Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About ParrotSlave

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. How about this: I occasionally restore my system to an earlier state via actual images, not system restore. Before re-connecting to the internet, I like to update all my software, including anti-malware programs, manually, by keeping those definitions and program updates on a separate hard drive. C:\ProgramData\Malwarebytes\MBAMService [in Windows 8.1] appears to be where all the relevant files are stored. Can I save that folder on an external drive, archiving it, say, monthly, so it's never too far out-of-date, then, after restoring my system to some earlier date, I would just overwrite
  2. You can open reg files with Notepad; here's what that one reads: Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\RENƒAƒvƒŠƒP[ƒVƒ‡ƒ“ ƒEƒBƒU[ƒh‚Ŷ¬‚³‚ꂽƒ[ƒJƒ‹ ƒAƒvƒŠƒP[ƒVƒ‡ƒ“] [HKEY_CURRENT_USER\Software\RENƒAƒvƒŠƒP[ƒVƒ‡ƒ“ ƒEƒBƒU[ƒh‚Ŷ¬‚³‚ꂽƒ[ƒJƒ‹ ƒAƒvƒŠƒP[ƒVƒ‡ƒ“\EasyConfig] "EasyConfigDlgSize"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,f0,00,00,00,7f,00,00,00,97,06,00,00,0a,04,00,\ 00 "Col0"=dword:0000002d "Col1"=dword:0000005f "Col2"=dword:0000005a "Col3"=dword:00000046 "Col4"=dword:00000046
  3. Thanks. Out of curiosity--and this is clearly not related to whatever was happening--a number of years ago, I discovered a registry entry in HKCU\Software that puzzled me. This is it: HKEY_CURRENT_USER\Software\ƒAƒvƒŠƒP[ƒVƒ‡ƒ“ ƒEƒBƒU[ƒh‚Ŷ¬‚³‚ꂽƒ[ƒJƒ‹ ƒAƒvƒŠƒP[ƒVƒ‡ƒ“ I did not trust it, since I had no idea what it was, so I renamed it by adding REN to it, which would make whatever was using the path not function:: HKEY_CURRENT_USER\Software\RENƒAƒvƒŠƒP[ƒVƒ‡ƒ“ ƒEƒBƒU[ƒh‚Ŷ¬‚³‚ꂽƒ[ƒJƒ‹ ƒAƒvƒŠƒP[ƒVƒ‡ƒ“ Nothing that I know of stopped working when I renamed it, so I still, after at leas
  4. I mentioned that the problem had disappeared this morning, before I wrote my post. I was wondering whether there was a false positive problem with MBAM that had been corrected with today's update, or if there really was a problem on my system. I did run the fix anyway, though. I had already investigated whether it was the individual Excel files that were the problem or whether it was Excel itself (or something affecting Excel.) My first thought was also, hey, maybe it was just that one file, since that one was in my Dropbox, which I regard as a potential security risk. I did check other work
  5. I had just restored my system to an April Macrium image, and updated everything, when MBAM started blocking Excel. (It did not block Word.) It wasn't the individual file it was blocking: opening Excel itself would last about 15 seconds or so before MBAM would block it. This is on a Win8.1 64-bit system that has, as resident, MBAM, Norton Internet Security, SuperAntiSpyware Pro, and Zemana Anti-Logger. When the message came up a couple of times, I ran the Sophos Virus Removal Tool, and it found nothing. I also ran AdwCleaner and FRST, as suggested in-- The reason I had just resto
  6. It seemed to have been fixed, but it has, apparently been "unfixed." Several weeks ago, I had to manually exclude the file from MBAM's detection engine. MBAM had not detected CareUEyes 1.20, but after the program updated itself to v1.21, MBAM ate the 1.21 exe. Since I had had no problem with v1.20, I uninstalled v1.21, then installed 1.20 again, then unchecked the "check for updates automatically" in the CareUEyes gui. Somehow, CareUEyes updated itself anyway, which made me assume that, when MBAM ate it again, MBAM didn’t like the presumably newer version of careueyes.exe. I had no problems wi
  7. It was longer ago than I remembered offhand. And, yes, I do have other protection: full versions of SUPERAntiSpyware, NIS and Zemana Anti-Logger. The only hassle is having to configure Norton to ignore the SAS and MBAM folders so that they don't conflict. You couldn't do that long ago, but Windows has improved in some ways. Also, every few weeks, I run a scan with the Sophos free tool, and, being ultra-paranoid, I do also occasionally take advantage of Trend Micro's free online system scan.
  8. Having just uninstalled and reinstalled both versions 2 and 3 in the last while, version 2 "remembers" my lifetime pro license even after the uninstall, and is activated upon installation, presumably because of a license file somewhere that even Revo did not remove (I didn't use the MBAM Removal Tool). Alas, version 3 doesn't "see" the license, so the automatic protection isn't on anyway, For the moment, I'm back to version 2 with a database about a year old. I cannot find any archived exe files of MBAM rules, just the most recent, which I don't want to install. The thing is, for about the las
  9. I reinstalled after these problems just now, and the same thing keeps happening: malicious website protection is disabled, but trying to select the "Enabled" button doesn't work: the active button immediately reverts to Disabled.
  10. Me three. I came here and looked around and began to wonder if MBAM's server had been hacked: one cannot help but wonder, since the forum here was hacked a year or two ago, according to haveibeenpwned. Is it possible that there's an exploit in the program itself? I decided to see if killing MBAM in task manager, then restarting it, would help, but every time I clicked on an MBAM task, the CPU activity went up, eventually to 100%. I finally had to do a hard shutdown, and the first thing I did upon rebooting was to use Revo to remove all of MBAM. I think I'll reinstall MBAM-
  11. Here are the files you requested. On one of them, keep in mind that some of the access denied errors referred to are probably due to one of my drives, onto which I install some of the infrequently used program files instead of on C: itself, is bitlocker protected and I don't always unlock it. And, shortly before running the logs, I'd had an issue with Norton blocking a Copernic update from 4.2 to 4.3 (it detected msi9b1c.tmp as "SONAR.Module!Gen1" heuristically.) FRST.txt Addition.txt CheckResults.txt
  12. I can't swear that it began in January, since I restored a Macrium image from a month or two prior to that at that time, so it might have been doing this in December. But starting in mid-January, I've been getting two automatic threat scans every day. The first will be at about 2:30 AM, and the next will be between 14 and 20 minutes later. The automatic schedule is for one at 2:44:01 AM (since 3/25/14). The automatic update check has been for once an hour, but I just changed it to once a day (I never even looked at it before; I just took the default settings.) I could imagine an automatic sc
  13. I just noticed in HKCU\Software a new key, HKEY_CURRENT_USER\Software\ƒAƒvƒŠƒP [ƒVƒ‡ƒ“ ƒEƒBƒU [ƒh‚Å ¶ ¬‚³‚ꂽƒ  [ƒJƒ‹ ƒAƒvƒŠƒP [ƒVƒ‡ƒ“ I have no reason to suspect that I might be infected by malware, since I have MBAM Pro, NIS, SAS Pro, as well as Zemana, but one never knows. Perhaps that key is merely a software license of some program or other, but one would expect a programmer to hide it a little better. I could export it, delete it, then wait and see if something stops working. There is no data on any of the subkeys that gives me a cl
  14. MBAM is now reporting mp3Tag as a virus, Trojan.FakeMS.ED. The attached program files, one of the installer, the other of the exe in program files, are zipped with the password being "mbam" (in lower case): virustotal scan of the exe in C:\ProgramFiles(x86)\mp3Tag--https://www.virustotal.com/en/file/76a99a8a007271ad04ece9294f072075a55472b6b1690734a036f4c0c2d1deb7/analysis/ Rescanning of the exe in program files today gives MBAM as the only one reporting it as a positive: https://www.virustotal.com/en/file/76a99a8a007271ad04ece9294f072075a55472b6b1690734a036f4c0c2d1deb7/analysis/1414446816/
  15. Thanks. Maybe I shouldn't argue with MBAM, though. I was never able to get either one of those programs to do what I wanted to do. Maybe I should have let MBAM keep the files quarantined.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.