Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by drdancm

  1. I build and setup Windows computers for my customers and I used to recommend, purchase and install Malwarebytes on every computer I worked on. However, versions since 2.xxx have been a serious cause of trouble for me and all of my customers. 1 There have been at least 2 and possibly 3 versions (version of 3.xxx) that have screwed up user's computers. One release kept eating up RAM so that Windows kept slowing down and would hardly work. It took a lot of time for Malwarebytes to stop blaming customers and admit that their update was causing all of the problems The other late release also screwed up our machines, so the mouse worked but everything else stopped working. Once again Malwarebytes blamed everyone but themselves. When they finally admitted the problem was caused by their update, they did not inform all users. Only some of us, who had purchased directly were told. 2 From time to time earlier versions of 3.xxx would suddenly turn off one of several of the protections. When you tried to turn them back on, they would immediately turn off. This went on in some unpredictable way until an update would sometimes resolve it for a while, only to begin doing something similar. This went on for at least 6 to 12 months. Huge waste of time during which protection was greatly reduced. Finally, after a while this particular problem appeared to be solved. Until the latest update 3.8.3. The Exploit Protection has just turned itself off - 1 or 2 days after this latest update was installed. Clicking on the switch has no effect at all, so it looks like the update is once again screwing things up. 3 Malwarebytes tends to lump serious adware when findind PUPS with fairly harmless things. For example both Auslogic Defrag and JetClean are excellent programs that carry Open Candy. For years Malwarebytes had no issue with this, then suddenly without warning it would stop and delete both programs and the location from where it was installed. Even after EXCLUDING the folders where these were installed. Now it seems to me that if you exclude something, then it should be excluded. But no, Malwarebytes does not clearly mean exclude to mean exclude. In any case tech support was totally unsympathetic. Worse yet some idiot working for Malwarebytes even claims that JetClean itself is lying, and reports false positives which it then claims to remove. Total nonsense, JetClean definitely improves Windows, boot time, as well as overall processing speed by defraging the Registry, Optimizing Internet connection settings etc. Does it tag unimportant, negligible stuff during some of its scans? Yes, but that's standard procedure for Malwarebytes and almost certainly for all Security Programs. However, I have never had JetClean in any way install itself the way a real malicious program does. Similar issue with Auslogic Defrag. Is Malwarebytes not capable of stripping off the Open Candy without disturbing these programs ? After another tech support inquiry, I was able to get some practical suggestions on how to install and keep JetClean and Auslogic installed and working - methods which I had already more or less worked out on my own previously. 4 Malwarebytes interface has had some serious problems. Mainly unable and refusing to listen to user suggestions. The main problem, still unresolved is the unnecessary waste of time putting in EXCLUSIONS. Malwarebytes insists on doing it the slow, stupid way, even though other programs have figured out a far more efficient way to do it. For example I have posted requests about this at least 5-8 times with clear examples including screen captures. The way AVAST does it very fast. You have check boxes next to each file in the folder you are looking at during browse, so you simply click and get a check mark for C:\ Program Files and then for Program Files (x86). It's a hell of a lot faster than having to browse to each folder for both of these locations, then start the browsing steps all over for each item or folder that you wish to exclude. Now, things have improved from the way things started in the beginning, when the browsing reverted back to the same place (usually Malwarebytes folder) each time you started the browsing process for each exclusion. Why resist doing things to make life easier, rather than frustrating for the user ? There is no good excuse for doing that. Another thing that will drive you crazy is in the Scheduling which has gotten worse. There is a disconnect between a check mark, and or higlighting the rows. Worse yet is the confusion caused by showing the name NORMAL when you choose Threat Scan. Just say Threat Scan when that is what you chose. Yes I know there is some convoluted thinking behind insisting on Normal, but it is not helpful in practice, and simply causes confusion. Too many Programmers think only from their own point of view, which is totally wrong when you are dealing with the Interface. With the Interface you must think from the users (clients, customers) point of view. They don't care about what goes on under the hood - they simply want it to work, and be easy to setup and use. 5 Now you can try to get Tech Support, but of course, the support basically consist of you having to spend 30 minutes or more in an effort to carry out all of the instructions that you are given, which includes uninstalling stuff (usually a huge waste of time) especially because you are not told how to save all of your customized settings which will take a lot of labor to reconstruct. Tech support want's the customer to do all of the heavy lifting, and are not willing to even entertain the possibility that the fault lies with the bugs in the update problem. Clearly if everything worked fine before the update (no other new programs were installed), then the likely culprit is the main change - the Malwarebytes Update itself. I have not personally experienced any other Security Program create such critical problems with any of their updates. Maybe everyone else takes Beta Testing seriously. This is a disgrace for any company and one would think that making the mistake once would be enough to learn from. Sadly, not true for Malwarebytes. I don't know what happened during the switch form versions 2.xx to 3.xxx, so I'm only guessing that there was big change in leadership and programming staff at Malwarebytes. Proven, capable, competent people were replaced by some seriously incompetent, short sighted staff and that's why a Security Program that had earned a great deal of admiration and respect for doing a superb job turned into a mess and a headache. I no longer recommend and install Malwarebytes Premium in every new machine that I work on, and simply continue, at least for now, to run the free version, without the Memory Resident Components. I will keep one Premium version going in my office to see if the company is willing and able to make a turnaround and stop releasing damaging updates, and fix the interface issues that are badly needed. Dan
  2. I'm in the computer support business, so I know a bit more about computers than the average person. As of Oct 3, 2017 I no longer got any e-mail on Thunderbird. In an effort to figure out why I uninstalled TB, updated TB, ran tons of security scans all to no avail, after already successfully accessing my e-mail via the 1and1 Web Mail. So I knew the problem was not with 1and1. Searching the web failed to yield any helpful information, until I systematically disabled various security programs. Avast was not the culprit, but then I found it. Malwarebytes Premium, and narrowed it down to Web the Web Protection Component. Disabling it immediately fixed the problem. Enabling it blocked any new mail once more. So, I excluded 1and1.com, enabled Web Protection and tested the mail, and it was working. In addition to this incredibly annoying, time wasting problem. Malwarebytes since upgrade from v 2.xxxx has been more of a PITA than any other Security Program I have ever used. 1. Various Protections turn on and off in some unpredictable manner 2. Updates fail to appear on some machines, while they are announced on others 3 The exclusion interface has been badly degraded to waste a lot more time than on earlier versions. Countless postings asking for a fix went no place. Get your act together and follow Avast's excellent interface example for how to Exclude Folders/Files, swiftly with minimum clicks. Fire the incompetent idiots who are constantly screwing things up.
  3. Forgot to add this to my original post: Good description of problem, unfortunately removal recommendations have not worked for me. https://malwaretips.com/blogs/dllhost-exe-32-com-surrogate-removal/
  4. I run a computer support business and of all the malware that I have had to deal with, the worst in my experience is the one that deals with "dllhost.exe, None of the well known companies that make security software (Anti-virus, Anti-Malware) other than Symantec have even given it a name, and none of them either detect or remove it successfully. Apparently it is a Fileless, Memory injecting DLL. If that does not mean anything to you, you are not alone, but it may explains why it is so difficult to detect and remove. It is not new, and you can find descriptions of it at least as far back as 2013 or possibly earlier. Symantec calls it "Poweliks" and even provides a specific removal program, as well as instructions for manual removal, neither of which works at this time (or within the last 2 years that I have had a chance to test it). Does not work, but you may want to read the information anyway https://www.symantec.com/security_response/writeup.jsp?docid=2014-080408-5614-99&tabid=3 Other programs that also fail to detect and remove this problem are: AVG, Avast, Malwarebytes, Spybot, Symantec, Eset, McAfee, Kaspersky, MS Security Essentials, Trend Micro, BitDefender, Rogue Killer etc. Symptom is presence of multiple instances of dllhost.exe (viewed in Task Manager Processes Tab) that usually cannot be removed by endtasking, and very high (close to 100%) CPU usage, which as you would expect slows the computer to a crawl, often making it totally unusable. At first it does not appear as obtrusive as it becomes later on, so it may take a week or more for it to become more obvious. If you disconnect from the internet and abstain from running any programs, after just booting up, other than your memory resident security programs, CPU usage may remain below 10%, but when you connect to the internet, activity will jump much higher (this is after all of your security updates have already finished). On a healthy computer CPU usage ought to be no higher than 0-3%, with or without internet connection. The solution, that most support takes (Malwarebytes, is to have a malware removal expert work with you on-line your unique case. This involves running a handful of special programs such as Farbar, Combofix, etc. and requires posting results of scans and systems logs on-line. It may take several days and the instructions are relevant only to the specific computer. While this is extremely helpful to a given individual, when successful, it is not very efficient compared to the successful removal of less tough malware that many Security Programs accomplish routinely. All you have to do is do a search for "dllhost.exe malware removal" to find tons of links which suggests that this is a fairly common problem. We need to have all of the Security Programs able to deal with this problem. The only surefire solution to fully deal with this problem in my experience is to restore a prior clean image backup. This is the only thing that has worked for me in the past. This require that you make full image backups systematically prior to having any problems. Please add helpful information.
  5. In Malwarebytes 2.xxx there was a menu where you could specify what drives to include in a scan for each scan type. I'm having trouble finding it in the 3.06 version.
  6. Why can't adding the file or folder to the Exclusion List do this ??????? That's how it works in other security software. I have had extensive discussion with a tech support person, but they never answered this question ?
  7. None of the suggestions helps at all. At this point I don't have any patience to waste more of my time sending detailed information to you, much as I regret it. If you would make it less time consuming for users to give you the information we could afford the time. For example how about having a single menu button that sends all of the log information / configuration that you want to collect, and include A LINK to this FORUM ! ! ! !
  8. Problem is unresolved and every computer I deal with ( > 40 ) has this as an intermittent problem. None of the simple suggestions that users make work to fix this problem. This is a major bug, which should have been dealt with prior to final release of 3.xx.
  9. Well said, however I would not be quite as generous about overall Malwarebytes handling of these horrible BUGS. I have over 100 clients with Malwarebytes 3.06 issues and as much as I would like to help them and solve this problem, only Malwarebytes can really fix these isssues because the problem lies with these upgrades themselves.
  10. The solution suggested by Staff (Celee): If it is your Website Protection having issues, please try the following two things: Under Settings -> Protection, turn on "Enable self-protection module early start". Then reboot and see if your protection module starts up If that doesn't work, under Settings -> Protection, turn off the option for "Enable self-protection module". Then reboot and see if your protection module starts up Does not solve the Problem. Sometimes clicking the Turn on button on the Pop Up, fixes the problem, sometimes it does not. Even after it does, some hours later or on re-boot, you get the same problem, same Pop Up, and this happens on every machine that has updated to Malwarebytes 3.06 (Big Mistake, it's probably best to stay with Malwarebytes v 2.xx with the independent versions of Malwarebytes AE, and Anti Ransom). Malwarebytes solutions are nothing but stabs in the dark, so far. My conclusion is that v 3.00 was released way too early, before all of the most serious bugs were found and fixed. In addition, solutions to other problems are such that the customers are asked to go through a lot of steps, some of which can take hours (scans) in order to submit data and to complete tech support suggestions. This is not a good way to deal with customers. An example of how Malwarebytes does not appear to be aware of or give a damn about wasting customers time is that there is no link to this Forum from the Help menu (no help menu exists in fac t! ), and to get a support link you have to find the About tab under Settings, and the interface for the Exclusion Tab is the just about the worst imaginable, totally degraded from the version 2.xxx, which itself was not ideal. Finally the Exclusion does not work the way it is supposed to. You can exclude folders, but Malwarebytes does not exclude those items and removes programs that you have installed and use (Auslogic Defrag for example). What we want is an upgrade that has eliminated the problems in the first place.
  11. After switching from 3.05 to 3.06, Real Time Protection and other problems went away. Then after 3 days the message came back on "Real Time Protection Layer Turned off", but in fact the protection was ENABLED. Clicking on fixing problem in Dashboard would not make it go away. Then, unexpectedly, Web protection was Off, so I gave up. About an hour later everything is ok, no Error messages, and when I checked Settings Protection all is ok. I'm telling all of my clients to NOT ALLOW update from 2.xx to 3.xx until all the bugs are fixed, otherwise they and I will go nuts. Weird stuff.
  12. The scheduling could and should be made a lot simpler for those of us who wish to setup a schedule for quick daily Security Scans, and more thorough Weekly Scans all done at the same time of day. Right now if you were to schedule Hyperscan at 1:00 pm using Daily Schedule, and Threat Scan (stupidly labeled as Normal for some bizarre reason, although it shows up as Threat Scan when you edit this) using Weekly Schedule, there would be a conflict with unknown consequences. Sure you could schedule the Threat Scan an hour later, but that should not be necessary if the whole scheduling was designed smarter. Once again Avast does this a lot better (see the attached image), although Avast keeps changing the some of the top level interface layout for no good reason. Any of the scans can be set for Daily Scheduling, so it is easy once you have the Quick Scan (equivalent to Hyperscan) scheduled for every day at the same time except Sunday, you can then set the Heavy Duty Scan (equivalent to Threat Scan) using Daily Scan the same way, but you check only Sunday. Malwarebytes method of scheduling is not all that bad but simply fails the elegance test because it fails to take the viewpoint of the user rather than focusing on the convenience of the programmer.
  13. The Malwarebytes 3.0 update is a wonderful achievement because it offers the integrated protection of Anti Exploit, Anti Ransomware, all of which I have used with the MBytes 2.xx version. I also applaud Malwarebytes for it's VERY GENEROUS, upgrade policy for licensed users of the prior version, and the affordable pricing for unlicensed users in general. THANKS VERY MUCH - and now for some feedback. KEEPING PRIOR CONFIGURATIONS PROBLEM Even with the 3.06 update, the dashboard reported NO SCHEDULED SCANS, in spite of the fact that MBytes 2.0xx had them configured and running perfectly. The interface is frustratingly unclear, should the checkboxes be ticked to have the schedule enabled ???? Turns out the answer is no, but it is terribly easy to miss that there is no starting date or time after the update. Worse yet when you simply click to get the calendar pop up -you get 1901. You would think today's date would make more sense. Of course, it should work with a 1901 date, but I did not take the chance. I filled in the time using 24 hour format, and got the message about something being wrong. Time format looked just fine so, but unclear what the hell AP meant. In any case I put in non 24 hr format and specified PM -THAT WORKED. MAKING INTERFACE FAR WORSE THAN EVER with EXCLUSIONS The Malwarebytes Exclusions Interface has always been the most TIME WASTING, THOUGHTLESS of any security program I have used, but during the more recent updates of Malwarebytes 2.xx it was quietly improved. While Avast and some other programs make this SUPER EASY by providing checkbox next to every program for the folder you open (C:\PROGRAM FILES, or PROGRAM FILE (x86), so you simply put a check next to any and every program folder you wish to exclude, Malwarebytes reverted to an irrelevant folder everytime you wanted to add another folder. Huge waste of time when you had 15-20 excluded folders. Over time, they improved so that you got C:\Program Files when you returned, saving keystrokes and time. Still it was much more work than with the Avast style interface. If you have to do this for 5-15 computers the headache multiplies rapidly. Huge frustrating waste of time. Now for the REALLY BAD NEWS, with Malwarebyte 3.0 things have gotten really much worse. It now takes 4-5 mouse clicks to add an FOLDER TO EXCLUDE. It would be a million times less frustrating and time consuming to do it the way Avast and other smart programs allow you to do this. Use a checkbox interface so once you check off the folders, a single click finishes the ENTIRE JOB. This is not ROCKET SCIENCE, just good sense. Computer should and often can speed things up and make things easier. PLEASE PAY ATTENTION we have specified the Interface problem and have suggested the BEST SOLUTION. Make life easier for you customers. If you agree with my comments please add your voice to this Feedback. Thanks, Dan
  14. This is frustrating problem in v 3.05 but appears to have been fixed with 3.06 update which was a frustrating issue itself, because the install failed with a large number of files that could not be replaced or overwritten. Worse yet, the Quit Malwarbytes Menu item failed to work, until I re-booted the computer, then Quit worked, and the install succeeded.
  15. Avast Antivirus attempted to update Foxit Reader but MAR blocked the update. I tried to follow the instructions but there is no MBAMService folder at the indicated location. C:\ProgramData\Malwarebytes\MBAMService\logs In general the technique for False Positive reporting is overly complex and time consuming. I already wasted over 15 minutes trying to follow the instructions. Programming the software to make this easier would be a lot better way to do this. The reasonable way to do this is how other software does this, which is ask the user at the time of OCCURENCE to choose" A I know what this is and I want to allow it B Go ahead and block this C I don't know if this is OK or not, block it. Of course this assumes that one of your goals is to make things easier for the client.
  16. The update to the latest version 9.15.416 failed after clicking on new update available icon. Downloaded the new update and tried to install that but it failed because the update module from the prior attempt would not allow the install. End tasking it failed, so I ended up re-booting the computer. That did the job, and I was able to install the manually downloaded version 9.15.416.
  17. 1 EXCLUSION INTERFACE - is there any reason not to be able to add a folder, rather than just a file? For example, the folder for another security program such as Avast, Malwarebytes, Spybot etc.? 2 IMPROVE INTERFACE Also, just as for Malwarebytes Anti Malware -you could REALLY improve the interface by allowing the user to mark a whole series of folders with check marks (like Avast does for Active Protection \ Files System Shield \ Exclusions) so that all of the relevant folders under C:\PROGRAM FILES and then C:\PROGRAM FILES (x86) can be inserted without having to browse for each individual folder under these two root folders. This would speed up the process tremendously, for a single machine and even more so for multiple computers I notice that MBAB has already improved this process from earlier on, where the damn it did not, in the past, even remember the prior folder which you had opened. Now that was an incredibly frustrating process. 3 ALLOW EXPORTING of the excluded files, so those of us with more than one computer can copy the exclusion list from one computer to another. This might mean labeling the folder or file functionally, so if the process is not implemented via a menu, the users can simply copy the files. Possibly add some security feature so that malicious programs do not take advantage of this. 4 SIMPLE EXPLANATION Even though it is Beta, what harm is there in having at least a sentence or two about how the program functions (it's actively on guard, but does not require a scan, it does or does not get updates etc.) 5 READY BUTTON Maybe a Green button showing it is ready and armed vs a Red button showing that it is not ready to do its job. Thanks, Dan
  18. Same problem, each time I'm told to restart and then it finds and cleans out this problem. Happened 2x last night, and 6 times today. It's an unforgiveable waste of my time either way: 1 If it is false positive, which I suspect it is -since checks with AVG 2013, and Spybot, turn up nothing 2 If it is real, because malwarebytes is not able to kill whatever is generating and/or regenerating the same runonce.exe I've never seen anything like this.
  19. Suggestion to avoid getting kidnapped to a web site that you did not click on! 1. It's not a great idea to use IE as your primary browser, I recommend FFox instead because it does not have the stupid active-x vulnerabilites and therefore is not only faster but probably more secure. 2. Get a copy of SpywareBlaster (free) which protects IE and FFox from varioius malicious websites and some active-x stuff, so you are less likely to be sent to web sites that you did not choose. 3. Get a copy of Spybot (v 1.62 is current, free) and since that overlaps with SpywareBlaster by updating your HOSTS file with malicious websites, it also protects you from known malicious web sites. As far as I know this protection applies to any browser. Spybot scans are also quite good at removing stuff that MalwareBytes has missed and vice versa. Be sure to read the instructions and do the 2 step immunization to get the updates into the HOSTS file. 4. AVG AV (free version) is one of the anti virus programs that looks ahead and puts a green checkmark on search results to let you know if a link is safe to click. I don't know how well it works in practice but it sounds good. I've also had good protection with AVAST (free). However, the AVAST does not get along with 5 Be sure to update the programs (#2 and #3) once a week manually and apply the protection. In the last two weeks 5 clients brought me their computers infected by XP Security 2011 or 2012 (same Fraud Antivirus stuff, also called Rogue AV) and I removed all the viruses. All the existing security programs were either messed up or just would not load. None of the machines had Malwarebytes Pro, so I can't tell how effective the memory resident component would have been. I am now recommending the Pro upgrade to everyone -if for no other reason than the hourly update and flash scan. In SAFE mode I was able to manually remove the malicious program from memory ( I had to guess what file name it was using), and before it snuck back I ran Spybot, or Malwarebytes, whichever was able to start successfully. Whichever program started up found and removed some of the stuff, then I ran the other one and the second always found something the first one missed. Once you can run your security programs update them if needed and run them again using the most thorough scan mode until you fail to find any more crap. It is best to use 2-4 different anti spyware programs because what one misses another may detect and or remove. Some of these infected machines had very up to date Windows security others did not -so those updates are clearly not the end all of protection. A number of them were running Panda Cloud AV -which in the past appeared to work really well, but not this time. Some had old versions of AVG (v 9) which they failed to update to 2011 or 2012. They really were not paying much attention to security and were pretty sorry. I hope this is helpful to someone. Dan
  20. I upgraded to the Pro version after having used the excellent free version. I like the Pro version even more than the free one, because it does just about everything that I would want. My only request is an expansion of the choices in the Scheduled update. There is no time interval between hourly updates and once daily updates. I would like to have a choice of something like updates every 1, 2, or 2.5 hours. There are people with sluggish and slow connections who would benefit from updates from every 2, or 3, or 4 hours rather than hourly, but would find daily updates not frequent enough. Would it be possible to give the users a larger range of scheduled updates? Thanks for a great product. As a computer consultant, I recommend and encourage everyone to get MalwareBytes. For those who are already using the free version, I encourage to upgrade to the Pro. It's total bargain. Dan Tong Tong Computer Consulting Chicago, IL
  21. The current interface (not the the one you are suggesting) is quite good with respect to Ease of Use, but a bit too busy. The most important functions are Scanner and Update, yet these two things do not stand out as much as they should. It is very good that the Scanner is all the way on the left. Update should have been to the right of it. Some of the Tabs have far less importance to the beginner. Also good is the fact that this interface makes hardly any demand on the processor and thus will run very nicely on some really old sluggish computers. While my computer is new and fast, animation taxes the computer more than still images and therefore, those with older, slower machines would not be enthusiastic about the extra processing overhead. Perhaps, the users should have the choice of running the interface efficiently (minimum interface overhead)or with bells and whistles. Otherwise it is nice looking although the menu on the left, in my opinion is a bit too busy. Keep in mind that a good interface is one that is: 1. Easy to use and intuitive (no need to look at documentation for basic things). 2. Fewer choices make things simpler and therefore easier to learn and use for first time users. 3. More advanced users should have access to more detailed settings and options 4. The interface should not tax the processing of older, slower machines. My comments about user interfaces are based on my knowledge of ergonomics factors, as well as thousands of hours of sitting with beginners who are trying to learn how to run their computers. When you watch beginners it is very easy to spot the areas of the interface that are confusing/frustrating and hard to learn for beginners. Sadly, very few companies actually do any serious testing, nor do they pay all that much attention to helpful user feedback. Interface improvement is actually very simple: you test, make improvements (tweak), test and tweak again and again (iteratively) until you have achieved your goal. If you start off with a bad design you will waste tons of time and that is why someone who has a knack for and experience with interface design will make a huge difference. I assume that your interface is a labor of love and I very much appreciate the time and effort you spent on it. It is much appreciated and I am simply responding to your request for comments and suggestions. Thanks, Dan
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.