ottchris

If you mean for V3, it's "Update package version" Under Settings | About. Counter intuitive I'm afraid! :-(

For the record, I'm backing away from my observation on "Update package version" as checking through the reports, the rate of change of that number *does" appear to suggest it is the database version number. Why Malwarebytes had to change the format from V2 I've no idea; seems a backward step to me. In passing it would also be useful of the "Website blocked" reports (the Reports section, not the pop-ups) included the requesting application in the detail.

Agreed. Database version should reflect date etc as others in this thread have reported. "Update package version" is likely the software component that manages the updates.

That's not Malwarebytes v3; looks like an earlier version AFAIR. Haven't located database info in V3 so far! :-(

Many thanks Mieke. On the plus side, I noticed in the reporting instructions a reference to Malwarebytes 3.0 which was news to me (running Malwarebytes 2, Malwarebytes Anti-Exploit Premium & ESET Smart Security). Just downloaded the MB 3.0 install. Regards, Chris

On running copernic this morning, MB quarantined Copernic.System.RT.dll (protection log and zipped file attached). As an MB update was automatically applied while I was researching this issue I re-scanned the file and MB still reports it as Trojan.GameThief (scan log also attached). A fresh scan at virustotal reports a detection ration of 2/55, the two 'positives' being Malwarebytes and Bkav (?) who report it as W32.eHeur.Virus05. AFAIA Copernic and therefore the file was last updated the beginning of October. Copernic.System.RT.zip mbprotectionlog20161228.txt mbscanlog20161228.txt

Ran URL through VirusTotal. Result: No Positives - all report Clean or unrated. Oddly "Malwarebytes hpHosts", whatever that is, is also listed as reporting clean. https://www.virustotal.com/en/url/13f42baff001a06d222d7adfcf3f59509e8b45c2c9e504f0f71e03935ca1c98b/analysis/1437755837/ or http://preview.tinyurl.com/pg8jm7x

"Malicious Website Protection, IP, 185.31.19.64, glitter.services.disqus.com, 55857, Outbound, …" In the last half hour two unrelated sites (not the above domain) have triggered the above block. Any info would be appreciated.

Thanks, Maurice. Just done as suggested.

Just wanted to ask if anyone else has experienced this. I have both Anti-Malware and Anti-Exploit products installed. The former is on a lifetime licence (just confirmed by running mbam-check), the latter's subscription expires in a week or so's time. Earlier this month I received an email reminder from Malwarebytes which I have just got around to checking. It states: "We wanted to remind you that on June 22, 2015 your Malwarebytes Anti-Malware Premium subscription will expire. Not to worry. To continue your subscription, all you have to do is submit a PayPal payment." It is of course incorrect in that it is my *Anti-Exploit Premium" subscription that expires. Unfortunately, following the supplied link in the email takes me to the beginning of a payment process with no details of what I am paying for and neither does the next page in the sequence. The next step after that would be to jump to Paypal. Although if I took that step I might finally find out what I'm paying for I am not going to do this at this point in time. This seems peculiarly poor for a company in the security business! Regards Chris S

Not the OP but just a thank-you for the above. Removing self-protection made no difference (closed and reloaded MWB just to be sure). Downloading the install (see https://forums.malwarebytes.org/index.php?/topic/158652-malwarebytes-anti-malware-203-released/) and running it did the trick though. Chris

Sorry, posted to the old thread. 192.x.x.x is a private address range so can't see any reason why it should be in Malwarebytes IP-block range.

192.x.x.x is a private address range so I wouldn't have thought there are any circumstances where it should be in Malwarebytes IP-Block database? I too have been getting 192.168.1.255 outgoing blocking primarily port 137 since database updated from version v2014.01.15.06 to version v2014.01.15.07.

You beat me to it! :-) My file is slightly different albeit the same format - updatus.14481009_RUNASUSER.exe. I'm attaching a zip containing file and log just in case a second copy helps.

This morning the executable DDEOPN32.EXE was detected as Trojan.Downloader.wup. The executable is part of the Textpad 6 installation but at the time of writing I do not know its purpose (Textpad 6 appears to be working OK despite the item being quarantined). I do not know what triggered the detection as AFAIA Textpad was not running at the time nor was I working at the keyboard at the time. Textpad was installed earlier in the year following a hard drive replacement and using a fresh installation downloaded from the Textpad site (http://www.textpad.com/). In order to include a copy of the executable with this post I temporarily restored it from Quarantine. Just to be sure I rescanned it and this time it also detected a corresponding registry key. Contrary to the log file included in the attached zip file both executable and registry key are currently quarantined. Regards, Chris DDEOPN32.zip

I can confirm that deleting/quarantining said registry key stops various applications running, or at least automatically running after reboot! :-( Fortunately restoring the key resolves the situation. Regards to All, Chris

Understood and fair enough. It's doesn't appear critical for me at the moment but that may not be the case for others. Many thanks, Chris

Good, evidence wise that is. Suggests that blocking that IP (or group of addresses?) is going to hit a number of Google services.

With respect, the above is less than helpful. I was in the middle of replying to my own post when your response appeared. Here is that reply: Begin Quote. The blocking events are still occurring and I should emphasize that they are not the direct result of any action on my part. Firefox has entered the scene with one event. According to firewall log one record matching a Malwarebytes blocking event is " 18:10:13 RAINLENDAR2.EXE OUT TCP 209.85.147.104 443 *Allow Outbound TCP to HTTPS for RAINLENDAR2.EXE 939 4305" Note the IP address is 209.85.147.104 whereas the Malwarebytes log reports the block as 209.85.147.105. Google appears to be the common factor between the three applications involved; Chrome for obvious reasons, Rainlender2 acesses Google Calender and Firefox has Google Earth and Google Update Plugins installed. One final piece of info and that is I use OpenDNS for name resolution. End Quote. When did Malwarebytes start blocking that IP address? Rainlender2 runs on my system every day and the blocking only started this morning (as an aside and as it happens a scheduled full Malwarebytes scan took place last night and was clean). Chris

209.85.147.105 being blocked this morning. Apps involved are Rainlender and Chrome. Reverse Lookup gives: 209.85.147.105 PTR record: bru01m01-in-f105.1e100.net. [TTL 86400s] [A=209.85.147.105] Whois 1e100.net gives: MarkMonitor is the Global Leader in Enterprise Brand Protection. Domain Management MarkMonitor Brand Protection™ AntiFraud Solutions Corporate Consulting Services Visit MarkMonitor at www.markmonitor.com Contact us at 1 800 745 9229 In Europe, at +44 (0) 20 7840 1300 Registrant: DNS Admin Google Inc. 1600 Amphitheatre Parkway Mountain View CA 94043 US *********@google.com +1.6502530000 Fax: +1.6506188571 Domain Name: 1e100.net End partial quote. Any info as to why this is being blocked? Regards, Chris

Confirm no Outpost Firewall FPs with Database version 8019 so problem resolved. Many Thanks. Apologies for missing attachments in *my* reply (thanks to other poster for correctly attaching files). I did attach but did not realize the post went without attachment. I will double check next time. Regards to all, Chris

Files attached. Many thanks.

In the last hour or so MBAM has decided that various Agnitum Outpost Firewall Pro modules are Trojan agents. Unable to get MBAM to run in developer mode at moment; at least, logs after single file scan do not appear to be 'verbose. Here's one log: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8017 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 25/10/2011 17:57:27 mbam-log-2011-10-25 (17-56-04).txt Scan type: Quick scan Objects scanned: 1 Time elapsed: 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\program files\Agnitum\outpost firewall pro\wl_hook64.dll (Trojan.Agent) -> No action taken. End Quote Other files reported (in piecemeal fashion include wl_hook.dll, log_converter.dll, SAND.OFP etc. [stop Press] New database has just downloaded and the flash scan reported: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8018 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 25/10/2011 18:32:10 mbam-log-2011-10-25 (18-32-01).txt Scan type: Flash scan Objects scanned: 204007 Time elapsed: 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acssrv (Trojan.Agent) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Bad: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) Good: () -> No action taken. Folders Infected: (No malicious items detected) Files Infected: c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook.dll (Trojan.Agent) -> No action taken. c:\program files\Agnitum\outpost firewall pro\acs.exe (Trojan.Agent) -> No action taken. A precursor to all this was machine failing to wake up from sleep mode (had to force reboot). All the above followed reeboot but no other obvious problems. Gut feeling is forced reeboot caused some data corruption. Anyone else having Outpost Pro false positives? i.e. hoping it's not data corruption!! Regards to All, Chris

I'm happy to start another thread BUT I piggy backed on this thread because 1) the OP and my error messages are identical, 2) the OP and I have the same OS, 3) the OP any my error messages appeared within a few days of each other and 4) the problem resolution procedure given to the OP (which incidentally included temporary disabling of Firewall and AV) also worked for me. Until someone explains exactly what triggers the error in question, it seems logical to continue in this thread. If twenty posters experience identical problems are you suggesting they be discussed in twenty separate threads?

Just experienced identical problem, followed instructions although I don't like disabling all security, and problem resolved. The error message appeared after I triggered a manual update (I run Malwarebytes during a secondary phase start-up and do a manual update if an update did not occur during primary start-up). Interestingly, when I did a manual update at the at the end of the problem resolution procedure, the response was that the database was up to date. Given that the problem in my case *appears* to have occurred a day or so later than the OP, I wondered what the cause was? The only significant event that occurred yesterday was the Microsoft monthly security update (can't recall where the OP was located but because of the time difference, in Europe the '2nd Tuesday of the month updates' occur on the following day).