Jump to content

MBAM 2.x becomes unresponsive to Windows


Recommended Posts

  • Root Admin

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java.

 

Then run the following

 

Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

 
 
Then make sure you have a registry backup and run the following
 
Please visit this webpage and read the ComboFix User's Guide:
  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

Okay.  I'm willing to do that, but I don't feel comfortable at all without a REASON to do it.  There is no obvious (to me) connection between Java and MBAM so an explanation would be nice.  As far as doing anything to my registry -- no way, unless I know exactly what it is going to do.

 

Mortimer

Link to post
Share on other sites

Please can you clarify your issue?
Is only the MBAM window becoming unresponsive, or the whole of the OS/any running web browser(s) too?
If the latter, I have the exact same issue with both the OS shell (taskbar/notification area icons) + web browser both becoming frozen/locked up and unresponsive, during the Pre-Scan phase of MBAM Scan.

Link to post
Share on other sites

@Naki:

 

No, not the same at all.  My system remains stable and just MBAM quite running -- usually in the middle of a scan.  Pretty much every morning, I turn on my monitor and am greeted by "MalwareBytes has stopped responding to WIndows.....".

 

I would suggest the you start your own thread as our difficulties are not the same at all.

 

Mortimer

Link to post
Share on other sites

  • Root Admin

The program combofix will make a backup of your Registry for you as well as a new System Restore point.  Please proceed with running the tool so that it can scan and attempt to find and correct problems.  Anything removed can be restored back if you really want to.

Link to post
Share on other sites

Here are the results.  ComboFix removed two things that I would like to recover:

 

Matrix32.scr  (which is a "Matrix" style screensaver)

F:\Autorun.inf  (which contains a custom autorun with a logo I want displayed when I attach the drive)

 

The other 4 items I don't care about.

 

Before I ran ComboFix, I took a look at my Event Viewer and found no more MBAM hangups at all -- none.  I was able to run all three types of scans with no ill effects.  I have NOT altered my Java settings nor have I deleted/installed Java.

 

Back when I was in the Navy, my technicians had a phrase (which I hated) that they put in the "solution" box.  It was "CCWT", which meant "Came Clear While Testing".  In any other environment, I suppose it would be called 'magic'.

 

The log file is attached.

 

Mortimer

 

ComboFix.txt

Link to post
Share on other sites

All I really need to know is how to recover those two files that were deleted.  I can find them in the directory C:\Qoobox, but I suspect there is some incantation I need to actually draw them out of quarantine and back into use.

 

Mortimer

Link to post
Share on other sites

All right.  The file you want is attached.  I am going to wait a few more days and see if the unresponsiveness returns.  If it does, then I will give the BETA a chance.  If not, I'll go with the production run until the Beta is released officially.  Never attempt to fix what isn't broken is my motto.

 

Mortimer

ComboFix-quarantined-files.txt

Link to post
Share on other sites

  • Root Admin

Please save the file "CFScript.txt" to the same location as combofix.exe then quite your browser and using your mouse Drag-and-Drop "CFScript.txt" onto Combofix and it will run again and restore the files you listed for you.

 

Let me know if you have any issues with running that or it restoring the files.

 

Cheers

 

 

 

CFScript.txt

Link to post
Share on other sites

I now have my two files back.

 

BUT, whatever else ComboFix did completely screwed up my Internet connection.  I am now on another machine and struggling to find out what it did to my adapter's TCPIP stack.  Somehow, it has completely blocked any connection through it where before I was connecting just fine.  I definitely DO NOT appreciate having this happen.

 

If you can tell me what ComboFix messed with perhaps I can salvage my connection.  Otherwise, I'm probably going to have to rebuild the whole thing from scratch.

 

Thanks loads.

 

Mortimer

Link to post
Share on other sites

Further information:  I am now back on my primary machine.

 

What ComboFix did was destroy the TCPIP stack so badly that the only way I can connect through the adapter is to enable DHCP.  To do that, I had to use another computer to connect to my router and enable it.  Any attempt to go back to an assigned IP address fails with a 'no connection to Internet" popup on my notification area over the network icon.  I am still troubleshooting that and have NO ideas as to what to check next.  I have already disabled the adapter, rebooted, and let Windows "find" it and reload the drivers.  That didn't work as my assigned IP address still fails.

 

Please excuse me if I don't run any more of your "fixes".

 

Mortimer

Link to post
Share on other sites

Even more information:

 

My Autorun for connected USB drives has stopped working.  The Control Panel "Autoplay" is of no help and even if I "Use Autoplay for all media and devices" I still cannot get it to run and show my special icon for the drive.

 

What has ComboFix messed with?

 

Mortimer

Link to post
Share on other sites

  • Root Admin

Combofix created 3 different types of backups.  It is the #1 most used tool on the Internet for finding and fixing difficult to detect and remove infections.  One of the few that also creates multiple fail safe backups just in case something were to go wrong.  Most other tools do not.

 

You have a fresh System Restore Point that  you can run to put the computer back to the exact state it was before you ever even ran Combofix.

 

Please follow the directions from this topic and it will show you how to perform a System Restore using the one created before Combofix was run.

 

How to Do a System Restore in Windows 7

 

Then restart the computer and it will be back exactly as it was.

 

Once that is done if you're not happy with the product you can run the  MBAM Clean Removal Process 2x

Then after the reboot simply do not reinstall the product.

 

 

Link to post
Share on other sites

Pretending it never happened is NOT the answer I was looking for.  I've been in the computer/hardware/software business since 1962 and know how to run a System Restore.

 

I need to know three things (reply VIA PM if you desire):

 

1) what you saw in my previous logs that prompted you to suggest ComboFix.

 

2) what happened to my IP stack

 

3) Why my Aut0Play/Autorun will not work anymore.

 

I also found a Registry entry (under HKLM) with a keyword of "Disable_Registry_Tools".  I removed it, but that didn't help anything.

 

Mortimer

Link to post
Share on other sites

  • Root Admin

No one is pretending anything. You posted in a panic and said you wanted to move on from MBAM and go with Emsisoft so I posted how to restore your system back before the issue with your networking.

1. You have all sorts of spurious junk in your logs (if you've been running a computer business since 1962 then I would hope I wouldn't need to point them out)
Ask.com considered junk by many, Java out of date, etc. Combofix is the best tool known to track down and remove junk and fix items for computers automatically. No one is going to go through the files, folders, and registry manually to do this and why I recommended the tool.

2. No one knows or has time to do forensics as to why. Fixing it is what is important.

3. Do a System Restore as I said and it will work or it was already broken.

I'm sorry Mortimer, no one is here to argue with you or force you to do anything. We're simply trying to assist you with fixing potential issues so that MBAM will work correctly on your computer. In the hundreds of thousands of logs you'll find on the Internet using Combofix you will rarely find one where it was not able to fix problems that even commercial products could not fix. It's a great tool and I'm sure that we could probably work through it and get things fixed up but again you seem more intent on doing things your way.

Please do the System Restore - It will put your computer back to where it was before you ran Comobofix.
 

Thank you again

Link to post
Share on other sites

1) I did NOT post "in panic".  I posted a simple statement that MBAM kept disassociating itself from my OS.

 

2) I've reviewed each and every log created by the runs you had me make.  I saw nothing in them that I considered "junk".  What happened to remain of Ask had already been neutralized by me and was not visible anywhere on my computer - including services and browser.  The latest version of Java had just come out and been installed.  I did not have enough time to use their tool to remove older versions.

 

3) I have already done a System restore back to the point where all this nonsense started.  I was reluctant to do that only because I was curious as to the reasons for running ComboFix.  Now I know.

 

Any software, especially software designed to pull malware and/or viruses from a computer, needs to have an aura of trust.  For many years MBAM had my trust.  With the coming of the latest version, and the attendant alterations to the way it interfaces with the user and his system,  perceived by many (as evidenced by all the threads) as being a step backwards, I have decided to do just as I said in my last post and remove MBAM from at least this system as I have lost my level of trust.

 

It remains to be seen if I remove it from all my machines.  Customer services is a thankless job for the most part.  I am heavily involved in it myself from time to time.  I'm sorry if you think my tone is argumentative as it was not meant to be.  I simply wanted to know what it was that ComboFix had done to my system (beyond reading the description on the download page) to make it so unresponsive.  System Restore is a good tool but can, and sometimes does, cause the return of whatever it was that started the whole troubleshooting session off.  In this case, it didn't.

 

As far as I am concerned, this thread can be marked as 'solved'.  I can't do it, because I can't edit my posts.

 

Mortimer

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.