is extremely non-standard, so I'm probably lucky that MB works at all, that's more than the latest versions of Avast will! The main Avast service, on which the whole thing depends, won't even run at all. Cheers, Dave. 🙂
  17. That is the question! Something on my system is causing problems with security software, and I haven't been able to identify it. In the case of both Avast and Malwarebytes, there were boot services that loaded fine on the original installation, but would not load subsequently unless they were changed to system services instead of boot services. I've also tried Panda Security, and that had problems too, similar to Avast. Services starting really slowly or not at all, and also hanging the shutdown of the system as they won't release the registry. All very odd, and these are all systems which are supposed to still work fine with Windows XP, and many people say that they do! It's a multi-boot system using a dual processor server motherboard with Windows XP on a FAT32 drive, all things that could potentially cause problems, but I've never been able to find out exactly what the issue is. ☹️
  18. OK, after yet another uninstall/clean/reinstall session I've made some progress! As before, when the program was first installed, the anti-exploit module wouldn't run, but the self-preservation module was fine. Again after rebooting, the anti-exploit module was on, and the self-preservation module was off, and couldn't be turned on. Later on I happened to look in the Windows System log, and there on every boot, there was an error message saying - The following boot-start or system-start driver(s) failed to load: mbamchameleon Now this jogged my memory as I had a similar issue with Avast a few months ago when I was trying to get that to work! There were two boot services there which were also failing to start, and I discovered that if I changed their start type from "boot" to "system" they did work. I tried the same with mbamchameleon, and lo and behold it now starts and the self-preservation and anti-exploit modules are both working! I tried to edit the registry entry for the service again, and it blocked me, so it is working. However, there still seems to be no block on me stopping the main Malwarebytes service using the Windows Services MMC interface, or indeed setting it to disabled! Should the self-preservation module prevent that? 🙂
  19. Thanks very much for that! Those Norton programs are part of the (very) old Norton Utilities suite. There are no anti-virus or anti-malware programs there, they are just maintenance tools. There are no processes running permanently from any of them, so it's very unlikely that they are affecting Malwarebytes in any way. After a lot of uninstall/clean/reinstall cycles, I'm now back as before, with everything looking OK apart from the self-protection function not being switched on, and the whole interface just freezing permanently if I try to turn it on. The only other security software that i have installed and running is Trusteer Rapport, but disabling that makes no difference. It seems to me that my MB installation is always in one of two states. Either the Anti-Exploit function is enabled and the self-protection function is not enabled, or vice-versa. There seems to be no way of getting both functions enabled at the same time. If I uninstall and reinstall, the self-protection module is enabled and OK, but Anti-Exploit won''t switch on, and then if I reboot a few times, the Anti-Exploit function does turn on, but the self-protection module is then switched off, and cannot be turned on again, just freezing the interface if I try. ☹️
  20. Hi again, I don't know if anyone is now looking at this problem, but yesterday I had to disable MB temporarily to test something, and I switched off the self-protection module and stopped the main service. To my amazement, when I rebooted, I found that the anti-exploit function was now enabled! It now seems to be keeping working, but there's now another problem! I now can't switch the self-protection module back on again. If I try to do it, the MB interface just immediately and permanently freezes, and has to be forcibly terminated with the Windows Task Manager. Anyone any ideas on that? Cheers, Dave. 🙂
  21. Thanks, so MB Premium and the MB browser add-on are completely independent of each other, which is what I thought. I do like a lot of what the MB add-on does compared to its alternatives, so I hope it can be fixed to work on Firefox ESR versions, if indeed them being ESR versions is the problem. If it can't be fixed, then the page for it on the Firefox add-ons download site needs to be amended to say that it doesn't work on ESR versions, or even better just to not let you download and install it if an ESR version is detected. I assume it won't work with very old versions of normal Firefox as well, but there's no mention of that on the page either. 🙂
  22. I hope I'm considered worthy at some point! Anyway, back on topic, FWIW I've uninstalled the MB Add-On, and as a test I've installed the latest version of the Avast equivalent. That works perfectly, so this type of add-on obviously can work with this version of Firefox! I'm sure the two add-ons are very different in the way they work of course, but just thought I'd mention that. Am I right in assuming that the Malwarebytes add-on does not interact in any way with Malwarebytes Premium if it's installed? If that's the case there is presumably no advantage in using the MB add-on in preference to another simply because you have the full program installed. 🙂
  23. Understood. Do you get editing rights automatically after a certain number of posts or something like that, or is it something witch is only granted manually by the moderators? Not fishing for it, just wondering! 🙂
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.