Jump to content

Search the Community

Showing results for tags 'windows 10'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes 3 Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 150 results

  1. trying to find out a way to completely uninstall windows defender from my windows 10 OS . but there is no option to uninstall it . and I want to remove it because windows defender AV isn’t working and an error while I try to update it’s malware databases ! and I want to replace it with KASPERSKY.
  2. Since my latest windows 10 update (May 2018) my windows 10 laptop has been hanging when it tries to update Malwarebytes. I have seen it suggested that I uninstall and reinstall MB. Unfortunately, I have no access to make the machine do anything. It won't even start Task Manager. The mouse will mover around and I can type in fill boxes but all to no avail if it is an attempt to run a program or application. It won't start file explorer, browser, it won't restart. The only control I have is to hold the power button for a while until it does a forced reboot. When I sign in, it is still in a hung state.
  3. I installed MBAM a long time ago and all seemed well. Then discovered Chameleon and thought I'd install it to be on the safe side. Now when I try to open MBAM, nothing happens. Windows 10 PC. Not sure what else might be relevant to the issue...
  4. I'm not very computer savvy, so these are probably stupid questions. I work with a Windows 10 PC at a small business which is part of a network. The files I work with are all saved on a "shared drive" on the server computer". Sometimes I save files to my Desktop or download files to my Downloads folder on the C:\ Drive, before saving an updated copy to the "shared drive" at the end of the week. When I right-click and view properties for C:\ and view the "Sharing" tab, it says this drive is "Not Shared". Questions: 1) Does "Not Shared" mean that C:\ is not a part of the company's network and can't be accessed /viewed from the other computers? 2) If it's not shared, does that mean that all the work I've been saving to C:\ hasn't been getting backed-up? 3) Sometimes during my break, I create and work on documents (I write a lot) that aren't company related. Before my break ends, I copy the file to a USB flash drive and delete the original from the C:\ drive. Sometimes I also access files on the USB flash drive, and save changes I make to them. Since all the work is happening on C:\ and the USB flash drive, will it show up on any network event logs / file audits? It was nothing illegal and I've done this a few times now without any incident, but I want to avoid any trouble this might cause. 4) If I download a PDF file off the internet and it gets saved to the "Downloads" folder on C:\, will it get automatically backed up to the company "shared drive", or would I have to manually make a copy to the "shared drive" to make sure that it gets backed up too? Thanks, T-Ruth
  5. My ransomeware protection has turned off and I can't get it back on. Support tool log attached. mbst-grab-results.zip
  6. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 8/21/18 Protection Event Time: 8:20 AM Log File: 9389a30a-a53c-11e8-a92a-f44d3003d71e.json -Software Information- Version: 3.5.1.2522 Components Version: 1.0.421 Update Package Version: 1.0.6439 License: Premium -System Information- OS: Windows 10 (Build 17134.228) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0 -Exploit Data- Affected Application: Microsoft Office Word Protection Layer: Application Behavior Protection Protection Technique: Exploit payload process blocked File Name: C:\Users\obe7\AppData\Roaming\Grammarly\Updates\GrammarlyAddInSetup6.7.139.exe C:\Users\obe7\AppData\Roaming\Grammarly\Updates\GrammarlyAddInSetup6.7.139.exe \detectmode URL: (end)
  7. I have a case of the goppel. I have included a scan report of my latest Malwarebytes virus scan. I have tried numerous ways to get rid of the virus - to no avail. Please help me... Use_This_Goppel_Sux.txt
  8. For the past several months, Malwarebytes has been flagging Onedrive as an exploit and disabling it on my Surface Pro 4. After it is disabled it no longer syncs to the cloud so any changes made to my files are lost. This has been going on for months and nothing I do seems to change it, even after performing a clean install of Windows 10. I have attached a picture of the notification I get when Onedrive is flagged and disabled.
  9. The browser extension has 2 buttons 1: GO BACK, 2: CONTINUE TO SITE (I'm not 100% sure about this as it is not visible) The GO BACK button is a NOOP (doesn't do anything) on Windows 10 all updates applied.
  10. Hello,  Just installed new version 3 of MBAM on my computer, over a v2 that I had since years. Installed this V3 yesterday, reboot today, and no more boot, win stops & blocked just after powering up, on win logo. (win 10 x64 pro) At first, didn't even made a relation between no boot and MBAM, but, after I tried win tools to fix, with no success, I booted on Malekal liveCd USB key to have a look at "srtTrail.txt" in c:\windows\system32\logfiles\Srt, then I found an error with the bootres.dll. I googled a few, and found a thread here related to MBAM, srttrail, and bootres.dll. Now, it seems evident that the fresh MBAM installation (yesterday) is linked to my non-boot today, my Win10 is clean, and never caused me any boot neither stability trouble. So, I need, please, help...🤕 What i've done, first, is using a restore point, didn't solve anything. Then, may be it was not intelligent, was to use the "fixlist.txt" you attached to the thread mentioned above. (of course ?) didn't solve my problem...🙄 ... So, what I can do is to attach my original FRST log, done before using the fixlist > file "FRST_1.txt" I also attach the fixlist I used, given on the thread above mentioned > file "Fixlog.txt" I also attach the second FRST log, the lastest a actual, done after I used the Fixlog > file "FRST_2.txt". Done nothing else since, except rebooting on my Malekal LiveCD, to post on this forum. So the FRST_2.txt is my actual report. Hoping you'll be able to build me an efficient fixlog, or any other solution... THX 😍 FRST_1.txt Fixlog.txt FRST_2.txt
  11. Windows 10 Fall Creators Update Settings > Gaming > Xbox Networking Xbox Live Multiplayer Server Connectivity will show as BLOCKED unless you close Malwarebytes or disable Web Protection in Malwarebytes. Is there a way to white-list this service? MBAM 3.2.2.2029 Package 1.0.212 Update 1.0.3042 Windows 10 x64 Pro 1709 16299.19
  12. when i download something on google chrome my files always corrupt , please help . i have a new harddisk and it runs windows 10 . i havent change or download anything from my computer .
  13. Hello, Talking with Support yesterday, it was discovered that Malwarebytes does NOT support the Windows 10 redirection of Desktop, Documents, Downloads, Pictures, Videos or 3D Objects to another partition. For those of us that use a SSD for the OS or routinely perform a fresh install to cleanup and optimize Windows 10 it is a MAJOR advantage to not have EVERYTHING on the same physical drive as the OS. Windows 10 FULLY supports redirection. This is one of several methods to redirecting them: 1. Open File Explorer 2. In the Quick Access area or you can go under This PC if you , right click for example Desktop and choose Properties 3. Choose the Location Tab 4. Enter the new path (complete all the way to the drive letter) 5. Click Apply 6. Choose Yes to Move all items to the new location. Now your SSD drive has much more free space for installed applications etc. Here is the problem: When you download to any of these new locations Malwarebytes 3 does not do any checks AND MORE IMPORTANTLY, the Threat Scan "Our most comprehensive scan" does not scan these areas. Therefore I say that there is a HOLE in the security. Here's hoping for a quick resolution!
  14. Friend came over to help me with an issue I was having with Office 2016. Recently had it and now it wasn't working. He told me about KMS and as I was looking it up seeing if it was safe, legal, etc... he installs it from the zip and I've never seen a virus/malware/ransomware act like this. All of a sudden programs start opening up: a radio program streaming podcasts or online radio, took control of Firefox, installed their own version of IE, and I noticed the mouse moving on it's own and that's when I just freaked and shut it down. Tried to start in advanced options, the safe mode, but now it's giving me an SrtTrail logfile missing error message. When it boots up AT ALL and tries to access windows, it shows the dell boot up logo, "prepairing automatic repair," two (what looks like) cmd windows flash for a millisecond, then "diagnosing your pic" "repairing files (sometimes) and then says "automatic repair couldn't repair your PC" Bc of c:\windows\system32\logfiles\srt\srttrail.txt AND a system reset to factory settings AND factory image restore don't seem to work because of "not enough space" I've tried to fix the logfile issue in cmd promt, I've tried to delete the KMS file in cmd prompt but couldn't find it I don't mind resetting, reverting or reformatting the computer (as long as I keep windows) as it's only a few months old.... is there a way to either rid the virus OR just "freeing up space" IF that's even true? Could the virus be filling up the hard drive for THAT main reason?
  15. BTW its my FIRST TIME here....... I'm having a problem with the proxy server being set to 127.0.0.1 7272 and adware on my browser. I have used malwarebytes adware and still its not fixed so i need help. Addition.txt FRST.txt
  16. Greetings, I am representing a client of mine in which they have a problem with your Antimalware product. The client is experiencing numerous blue screens that seem to be related to your "mbamchamelon.sys" kernel-mode driver causing a Blue Screen of Death upon boot up. However, on the second boot up, there is a very high chance it'll boot up normally. My client installed MalwareBytes for protection against malware in conjuction with his security software, Total Defense Total Security. Yes I know what you're thinking, but apparently it is a real product using the BitDefender Antivirus Product Engine and the company is apparently based in the USA. I use BitDefender myself but that is besides the point. Client Computer Configuration AMD AM4 Platform with a AMD A10 Quad Core Processor ASUS PRIME A320M-K Motherboard 4GB DDR4 System Memory Windows 10 32Bit* (more on that in a bit) 120GB System SSD Total Defense™ Total Security MalwareBytes Home Edition 3.5 (Licensed) Microsoft Office 2013 - might be 2016 or Office 365. Cannot confirm right now. I cannot provide you the installed product list because my client has given me instructions to keep that information private as it is a business machine, but the reason why this machine is running Windows 10 32bit is because it was an emergency migration from a older Intel Core 2 Duo machine that had severe problems. No, a fresh installation of Windows 10 is not possible at this point in time as it is a production machine and downtime must be kept to a minimum. All drivers are up to date, as well as latest BIOS updates. Is this a BSOD? Yes. Windows 10 BSOD says "UNEXPECTED_KERNEL_MODE_TRAP" (0x7F) WinDBG Preview for Windows 10 on my workstation where I analyze these crash dumps says: Microsoft (R) Windows Debugger Version 10.0.17674.1000 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. Loading Dump File [S:\ClientAnalysis\[REDACTED]\MEMORY.DMP] Kernel Bitmap Dump File: Kernel address space is available, User address space may not be available. ************* Path validation summary ************** Response Time (ms) Location Deferred srv* Symbol search path is: srv* Executable search path is: Windows 10 Kernel Version 17134 MP (4 procs) Free x86 compatible Product: WinNt, suite: TerminalServer SingleUserTS Built by: 17134.1.x86fre.rs4_release.180410-1804 Machine Name: [REDACTED] Kernel base = 0x81a69000 PsLoadedModuleList = 0x81ce8938 Debug session time: Fri Jun 22 06:59:57.499 2018 (UTC + 10:00) System Uptime: 0 days 23:55:39.731 WARNING: Process directory table base E4B7D020 doesn't match CR3 001A8000 WARNING: Process directory table base E4B7D020 doesn't match CR3 001A8000 Loading Kernel Symbols ............................................................... ................................................................ .................................................... Loading User Symbols PEB address is NULL ! Loading unloaded module list ........ ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* Use !analyze -v to get detailed debugging information. BugCheck 7F, {8, 8075bc00, 0, 0} Page 4e8d8 not present in the dump file. Type ".hh dbgerr004" for details [... last message repeats for a while - cutting ... ] Page bf7f not present in the dump file. Type ".hh dbgerr004" for details [... last message repeats for a while - cutting ... ] Page 4e8d8 not present in the dump file. Type ".hh dbgerr004" for details [... last message repeats for a while - cutting ... ] Page bf7f not present in the dump file. Type ".hh dbgerr004" for details [... last message repeats for a while - cutting ... ] *** ERROR: Module load completed but symbols could not be loaded for MbamChameleon.sys *** ERROR: Module load completed but symbols could not be loaded for farflt.sys Page 4e8d8 not present in the dump file. Type ".hh dbgerr004" for details [... last message repeats for a while - cutting ... ] Page bf7f not present in the dump file. Type ".hh dbgerr004" for details [... last message repeats for a while - cutting ... ] [ rinse and repeat this for a good couple dozen lines ] Probably caused by : MbamChameleon.sys ( MbamChameleon+6131 ) Followup: MachineOwner --------- WARNING: Process directory table base E4B7D020 doesn't match CR3 001A8000 WARNING: Process directory table base E4B7D020 doesn't match CR3 001A8000 eax=8075bc00 ebx=00000000 ecx=8075b850 edx=00000000 esi=00000000 edi=8075b800 eip=81baf11c esp=81cdd390 ebp=00000000 iopl=0 ov up di ng nz ac pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000896 nt!KiBugCheck2: 81baf11c 55 push ebp When asking the debugger for more info: ****************************************************************************** * * * Bugcheck Analysis * * * ******************************************************************************* UNEXPECTED_KERNEL_MODE_TRAP (7f) This means a trap occurred in kernel mode, and it's a trap of a kind that the kernel isn't allowed to have/catch (bound trap) or that is always instant death (double fault). The first number in the bugcheck params is the number of the trap (8 = double fault, etc) Consult an Intel x86 family manual to learn more about what these traps are. Here is a *portion* of those codes: If kv shows a taskGate use .tss on the part before the colon, then kv. Else if kv shows a trapframe use .trap on that value Else .trap on the appropriate frame will show where the trap was taken (on x86, this will be the ebp that goes with the procedure KiTrap) Endif kb will then show the corrected stack. Arguments: Arg1: 00000008, EXCEPTION_DOUBLE_FAULT Arg2: 8075bc00 Arg3: 00000000 Arg4: 00000000 Debugging Details: ------------------ (lots of repeated messages about 2 page locations not being available) KEY_VALUES_STRING: 1 STACKHASH_ANALYSIS: 1 TIMELINE_ANALYSIS: 1 DUMP_CLASS: 1 DUMP_QUALIFIER: 401 BUILD_VERSION_STRING: 17134.1.x86fre.rs4_release.180410-1804 SYSTEM_MANUFACTURER: System manufacturer SYSTEM_PRODUCT_NAME: System Product Name SYSTEM_SKU: SKU SYSTEM_VERSION: System Version BIOS_VENDOR: American Megatrends Inc. BIOS_VERSION: 4011 BIOS_DATE: 04/19/2018 BASEBOARD_MANUFACTURER: ASUSTeK COMPUTER INC. BASEBOARD_PRODUCT: PRIME A320M-K BASEBOARD_VERSION: Rev X.0x DUMP_TYPE: 1 BUGCHECK_P1: 8 BUGCHECK_P2: ffffffff8075bc00 BUGCHECK_P3: 0 BUGCHECK_P4: 0 BUGCHECK_STR: 0x7f_8 TSS: 00000028 -- (.tss 0x28) eax=b66a1120 ebx=00000000 ecx=b66a1520 edx=92d42110 esi=b66a1520 edi=00000000 eip=891d711e esp=b66a0f94 ebp=b66a10a4 iopl=0 nv up ei ng nz na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282 Ntfs!NtfsLookupRealAllocation+0x1e: 891d711e 53 push ebx Resetting default scope CPU_COUNT: 4 CPU_MHZ: da5 CPU_VENDOR: AuthenticAMD CPU_FAMILY: 15 CPU_MODEL: 65 CPU_STEPPING: 1 BLACKBOXBSD: 1 (!blackboxbsd) BLACKBOXPNP: 1 (!blackboxpnp) DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT PROCESS_NAME: Registry CURRENT_IRQL: 0 ANALYSIS_SESSION_HOST: DESKTOP-8K174LE ANALYSIS_SESSION_TIME: 06-27-2018 13:02:15.0843 ANALYSIS_VERSION: 10.0.17674.1000 amd64fre TRAP_FRAME: b66a194c -- (.trap 0xffffffffb66a194c) ErrCode = 00000000 eax=00000000 ebx=b66a19f4 ecx=0000001c edx=b98bd8c0 esi=024a9000 edi=00000360 eip=81d688c4 esp=b66a19c0 ebp=b66a19cc iopl=0 nv up ei pl nz na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206 nt!HvpGetCellPaged+0x84: 81d688c4 8b043e mov eax,dword ptr [esi+edi] ds:0023:024a9360=???????? Resetting default scope LAST_CONTROL_TRANSFER: from 891d6f2b to 891d711e BAD_STACK_POINTER: 81cdd390 STACK_OVERFLOW: Stack Limit: b66a1000. Use (kF) and (!stackusage) to investigate stack usage. STACK_TEXT: b66a19cc 81d67eb7 95459008 02278360 b66a19f4 nt!HvpGetCellPaged+0x84 b66a1a3c 81d5c322 b66a1ab8 b66a1a88 b66a1adf nt!CmpWalkOneLevel+0x227 b66a1b94 81d61e02 48077500 00000240 b66a1e1c nt!CmpDoParseKey+0x822 b66a1cac 81d5e362 8800efd0 87f7a9a0 c3bc7418 nt!CmpParseKey+0x232 b66a1dbc 81d64da8 00000240 87f7a9a0 00000000 nt!ObpLookupObjectName+0x3d2 b66a1e44 81d64b80 b66a206c 87f7a9a0 00000000 nt!ObOpenObjectByNameEx+0x118 b66a1fb0 81d66ff8 b66a206c 00000000 00000000 nt!CmOpenKey+0x240 b66a1fc8 81bc0b2f b66a208c 000f003f b66a206c nt!NtOpenKey+0x18 b66a1fc8 81badfb5 b66a208c 000f003f b66a206c nt!KiSystemServicePostCall b66a204c 98406131 b66a208c 000f003f b66a206c nt!ZwOpenKey+0x11 WARNING: Stack unwind information not available. Following frames may be wrong. b66a2090 98401e27 44fda755 00000000 a4f461b8 MbamChameleon+0x6131 b66a20e0 81d7dc49 98421e28 b66a213c 00021410 MbamChameleon+0x1e27 b66a2124 81d62a8c b66a2190 87eb2040 b66a24cc nt!ObpCallPreOperationCallbacks+0xd9 b66a2214 81d76a0e 00000000 b66a24cc 00000000 nt!ObpCreateHandle+0x89c b66a2398 81d761ba 9e56fa00 00000200 b66a24cc nt!ObOpenObjectByPointer+0xce b66a2564 81d76039 b66a2624 b66a263c 00000000 nt!PsOpenProcess+0x17a b66a2584 81bc0b2f b66a265c 80020000 b66a2624 nt!NtOpenProcess+0x2d b66a2584 81badf15 b66a265c 80020000 b66a2624 nt!KiSystemServicePostCall b66a260c 9840bbec b66a265c 80020000 b66a2624 nt!ZwOpenProcess+0x11 b66a2644 9840ab6f 000003c8 80020000 b66a265c MbamChameleon+0xbbec b66a2668 984083b6 81bb0760 00008013 b66a2780 MbamChameleon+0xab6f b66a2678 98402de8 be2f1580 44fda035 00000000 MbamChameleon+0x83b6 b66a2780 81d5fa13 00000000 0000001c b66a28d0 MbamChameleon+0x2de8 b66a2834 81d61db4 b66a2878 00000001 0000001d nt!CmpCallCallBacksEx+0x313 b66a2944 81d5e362 8800efd0 87f7a9a0 c3f87820 nt!CmpParseKey+0x1e4 b66a2a54 81d64da8 00000240 87f7a9a0 00000000 nt!ObpLookupObjectName+0x3d2 b66a2adc 81d64b80 b66a2d04 87f7a9a0 00000000 nt!ObOpenObjectByNameEx+0x118 b66a2c48 81d66ff8 b66a2d04 00000000 00000000 nt!CmOpenKey+0x240 b66a2c60 81bc0b2f b66a2d24 000f003f b66a2d04 nt!NtOpenKey+0x18 b66a2c60 81badfb5 b66a2d24 000f003f b66a2d04 nt!KiSystemServicePostCall b66a2ce4 98406131 b66a2d24 000f003f b66a2d04 nt!ZwOpenKey+0x11 b66a2d28 98401e27 44fdaacd 00000000 a4f461b8 MbamChameleon+0x6131 b66a2d78 81d7dc49 98421e28 b66a2dd4 001fffff MbamChameleon+0x1e27 b66a2dbc 81d62a8c b66a2e28 87eb2040 b66a3168 nt!ObpCallPreOperationCallbacks+0xd9 b66a2eac 81d76a0e 00000000 b66a3168 00000000 nt!ObpCreateHandle+0x89c b66a3034 81d761ba 9e56fa00 00000200 b66a3168 nt!ObOpenObjectByPointer+0xce b66a3200 81d76039 b66a32cc b66a32e4 00000000 nt!PsOpenProcess+0x17a b66a3220 81bc0b2f b66a32f8 001fffff b66a32cc nt!NtOpenProcess+0x2d b66a3220 81badf15 b66a32f8 001fffff b66a32cc nt!KiSystemServicePostCall b66a32a8 ad005791 b66a32f8 001fffff b66a32cc nt!ZwOpenProcess+0x11 b66a3310 81d71997 000003c8 000028ec 87f68901 farflt+0x5791 b66a333c 81d4e4f0 00000000 48075bf3 00000000 nt!PspCallThreadNotifyRoutines+0x97 b66a33b4 81d4e033 b66a3894 b66a3410 001fffff nt!PspInsertThread+0x3a4 b66a3584 81d4a831 b66a3aec 80000b70 00000000 nt!PspCreateThread+0x211 b66a3a08 81bc0b2f b66a3b10 001fffff b66a3aec nt!NtCreateThreadEx+0x161 b66a3a08 81bae861 b66a3b10 001fffff b66a3aec nt!KiSystemServicePostCall b66a3aac 81e00150 b66a3b10 001fffff b66a3aec nt!ZwCreateThreadEx+0x11 b66a3b3c 81b704c5 00000000 00000000 00040000 nt!RtlpCreateUserThreadEx+0xc2 b66a3b90 81ab1dbf 9e4f2cb0 9e521140 9e580e80 nt!ExpWorkerFactoryCreateThread+0xb1 b66a3bb4 81ab1b96 00000000 000005c0 0320f668 nt!ExpWorkerFactoryCheckCreate+0x13f b66a3c08 81bc0b2f 000005c0 0320f6b0 77410750 nt!NtReleaseWorkerFactoryWorker+0x266 b66a3c08 77410750 000005c0 0320f6b0 77410750 nt!KiSystemServicePostCall 0320f6b0 00000000 00000000 00000000 00000000 0x77410750 STACK_COMMAND: .trap 0xffffffffb66a194c ; kb THREAD_SHA1_HASH_MOD_FUNC: 7c84cad4e395a6ac6b9cbc45a29ffdca7fb29c4b THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 91cea10d87227341343679aaa708d3737ba0d688 THREAD_SHA1_HASH_MOD: a168ef793a0dbedb24c03939f290ba65f52710ce FOLLOWUP_IP: MbamChameleon+6131 98406131 8b3dc0e04198 mov edi,dword ptr [MbamChameleon+0x1e0c0 (9841e0c0)] FAULT_INSTR_CODE: e0c03d8b SYMBOL_STACK_INDEX: a SYMBOL_NAME: MbamChameleon+6131 FOLLOWUP_NAME: MachineOwner MODULE_NAME: MbamChameleon IMAGE_NAME: MbamChameleon.sys DEBUG_FLR_IMAGE_TIMESTAMP: 5ae0d958 BUCKET_ID_FUNC_OFFSET: 6131 FAILURE_BUCKET_ID: 0x7f_8_STACKPTR_ERROR_MbamChameleon!unknown_function BUCKET_ID: 0x7f_8_STACKPTR_ERROR_MbamChameleon!unknown_function PRIMARY_PROBLEM_CLASS: 0x7f_8_STACKPTR_ERROR_MbamChameleon!unknown_function TARGET_TIME: 2018-06-21T20:59:57.000Z OSBUILD: 17134 OSSERVICEPACK: 0 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 SUITE_MASK: 272 PRODUCT_TYPE: 1 OSPLATFORM_TYPE: x86 OSNAME: Windows 10 OSEDITION: Windows 10 WinNt TerminalServer SingleUserTS OS_LOCALE: USER_LCID: 0 OSBUILD_TIMESTAMP: 2018-06-08 18:55:45 BUILDDATESTAMP_STR: 180410-1804 BUILDLAB_STR: rs4_release BUILDOSVER_STR: 10.0.17134.1.x86fre.rs4_release.180410-1804 ANALYSIS_SESSION_ELAPSED_TIME: 221c ANALYSIS_SOURCE: KM FAILURE_ID_HASH_STRING: km:0x7f_8_stackptr_error_mbamchameleon!unknown_function FAILURE_ID_HASH: {b9ae5be3-18b3-bd8f-2c30-bdfcaf14819a} Followup: MachineOwner --------- WARNING: Process directory table base E4B7D020 doesn't match CR3 001A8000 WARNING: Process directory table base E4B7D020 doesn't match CR3 001A8000 Memory Dump for debugging team available upon request. Simply notify me with email and I'll get it to you within a few hours. This is a semi-urgent request so I appreciate if I could have this issue placed on high priority.
  17. Hi, I installed Malwarebytes few days ago to wipe out adware. This morning I started my PC and before the login screen all I got was a black screen and a blinking cursor. I tried everything but its unresponsive. I think it has happened because Malwarebyte accidentally deleted something important. Please tell me how to solve this problem. I've read countless threads but I'm not getting anything. Please help as soon as possible. And if its that process of loading log.txt and another txt file, please explain thoroughly. Help!
  18. Hi everyone, I'd like to know if there is a way to detect special spyware. malware, trojans, keyloggers..and more...created by the biggest ethical hackers worlwide for government's agencies like cia, nsa, all secret agencies worlwide? I ask that question because in the deepweb, some black hat are selling malicious spyware, trojans, keyloggers and many more, and the contract tells that compagnies like norton, avast, yours and all anti-malware haven't got these tools added into their database, and cannot detect them in any way... It's written that these tools are done by the biggest ethical hackers (before they were black hat for most of them) for Goverments and black hat activities, that's why as soon as they are added into your database, they create a new one, to bypass any test... check wikileaks about it.... Is that real or fiction?if yes, how can we be online and be sure 100% that no one is spying us? Please if someone really knows about that, reply with all informations needed. Please no scam, or spam.. Yours truly, corethical/SWITZERLAND
  19. This malicious pop-up appears once a week or so on my Windows 10 PC. No way to close it; I have to enter task manager and shut down a process that appears (I'll take a screenshot of that next time). Ran several full malwarebytes scans and it doesn't detect anything. Malwarebytes is up to date.
  20. John L. Galt

    MB 3.5 mwac.sys caused GSOD

    Hi, all, I was just watching videos on CW.com and mwac.sys failed causing a GSOD. https://photos.app.goo.gl/cum2mHbCusegA8bcA Windows 10 Insider Preview (Skip Ahead) build 17650 x64 MB 3.5.0.2508 CP 1.0.358 UP 1.0.4954
  21. Sorry if this is the wrong forum to post this in. This is my first time posting on these forums. I was wondering if there's a way to confirm if a USB flash drive is free of viruses, malware, and/or ransomware? I used this USB flash drive back on Feb. 23rd with a computer (Windows XP) that was a part of a network. The server was infected with Ransomware and all the files on the shared network were encrypted on Feb. 25th. Supposedly nobody used any of the computers on the network on the 25th, so I suspect that the infection happened earlier and activated the Ransomware at a later date (I don't know if this is even possible). I always remove the flash drive from the computer when I'm not using it, however, since I don't know when exactly the infection occurred, I really don't know if it was infected or not. The tech that was hired was unable to decrypt the files and couldn't contact the hacker to pay the ransom, so we ended up replacing the computer with Windows 10 and restoring some of the files from an older backup. There are files I'd like to transfer from the flash drive to the new Windows 10 computer (Computer #1) and to an older spare computer running Windows XP (Computer #2), as the backup the tech used did not have copies of these files. After avoiding the flash drive for weeks, I decided to test it out on Computer #1 (Apr. 3rd), since I thought Windows 10 would be more secure. After plugging it in, there was a notification saying "There is a problem with this drive. Scan the drive now and fix it." I ran Windows Defender and the scan detected "no threats" on the USB flash drive. I also ran a full system scan and it was also clean. Since then, I have been saving documents to the flash drive and opening files on it (always while using Computer #1), but I've refrained from copying the flash drive's files to Computers #1 and #2 because of a lingering fear of infection. Every time I plug it in, I always get the same notification to scan & fix it, but every time I scan it with Windows Defender, no threats are ever found. It's been over two weeks now since I've tried inserting the flash drive and nothing bad has happened to Computer #1 (or the rest of the network for that matter). I've avoided using the flash drive on Computer #2, because I worry Windows XP will be more vulnerable or the infection will only effect XP but not 10. Questions: 1) MAIN QUESTION: Is the USB Flash Drive safe to use (free of Ransomware, Malware, Viruses, etc.)? 2) Does Ransomware usually wait a period of time before activating or take awhile to encrypt files? 3) Are Windows Defender and Avast Antivirus even capable of detecting Ransomware or am I wasting time running scans with them? 4) Have I made a big mistake by opening files on the flash drive with Computer #1, and spread malware on the network? 5) Does Ransomware even make copies of itself and spread like viruses do? EDIT: Another thing I noticed is that the Flash Drive is supposed to have a size of 16 GB, but according to Windows Explorer, its total size is only 14.9 GB. Is this just false advertisement of the product, or is something wrong with the flash drive? Notes: USB Flash Drive: SanDisk Cruzer Glide 16GB Computer #1: Windows 10 Computer #2: Windows XP (Service Pack 3) Windows Defender: Updates automatically (up to date) - for Computer #1 Avast Antivirus: Updates automatically (up to date) - for Computer #2 * The USB Flash Drive is usually plugged into a computer for 2 hours or less. I very rarely leave it in for a long duration. Thanks for your help, T-Ruth
  22. Hello! I am infected with something and I've reached the limit of my knowledge. My memory usage on my computer is high. Partly that' is not an uncommon occasion - I am a tab-a-hollic and can have 20-50 tabs open in Chrome, But I recognize that behavior, Its old and familiar. This is something new and different. The memory compression process is using 400,000k-700,000k on average and I've seen it use as much as 1200k this week. All the time. It's normal to see memory compression pop up when I close a memory greedy tab or two but it goes away after a minute or so. Now it's here all the time. McAfee's Module Core Service and MMSSHOST process are also using a lot of working set memory too. At first, I found the Memory Compression service was using a lot of both working and privet set memory almost mirroring each other. Then I found a bunch of system protected hidden folders on my C:\ drive. There was even one in my recycling bin! I used McAfee's file shredder on what I could, and when the system prevented me from doing so, I switched to using the Comand Line with Admin authority. When I got all of the hidden system folders I hadn't created deleted and rebooted, Memory Compression's Privet Set usage fell from 400,000-700,000k to 999k
  23. Hello, I went to check my computer this morning and it had updated last night (I assume windows update) and was a bit sluggish. I restarted and when logging in to my account it gave me a black screen. It also prompted me to update and install malwarebytes again. I hit the confirmations but it was frozen. I waited a bit, then decided to hard reset my computer. When I turned it back on everything was fine, but after logging in my whole screen was black. (No start button, no search bar) I then tried restarting a few times to include safe mode w/ networking. I tried SFC with cmd, tried even silent uninstall of malwarebytes through cmd as well. Multiple restarts and attempts to update drivers and nothing. I realize that I may have to silent reinstall malwarbytes to then open it and see if any files are quarantined.
  24. So I got two free keys given to me from Marcin Kleczynski of Malwarebytes over on Reddit. Because I got given a key I didnt have to sign up for an account. I reformatted my PC which I activated MBAM 3 Pro on with the key and forgot to deactivate it first now I cant use that key on my new installed windows 10. The normal process would be to sign into your account and deactivate the license from the list of your devices but because I got given the key and therefore donot have an acount how can I deactivate my license so I can use it on my new OS?
  25. when I go to download drivers for my Couger 600M mouse, as referred to on the mouse's instruction box, http://cougar-world.com/ I am referred to http://159.65.226.68/3dg3/us/?t=(888) 810-8302&bk=72e60765 and given a "microsoft" warning about pornware and riskware being installed and that if I don't call this number 888-810-8302 in less than five minutes that all my credintials will be stolen. a voice in a british accent claims error 0x80072ee7, it is not the cortana voice but I want to know if my computer is truely infected with this stuff or if it is a hoax. please referr to screenshot. I have also reported this site and phonenumber via microsoft feedback. FRST.txt Addition.txt
×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.