HarryZ

Aloha, I believe I've found a false positive. I downloaded a product called Antivirus Removal Tool. Un-zipped it into the directory where I want to keep it and everything is OK. However, as soon as I click on the .exe file, Malwarebytes quarantines it. The .zip file is too large to attach to this forum entry, so please download it from the link provided. I will attach the text output from Malwarebytes for Windows showing the detection. Also please note that scanning the folder also shows the 'malware' detection. I will also let the program author know about this issue. There are also a couple related issues, if I need to report these in a different forum, just let me know 1) There was no pop-up message from Malwarebytes to notify me that it had quarantined the file. I'm assuming there would be one in this type of instance 2) After opening the Detection History, selecting the file, and clicking 'Restore', Malwarebytes quarantines the file when I try to run it after the restore. I'm assuming that running the Restore would create an exception, or do I have to do that manually? Mahalo, Harry Z malwarebytes detection log.txt

Aloha @mbam_mtbr. App list generated and sent per your request. Also sent the incident number via PM. Mahalo for your assistance!

Aloha everyone. I have a Google Pixel 4, Android 10 security patch level July 5, 2020, Malwarebytes V 3.7.5.8. A couple of weeks ago, it started showing me ads when I would unlock the phone. It did this most of the time, but not all of the time. See attachment Pixel ads.zip. All the ads had the same look, and seemed to be for reputable companies, so I just thought google was targeting me with unwanted ads. Could not find a way to turn them off, so I just ignored them. The ads were full screen, and I was unable to figure out what program they were associated with. (I'd love a link to instructions on how to do this...) Yesterday, the ads changed. They were in Chrome and obviously fake (Congratulations! you've just done the 5 billionth search on google! Click here....). Also links to some fake cleaners and other junkware. Always in Chrome, so I disabled Chrome. Now they come up in Brave. Again, this only shows up when I unlock my phone from the home screen. If I lock my phone while in an app, then I see that app when I unlock the phone. And, it does not do this 100% of the time. I've reviewed all installed apps, and do not see any that I did not install personally. The one app that I installed around the time all of this started, I have already uninstalled. Manual scan with Malwarebytes shows my phone as clean. Any assistance would be greatly appreciated. Mahalo, Harry Z Pixel ads.zip

Aloha @AdvancedSetup. Removing File Assassin has fixed the problem! Mahalo for your assistance! Unless you have something else for me to do, then I consider this 'Solved'. One item left to take care of. I got bounced around the forums trying to locate the forum that provides support for Support Tool. Can you update the page with the list of forums to indicate which one is the correct one for MBST issues. Mahalo! Harry Z

Aloha @AdvancedSetup Ran FRST as requested. Fixlog.txt attached. Also attached the chkdsk output from the event log. Deleting those two programs did not change anything. SDIO is "Snappy Driver Installer Origin" - a device driver update program (link). Only one I've found that does not serve up ads or malware. Generally recommended over at TechNibble. I will keep CCleaner. Don't like any of the alternatives mentioned in the article. Plus I have CCleaner installed on a few hundred customer's machines. I need to see what it's doing in case I get calls about it. Ran Support Tool after running FRST with the fix list and rebooting. Had to step away from the machine while it was running, and came back to the GUI showing 'Collect Logs' and 'Run FRST' with green checkmarks and this message: "We were unable to create mbst-grab-results.zip, please notify Malwarebytes Support". I have a vague recollection that I've seen this before, so I'm not sure if I have just not been patient enough to let Support Tool run, or something has changed on my system. Before opening this thread, I let support tool run for 5 minutes at the 'Collect Logs' stage before cancelling it. On my other PC the Collect Logs stage took about 5 seconds, so I figured it was hung or looping. What's next? Harry Z chkdsk output.txt Fixlog.txt

Per your request, here are the frst.txt and addition.txt. These are from the FRSTEnglish.exe that gets downloaded by the Support Tool. FRST.txt Addition.txt

@Porthos Seems to be unique to this computer. No problem on my other PC

@Porthos - no change after turning off ransomware

Aloha @Maurice Naggar. Mahalo for the reply. The original reason to run the Support Tool has been resolved. No need to re-hash this here. My only concern at this point is getting the Support Tool running. As such, I will be pursuing that in this thread Harry Z

Aloha @AdvancedSetup. ESET has been uninstalled from my PC. Same problem - the tool hangs at the 'Collect Logs' phase. I did notice something interesting, as pointed out in one of my other threads. When looking at the Security Center section of Addition.txt, ESET is still listed there a couple of times. This is AFTER uninstalling ESET using the normal Settings -> Apps process, and also running the ESET Manual uninstall program and rebooting. Let me know if I need to resolve this anomaly, and how to do it. If this isn't worth spending time on, then what's next in figuring out why the support tool is not running? ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70} AS: ESET Security (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD} AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B} Mahalo, Harry Z

Aloha. I was trying out the Malwarebytes Support Tool to see if it would work (having issues with this tool on a different PC). The tool worked, but Malwarebytes detected FRSTEnglish.exe as ransomware. Here is the info from the detection log: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 5/27/20 Protection Event Time: 3:54 PM Log File: 3b15e818-a086-11ea-8018-001b2163ad39.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.920 Update Package Version: 1.0.24560 License: Premium -System Information- OS: Windows 10 (Build 18362.836) CPU: x64 File System: NTFS User: System -Ransomware Details- File: 1 Malware.Ransom.Agent.Generic, C:\Users\harry\AppData\Local\Temp\mwbF3A7.tmp\FRSTEnglish.exe, Delete-on-Reboot, 0, 392685, 0.0.0 (end) I am attaching a .7z file with the log output and the executable involved (FRSTEnglish.exe from my Downloads folder. If you need the file(s) from the Quarantine directory let me know). Harry Z FRST_malware.7z

FWIW, I tried the support tool on a different computer, and the gather logs function took about 5 seconds. Harry Z

Aloha. This is the 3rd forum I'm posting this to. Hopefully I've finally found the correct place for my problem. I'm trying to get the Malwarebytes Support Tool to run. My original intent was to gather logs as I was looking for something. This original issue has been resolved, but I could never get the Support Tool to run. I run the Support Tool, click on Advanced Options, then click Gather Logs. And it just sits there with the spinning logo. No error messages (that I could find). I gave up after 5 minutes, maybe I need to let it run longer? Anyway, I would like to get this tool working in case I actually need it at some point in the future for a problem. This is on Windows 10 x64 V1909 with all maintenance installed. Support Tool mb-support-1.6.1.784.exe Mahalo, Harry Z

After a reboot, the Support Tool is still not running, so I will open up a 3rd discussion on this topic in the suggested forum. Also, here is what the Security Center part of the Addition.txt looks like after your suggested changes and a reboot: ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440} AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70} AS: ESET Security (Disabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD} AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Firewall (Enabled) {B066057A-E576-007C-D591-56C163D3B33B} FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B} Let me know if there is anything more you want me to do. Harry Z

Aloha Maurice, Made the change suggested in Malwarebytes. Than ran 'sfc /scannow'. Got 'Windows Resource Protection found corrupt files and successfully repaired them.'. Do you want to see the CBS logs. I've never found anything useful in them when I see this message that the files have been fixed. Ran the DISM command, received No component store corruption detected. The operation completed successfully. I'm going to reboot and try running the support tool again. Harry Z

Aloha Maurice, Sorry for the delay in responding. For some reason, I don't get the emails notifying me that someone has replied, so I have to remember to check on status. Your post said "There is ( another ) area on the forum for issues related to the Support tool." Unfortunately, you did not provide me with the name of the area so I can pursue the Support tool issue. Can you please provide this information. Mahalo, Harry Z

Aloha. I tried to use the Malwarebytes Support Tool to gather logs for an issue I was looking at, but the program seems to hand on the 'Gather Logs' stage and eventually gives a rather generic error that it can't create the .zip file. Please note: I do NOT think I am infected. I was using the support tool only to gather logs as I could not find the details of a blocked website by looking in the GUI. I have since been informed on how to do that and just want to report an issue with the Support Tool. I run Malwarebytes Premium, in addition to ESET Smart Security. This is on a Windows 10 x64 Version 1909 system. I initially reported this in the Malwarebytes for Windows forum, and was advised there to create the FRST logs and then open a new report in this forum. (See ) Please let me know how to proceed with troubleshooting the Support Tool. Mahalo, Harry Z Addition.txt FRST.txt

@exile360 thanks for the info on where to find the malicious website detection report. However, I still have the issue where the support tool is not working. I received an off-line hint to disable my antivirus (ESET), but this did not help. I would like to have some confidence that the support tool will work if I ever need it. Mahalo, Harry Z

Aloha. I was investigating an Malwarebytes popup window warning about a Trojan, and was looking for the logs. I initially could not find them, so I ran the Support Tool -> Advanced -> Gather Logs. The GUI indicated it was gathering logs for quite some time, and eventually displayed an error message about not being able to create the zip file (best recollection, I did not capture the error message). Windows 10 Home x64 Version 1909 with all maintenance installed. Support Tool mb-support-1.6.1.784.exe. Ran the tool from an administrative userid and also tried 'Run as Administrator', but no change. Would like to get this working. Looked for a log file, but did not find one for this tool. Let me know what's next. Harry Z

I updated Malwarebytes for Android a couple of weeks ago, and since then there is no icon in the notification area. Is this be design? I've checked all the settings and don't see one for this. I really like seeing the icon there as then I know MWB is running. Is there an issue with my phone, or a way to get the icon back? I'm running Malwarebytes 3.5.1.2 on an Asus Z01FD running Android 8.0.0, security patch level November 5, 2018. Mahalo, Harry Z

OK. Let me know if you need any testing / gathering of logs done. Mahalo for your assistance! Harry Z

Yes, it does work after adding the exclusion for C:\Program Files (x86)\Synology\Assistant\DSAssistant.exe Note to anyone else who might be reading this thread. Check the system tray and close any / all instances of Synology Assistant that might be there. (When you close the SA gui, it leaves an icon in the system tray). Right click on the icon and select 'Close Assistant'. Then set the exclusion in Malwarebytes, and try running SA again. I'm assuming there is some form of analysis and subsequent "whitelisting" that is used internally in MWB to determine if a program is safe to run. Will you be adding DSAssistant.exe to your list of approved programs? Mahalo, Harry Z

Aloha. I have this exact same problem: Synology Assistant cannot find existing Synology NAS (model DS416) with Malwarebytes installed and running. Turned of "Web Protection" in MWB and then the Synology Assistant CAN find the NAS. This is repeatable. Also note that when the NAS is not detected, the drive is accessible via Windows Explorer (mapped drive) and also via the NAS' built-in administrative web interface. Malwarebytes 3.6.1.2711 running on Win 10 1803 No problem with collecting logs to help with analysis, just please provide a link to the procedure to do this. Mahalo, Harry Z

Just upgraded to MWB 3.0.0.25 on Android. I'm on the 30 day trial for the premium (premier?) version. I've noticed that there is no icon for MWB in the notification area. I've looked through the settings and don't see an option for this. Is this by design, or a problem? If this is by design, please consider adding an option for this as when I don't see the icon I think that MWB has crashed and I need to restart it. ASUS Z01FD Android 7.0 Security patch level May 1, 2017 Mahalo, Harry Z

Aloha Firefox. I have removed and re-installed Malwarebytes per your instructions, and so far it's working correctly. I'll update this thread if this changes. Aloha nikhils. Thanx for the response. I implemented Firefox's suggestion before I saw your post. But... I've been running MWB and ESET Smart Security together for many years and have never had to set up the exclusions in either program. Again, thanx for responding. Harry Z