Jump to content

serta

Members
  • Content Count

    29
  • Joined

  • Last visited

Posts posted by serta


  1. Hi Andrew6974,

     

    It appears you have W8/W8.1 . Do you have MBAM(malwarebytes antimalware) also installed and "self-protection" enabled, if so disable(uncheck) from MBAM Settings>Advanced Settings, reinstall MBAE(malwarebytes antiexploit) then uninstall MBAE and reboot.

     

    If that won't work I'll post a link to manually access your start up folder for manual removal.

     

    Regards,

    serta


  2. Hi Chris,

     

    If you are referring to MBAM(malwarebytes antimalware) blocking rubyw.exe then this the MBAE(malwarebytes antiexploit) forum.(perhaps a mod can move for better visibility)

     

    Regarding PIA and rubyw.exe, it spawns a new process every time it starts with a different hash(md5), causing many security software to have fits and runs rubyw.exe from a user area,and a temp folder, also not good(virus like behavior). Many PIA users have requested PIA fix this issue.(check there forums). This makes adding rules for white-lists(exceptions)for av's, firewalls, etc. impossible till they fix this issue.

     

    Regards.

    serta


  3. I downloaded MBAE on 6/12/14.  It downloaded the Free version in spite of my subscrivbing to and downloading the Prermium version, but the major problem at the moment is it's blocking my Firefox, can't make it work at all.  Any ideas?

    Hi,

    Free and premium are same download, putting your premium key in will unlock the free.(in the About tab/ activate)

    What operating system are you on, do you have emet installed, if so disable/uninstall then test.

    Firefox working fine here on three(3) different machines with xp/vista/W7pro x64.


  4. Hi serta, can you replicate this at consistently? Also are you on 32 or 64bits W8.1?

     

    Lastly you mention W8.1 Pro Preview Build 9431. Can you replicate it on the final W8.1 release build?

    Yes, consistently, W8.1 x64.

    I don't have access to W8.1 rtm sorry, as Wilpower has no issues with IE11 likely a preview(beta) issue.


  5. Just reporting that mbae 0.09.4.2000 installed on W8.1 pro preview bld 9431 with no issues, however IE11 crashes(in fact completely crashed Vbox once) IE11 protected mode on or off, stopping protection fixes issue.

    "Faulting application name: iexplore.exe, version: 11.0.9431.0, time stamp: 0x51bce29f

    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

    Exception code: 0xc0000005

    Fault offset: 0x00007ffd927e0000

    Faulting process id: 0x1158

    Faulting application start time: 0x01ced5eef72472b2

    Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe

    Faulting module path: unknown

    Report Id: 34f71d7b-41e2-11e3-9b94-0800275edbf7

    Faulting package full name: "

    Mbae.dll on Firefox working fine, as is adobe reader.

    Can anyone else reproduce.


  6. Well,

    Just fired up my laptop(on early'er today) and mbam went nuts with nonstop blocks and quarentine's, all seemed to be system32 folder including mbam stuff(was still going untill I managed to shut down mban), now mbam won't run along with a bunch of other stuff, WTH, bad update or what, how to restore from quarintine if MBAM won't run?.


  7. This was an addition to catch more of an infection we already cover , it is likely that it was already removed and we are only picking up an additional trace .

    I am not seeing any legit instances of this key :

    http://www.google.com/search?hl=en&as_...amp;safe=images

    Hmm, interesting,

    This box scanned clean with mbam(other than the reg key), HitmanPro, and Avira.

    I'm going to go ahead and quarintine the key and see what happens.

    Thanks nosirrah


  8. Malwarebytes' Anti-Malware 1.44

    Database version: 3764

    Windows 6.0.6001 Service Pack 1

    Internet Explorer 8.0.6001.18882

    2/19/2010 2:30:08 PM

    mbam-log-2010-02-19 (14-30-06).txt

    Scan type: Quick Scan

    Objects scanned: 96971

    Time elapsed: 2 minute(s), 14 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 1

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 0

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\e0200804 (Trojan.Agent) -> No action taken. [79F4566BEC0DD79D0D8389010DBCC034]

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    (No malicious items detected)

    This is from a Vista Home Premium x64 bit box.


  9. Same here,

    On Vista hp sp1 x64

    Malwarebytes' Anti-Malware 1.41

    Database version: 2785

    Windows 6.0.6001 Service Pack 1

    9/12/2009 1:10:46 PM

    mbam-log-2009-09-12 (13-10-44).txt

    Scan type: Quick Scan

    Objects scanned: 76229

    Time elapsed: 54 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 1

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 1

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sunjavaupdatesched (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301414438586445483634456446343641424738615

    24839535634513861467468838084807185615674796980888461368683837079855570838474807

    9

    61518679]

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Trojan.Agent) -> No action taken. [3857535134305383807566791534727079851301414438586445483634456446343641424738615

    24839535634513861467468838084807185615674796980888461368683837079855570838474807

    9

    61518679]


  10. FP on new Returnil beta.

    Malwarebytes' Anti-Malware 1.38

    Database version: 2377

    Windows 5.1.2600 Service Pack 3

    7/5/2009 4:00:33 PM

    mbam-log-2009-07-05 (16-00-30).txt

    Scan type: Quick Scan

    Objects scanned: 81563

    Time elapsed: 6 minute(s), 32 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 1

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    C:\WINDOWS\system32\drivers\rvsmonn.sys (Rootkit.Agent.H) -> No action taken. [52686679398083518080857674853780866777704570858570830910013986796885748079]

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.