Jump to content

MBAM 2 *always* starts with Windows?


Recommended Posts

MBAM 2 Premium in Win7x64

In Advanced Settings, I have all Advanced Options unchecked.

Yet when I start Windows (power-on or restart) I get a warning from MBAM that I need to fix protection.  I fix it and MABAM is started.

How is it a disabled "Start Malwarebytes Anti-Malware with Windows" means "Malwarebytes Anti-Malware starts with Windows"?
 

Link to post
Share on other sites

  • Staff

Delete Autostart Entries Using Autoruns:

  • Please download Sysinternals Autoruns from here and save it to your desktop.
    • Note: If using Windows Vista or Windows 7 then you also need to do the following:
      • Right-click on Autoruns.exe and select Properties
      • Click on the Compatibility tab
      • Under Privilege Level check the box next to Run this program as an administrator
      • Click on Apply then click OK
  • Double-click Autoruns.exe to run it.
  • Now, in Autoruns, click on the Logon tab and look for any Malwarebytes Anti-Malware entries. If you find one, right-click on it and select Delete then click Yes when asked to confirm. Once that is done, reboot your computer and see if Malwarebytes Anti-Malware still starts when you've set it not to do so.

    For those curious, this happens because the old startup entry for Malwarebytes Anti-Malware 1.75 is sometimes left behind in the registry after it has been uninstalled. Malwarebytes Anti-Malware 2.0 does not use the registry to start with Windows, but this old entry may cause it to start.

Link to post
Share on other sites

Hi, exile360:
 

For those curious, this happens because the old startup entry for Malwarebytes Anti-Malware 1.75 is sometimes left behind in the registry after it has been uninstalled. Malwarebytes Anti-Malware 2.0 does not use the registry to start with Windows, but this old entry may cause it to start.

Ah!

That would explain it!

For some folks it seem to be intermittent or transient (another reboot or 2 fixes it)?

 

Questions:

1) So, for some of these users, even running mbam-clean and rebooting is not fixing it (i.e. not removing the old startup entry)?

2) IOW, a "clean" upgrade may not guarantee that this behavior won't happen?

3) Is it likely the user's AV or other security application that is preventing the removal of the old startup entry from the registry?

4) Does this also explain why some users (e.g. this user) are seeing 2 instances of MBAM loading in the system tray upon system reboot?

 

<just curious>

 

daledoc1

Link to post
Share on other sites

  • Staff

Hi, exile360:

 

Ah!

That would explain it!

For some folks it seem to be intermittent or transient (another reboot or 2 fixes it)?

 

Questions:

1) So, for some of these users, even running mbam-clean and rebooting is not fixing it (i.e. not removing the old startup entry)?

2) IOW, a "clean" upgrade may not guarantee that this behavior won't happen?

3) Is it likely the user's AV or other security application that is preventing the removal of the old startup entry from the registry?

4) Does this also explain why some users (e.g. this user) are seeing 2 instances of MBAM loading in the system tray upon system reboot?

 

<just curious>

 

daledoc1

1. I don't know. Running mbam-clean should remove that startup entry.

2. Again, I'm not sure. I guess that depends on what you mean by a clean upgrade.

3. It's possible.

4. I'm not sure, but it's possible.

Link to post
Share on other sites

Hi:

 

Thanks for quick reply (and I don't wish to hijack the OP's thread -- I've just seen several of these reported in the past week).

 

1) I would have thought mbam-clean and a reboot would remove it, but I thought I saw a few reports where it did not?

2) "Mbam-clean 1.75 > reboot > install 2.00", as opposed to upgrading on top of 1.75.  (I understand that the 2.00 installer is supposed to uninstall 1.75.)

3) Just curious.

4) OK, thanks. Wasn't sure if it was related to the "2 instances upon reboot" issue or not.

 

<sorry for intruding and apologies to the OP>

 

Thanks,

 

daledoc1

Link to post
Share on other sites

  • Staff

If doing this or performing a clean install of 2.0 does not resolve the issue where 2 instances of mbam.exe are observed at startup, then this is not the cause. It's far more likely that some race condition is occurring such as a scheduled scan or update kicking off at the exact instance that Malwarebytes Anti-Malware is launching at startup, resulting in 2 instances of the UI/tray running at the same time. Of course that is just speculation on my part though.

Link to post
Share on other sites

For those curious, this happens because the old startup entry for Malwarebytes Anti-Malware 1.75 is sometimes left behind in the registry after it has been uninstalled. Malwarebytes Anti-Malware 2.0 does not use the registry to start with Windows, but this old entry may cause it to start.

No Malwarbytes item in Logon Autoruns found on my system.

 

A registry search returned no keys or values associating MBAM or Malwarebytes with logon.  What precisely is the regisrty entry you refer to so I can check again?

 

Thank you.

Link to post
Share on other sites

@Dallas - one other user reported this at one time or another (was it you?) and it seemed somehow related to either

 

  1. Running the original installer from a LUA, or
  2. having multiple user accounts logging in, at least one if which is not an administrator account.

Neither of these apply to you, do they?

Link to post
Share on other sites

  • Staff

No Malwarbytes item in Logon Autoruns found on my system.

 

A registry search returned no keys or values associating MBAM or Malwarebytes with logon.  What precisely is the regisrty entry you refer to so I can check again?

 

Thank you.

It would be located under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run for 32 bit Windows versions and HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run for 64 bit Windows versions.

If you would, please do the following:

Create an Autoruns Log:

  • Please download Sysinternals Autoruns from here and save it to your desktop.
    • Note: If using Windows Vista or Windows 7 then you also need to do the following:
      • Right-click on Autoruns.exe and select Properties
      • Click on the Compatibility tab
      • Under Privilege Level check the box next to Run this program as an administrator
      • Click on Apply then click OK
  • Double-click Autoruns.exe to run it.
  • Once it starts, please press the Esc key on your keyboard.
  • Now that scanning is stopped, click on the Options button at the top of the program and select Filter Options...
  • In the Autoruns Filter Options dialoge, verify that the following are unchecked, if they are checked, uncheck them:
    • Include empty locations
    • Show only per-user locations
    • Hide Microsoft entries
    • Hide Windows entries
  • Verify that the following is checked, if it is unchecked, check it:
    • Verify code signatures
  • Once that's done click the Rescan button or press F5 on your keyboard, this will start the scan again, this time let it finish.
  • When it's finished and says Ready. on the lower left of the program window, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
  • Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the Autoruns.zip folder you just created to your next reply

    List Services:

    • Please copy and paste the following text exactly as written into notepad (not wordpad or any other text editor):

      @color 48 @echo off net start>"%userprofile%\desktop\Services.txt" sc query type= service state= all>>"%userprofile%\desktop\Services.txt" "%userprofile%\desktop\Services.txt" del /f /q "%userprofile%\desktop\Services.txt" del /f /q %0
      Once you've done that click on File and select Save As...
    • In the Save dialogue box click on the drop down menu next to Save as type and select All Files
    • Name the file ServInfo.bat (the .bat extension is very important)
    • Save the file to your desktop and double click it to run it.
    • Once it finishes it will open the file it created in notepad, please copy and paste the file's contents into your next reply.
    Thanks :)
Link to post
Share on other sites

@Galt & exile

Thanks for your personal attention.  But I failed to post up in #1 as I did in my Windows Photo Viewer won't launch & Workaround topic: "No troubleshooting efforts are solicited...nor can I engage in any at this point in time."

 

Running the original installer from a LUA, or having multiple user accounts logging in, at least one if which is not an administrator account. Neither of these apply to you, do they?  They do not.

 

I'm not even sure if those instructions relate to my OP or the "double icon" thing some one thoughtfully posted up in this topic.

 

Don't take it personally.  I recently retired from 20+ years of enterprise systems and IT support and admin.  I've been troubleshooting PCs since DOS 2.0 and I just don't have the enregy for it anymore.  These days I use my systems for pleasure and personal commerce and finance and I have no patience with commercial software that gets in my way regardless of price or SLA.  Even posting up here is a PITA; either something works well or I trash it and even eat the cost if I have to.

 

I've run into yet another issue I've posted up as MBAM Exclusions crazy replication where I also explain my next strategy for v2.0.

 

Thanks again.
 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.