Jump to content

The newest update that just downloaded broke - hard.


Recommended Posts

  • Replies 144
  • Created
  • Last Reply

Top Posters In This Topic

I guess that is the benefit of having a business/corporate/enterprise edition with scheduled updates = many computer will be affected.

Thanks for making life harder for IT. We'll go back to the free edition without protection module.

Well done Malwarebytes. You are now in line with some other AV/Malware vendors that also caused to destroy systems.

As mentioned above I cannot do anything because the kernelbase.dll is broken.... and who knows what else. I also ran out of disk space during the time Malwarebytes tried to quarantied. I had several GB of disk space left before it happened.

Link to post
Share on other sites

Many of my clients are unable to boot their computers at all, so a Staff member might want to post a tutorial on how to use System Restore from the Win7 Repair Menu on boot.

Also, every company has the occasional FP, though this was quite serious. Don't abandon an amazing company over a fluke.

Link to post
Share on other sites

To open the System Recovery Options menu on your computer


  • Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer using the computer's power button.

  • Do one of the following:

    • If your computer has a single operating system installed, press and hold the F8 key as your computer restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you need to try again by waiting until the Windows logon prompt appears, and then shutting down and restarting your computer.

    • If your computer has more than one operating system, use the arrow keys to highlight the operating system you want to repair, and then press and hold F8.

    [*]

    On the Advanced Boot Options screen, use the arrow keys to highlight Repair your computer, and then press Enter. (If Repair your computer isn't listed as an option, then your computer doesn't include preinstalled recovery options, or your network administrator has turned them off.)

    [*]

    Select a keyboard layout, and then click Next.

    [*]

    On the System Recovery Options menu, click a tool to open it.

Link to post
Share on other sites

Fluke? If AV/Malware program screws with system files then this is poor/non-existend quality control.

Yes, it was a fluke - a bad definition file that mislabeled safe files as malicious files. Any program that uses definitions to scan for malicios files is vulnerable to this sort of fluke, unfortunately. I remember numerous instances of FPs from just about every major Av/antimalware product since 2000.

To open the System Recovery Options menu on your computer


  • Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer using the computer's power button.

  • Do one of the following:

    • If your computer has a single operating system installed, press and hold the F8 key as your computer restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you need to try again by waiting until the Windows logon prompt appears, and then shutting down and restarting your computer.

    • If your computer has more than one operating system, use the arrow keys to highlight the operating system you want to repair, and then press and hold F8.

    [*]

    On the Advanced Boot Options screen, use the arrow keys to highlight Repair your computer, and then press Enter. (If Repair your computer isn't listed as an option, then your computer doesn't include preinstalled recovery options, or your network administrator has turned them off.)

    [*]

    Select a keyboard layout, and then click Next.

    [*]

    On the System Recovery Options menu, click a tool to open it.

Thanks for these instuctions.

Link to post
Share on other sites
  • Staff

Has anyone restarted MBAM and updated safely ?

I was able to, but I suspect it was only because it hadn't yet quarantined anything critical to my system. I had to reinstall Malwarebytes Anti-Malware and then restore all items from quarantine, now everything is functioning normally again. Unfortunately many users were not so lucky. I'm hopeful that we can get these users' systems repaired as soon as humanly possible so that they can get on with using their systems.
Link to post
Share on other sites

I was able to, but I suspect it was only because it hadn't yet quarantined anything critical to my system. I had to reinstall Malwarebytes Anti-Malware and then restore all items from quarantine, now everything is functioning normally again. Unfortunately many users were not so lucky. I'm hopeful that we can get these users' systems repaired as soon as humanly possible so that they can get on with using their systems.

So should I restart it or wait ?

Link to post
Share on other sites

If you were able to get Malwarebytes Anti-Malware to run and restored all from quarantine you should be OK to restart.

Once I did the system restore point and got the machine to run I turned off MBAM.

I do not know if there is anything still quarintined or not, when it was doing the quarintine thing it must have done dozens at a time.

Link to post
Share on other sites

So I finally got my system back up and running.

I got it into safe mode and initially read about installing MB back on the system. I only had an older version on my flash stick and installed that (bad idea) and it made things worse. Was able to find a free PC the download the newest version on my flash stick and then installed that and updated and turned off file protection. While in Safe Mode I did a Restore All on the quarantined files, but they did not disappear from the the list. I hit the Restore All a few times and then gave up hope and figured I'd try a reboot. To my surprise I am in and working now.

I checked MB and it still lists all those files that it quarantined there, but I'm guessing they are not there? If they were my system wouldn't be working.

Is there a fix going to be issued to clear that Quarantine list? Can I safely choose to delete the entries in the list? (I don't want them to be somehow linked to the working files and cause more problems if I do this!)

Also I initially had EVERYTHING turned on in the Protection Menu of MB since I'm a paid user. I'm guessing if I had "Automatically quarantine filesystem threats detected by the protection module." turned off then I probably could have stopped this from happening by choosing not to quarantine these files as they popped up?

Should I consider running that option unchecked in the future in case there is a rare chance this happens again?

Link to post
Share on other sites
  • Staff

Once I did the system restore point and got the machine to run I turned off MBAM.

I do not know if there is anything still quarintined or not, when it was doing the quarintine thing it must have done dozens at a time.

Yes. You will be able to see by accessing the Quarantine tab. If anything remains after restoring all items from quarantine, they were most likely just duplicate backups.
Link to post
Share on other sites
  • Staff

So I finally got my system back up and running.

I got it into safe mode and initially read about installing MB back on the system. I only had an older version on my flash stick and installed that (bad idea) and it made things worse. Was able to find a free PC the download the newest version on my flash stick and then installed that and updated and turned off file protection. While in Safe Mode I did a Restore All on the quarantined files, but they did not disappear from the the list. I hit the Restore All a few times and then gave up hope and figured I'd try a reboot. To my surprise I am in and working now.

I checked MB and it still lists all those files that it quarantined there, but I'm guessing they are not there? If they were my system wouldn't be working.

Is there a fix going to be issued to clear that Quarantine list? Can I safely choose to delete the entries in the list? (I don't want them to be somehow linked to the working files and cause more problems if I do this!)

Also I initially had EVERYTHING turned on in the Protection Menu of MB since I'm a paid user. I'm guessing if I had "Automatically quarantine filesystem threats detected by the protection module." turned off then I probably could have stopped this from happening by choosing not to quarantine these files as they popped up?

Should I consider running that option unchecked in the future in case there is a rare chance this happens again?

Those files which remain in quarantine are likely just duplicate copies. Due to the rapid detections caused by this false positive, the protection module was frequently creating duplicates. I experienced this myself on my own system.

We have taken extensive measure to ensure that this never happens again.

Link to post
Share on other sites

Impacted me a little ! Used system restore a re-install

and back to normal...**** happens cant always go smooth

Marcin is a good dude and will help all his folks

out of this mess and make it right!

exile360, thanks for all the great info!!

what a team here....right on and thank you again

G

Link to post
Share on other sites

A colleague didn't quarantine files but after a reboot cannot get in the system at all, not even safe mode. My system got screwed because it damaged system files which doesn't allow me to install or run anything. There are no restore points. My computer disk drive is encrypted so it would be quite some time to decrypt it and then trying to fix some DLL with the slim chance to ever fix the whole system. I can only do a fresh install as fastest/easiest option in my case.

A FP positive on SYSTEM files is no excuse. And that other have that happened also on SYSTEM files is also no excuse. IF there is a proper quality control then it would be noticed since system files only change if they are changed my an update from M$.

I understand FP's happen but again I have no understanding when that happens on system files.

The "extensive measures" don't restore confidence in the reliability in the product as real-time protection.

Good luck everyone fixing their system.

Link to post
Share on other sites

While I understand your frustration (and everyone else's - I was a victim here too, I just caught it a lot faster than most) I can guarantee this - Marcin is not going to let this kind of thing happen again. Mark my words.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.