[SOLVED] False exploit stopped Google Chrome from opening

[droyls]

I have been using Malwarebytes Anti-Exploit for some time and have the latest beta version installed but today encountered a strange problem which stopped me from launching Google Chrome because Anti-Exploit posted a pop-up box advising "An exploit code has been blocked in Google Chrome".

 

This initially occurred when I opened a sales link in an e-mail and then occurred each time I tried to relaunch Google Chrome (without restoring the problem page), i.e. just opening my own home page and still happened after cleaning out all the cache etc for Chrome using Piriform's CCleaner utility.

 

Whilst the problem was present, I could open the exact same web pages in Internet Explorer 11 without problem and Anti-Exploit was silent!

 

This problem only stopped after I shutdown and restarted my computer.

 

The attached mbae log shows the following entry for each exploit code given:

Alert MessageBox from (11688)Google Chrome  

(where the numbers change for each time Chrome is relaunched).

 

I am running Windows 7 32bit fully up to date with all available security fixes etc.

 

Thanks, Steve

 

mbae-default.log

[pbust]

Welcome to the forum droyls and thanks for reporting.

 

We believe this is a problem with one of the current memory protection techniques. We have already fixed this in the next version 0.09.5 which we are finishing as we speak (type).

 

If you are willing in a couple of days max I can send you an alpha build to verify that the issue is fixed.

[droyls]

Hi Pedro, thank you for your very prompt response - I would be happy to try your alpha build when available though cannot guarantee that I will see the same problem again.  I have been using MBAE since July and use Chrome as my default browser without having seen this issue before today, so seems doubtful it will show the problem that easily!  Steve

[pbust]

Thanks Steve. Seems weird that you only started experiencing this recently. Maybe a change in your third-party security software or some type of update to some other software or OS? Could you please download and run DDS and send me the logs?

[droyls]

Hi Pedro, the DDS logs are attached.  No recent changes to Windows 7 or to Microsoft Security Essentials over the past few days that I am aware of.  Steve

attach.txt

dds.txt

[pbust]

In the meantime you might want to check some of the errors showing in your logs, for example do a scandisk + repair of your drive just in case:

26/11/2013 22:50:30, Error: bowser [8003]  - The master browser has received a server announcement from the computer NC10 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7537DE8B-1405-4962-BF62-0C2B65CF8975}. The master browser is stopping or an election is being forced.03/12/2013 15:39:31, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.03/12/2013 15:39:31, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.03/12/2013 15:37:07, Error: Ntfs [137]  - The default transaction resource manager on volume ComodoEvdd encountered a non-retryable error and could not start.  The data contains the error code.03/12/2013 15:36:51, Error: Service Control Manager [7000]  - The DgiVecp service failed to start due to the following error:  The system cannot find the device specified.03/12/2013 15:36:06, Error: Microsoft-Windows-Kernel-Processor-Power [6]  - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.03/12/2013 15:36:04, Error: volmgr [46]  - Crash dump initialization failed!

Also there seems to be something with chrome. Try closing MBAE and rebooting a couple of times to let chrome finish doing its thing (and/or reinstall chrome):

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

[pkolasa]

My friend also has problems with Chrome and MBAE. She installed MBAE 4 days ago and it worked flawlessly until today, when she told me she can't even start Chrome.

 

This is how her Log tab looks like:

 

I am attaching DDS log files as well as mbae-default.log file.

attach.txt

dds.txt

mbae-default.log

[pbust]

We are aware of the issues with Chrome and have changed the memory protection technique in order to be more Chrome-friendly. The fix will be included in the next beta version 0.09.5 which we are about to release. I'll send previews of the 0.09.5 to the people to have posted here so that you may test the new version earlier to verify that the fix works correctly with Chrome.

[hake]

Running Win 7 (32bit), Google Chrome does not like MBAE with EMET 4.1 SEHOP, EAF or ROP mitigations enabled.  It is fine with Deep Hooks enabled.  When running Chrome with MBAE under Win XP SP3 (32bit), it is able to run with SEHOP mitigation enabled.

[pbust]

Google has advised in the past from using EMET to protect Chrome as there are too many incompatibilities. Therefore we will not support this combination (Chrome + MBAE + EMET). For Chrome we will only support Chrome+MBAE.