Jump to content

[SOLVED] multiple users bugs (icon + alerts)


Durew
 Share

Recommended Posts

I couldn't find the bug in the 'known bugs' part, so I found something genuine.

This case requires two account, User A en B in this example. (In my case user B had adminrights)

First log on as user A. Nothing wrong so far, icon shows and the messages from MBAE show.

Now use 'switch user'and log on as user B. The icon does not show and though the test does not provoke any messages the calculator does not show either.

Now use 'switch user'again and log in as user A. The icon is there and so is the message from MBAE (that and exploit has been blocked).

Now log off and sign in as user B. Now the tray icon is gone, the program mbea.exe is nowhere to be found but the mbae.dll's still load (search for mbae.dll with proces explorer). When using the mbae-test no message is shown but neither is the calculator.

now 'switch'user again an log on as user A. The tray icon is back! I couldn't find (all the) exploit-warnings in the log that where triggerd as user B.

As additional information about my system:

Windows 7 enterprise 32-bit, 4 gb RAM (2.99 useable), i5 processor

Symantec Endpoint Protection 12

EMET 4.0 (not configured to block the mbae-test)

If anything is unclear or you need more information, please ask.

I hope this helps.

Link to post
Share on other sites

  • Staff

Hello Durew, thanks for reporting. This is related to known issue #1 of the traybar icon disappearing:

EDIT: fixed URL

https://forums.malwarebytes.org/index.php?showtopic=135127

While the disappearing icon is somewhat annoying, the protection continues in the background while mbae.exe is running (sometimes you have to run TaskManager as admin to see the mbae.exe process).

We are currently working in developing MBAE to run as a standard Windows Service to avoid these issues. It will be released in a couple or so beta versions.

Edited by pbust
Fixed URL
Link to post
Share on other sites

Hi pbust,

Thanks for your reply.

The link you posted leads me to a post about a new type of rogue. I don't think this was the page you meant.

It was the missing mbae.exe proces that made me consider it a different problem from the 'missing tray icon'-problem. To be sure I've checked again, but the taskmanager (run as admin from the admin account) does not indicate the presence of mbae.exe.

I've added a screenshot with both the taskmanager and the dll's that somehow got injected. It might make my suprise clear. (As Word was started after mbae.exe disappeared.)

As a control test I logged on as user A as well. Went to B's account, killed mbae.exe and started excel. Now the query 'bmae.dll'in "proces explorere search" came up empty.

At restarting MBAE I got an interesting error message about drivers not being loaded. I don't know if this is related. (I think a reboot will get MBAE running again.)

That was a bit longer post than intended, but I think that with things like this being complete is important. I hope the 'running MBAE as service' will fix it.

post-146800-5397.png

Link to post
Share on other sites

Hi Pedro, I sure would love to see the sys tray icon bug fixed. It's no major issue killing and relaunching AE but it is a bit of a pain having to go through that. In fact it seems to be happening more often than not recently when I boot up. No icon.

 

Cheers, Ritchie...

Link to post
Share on other sites

@pbust: I hoped you had a clue what was going on. It doesn't seem malicious to me and I can't really say it bothers me at the moment. If you guys need more info, please ask. Otherwise I'll leave it at this. (For what this bug is concerned.)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.