Jump to content

Malwarebytes crippled

Andrew6974
 Share

Recommended Posts

Andrew6974

Andrew6974

Posted
Posted

Hello.

I would like some advice about a serious problem with Malwarebytes I experienced yesterday. When I turned the computer on
yesterday morning after not using it for a couple of days I was shocked to find that Malwarebytes was
effectively crippled - malware and website protection was disabled and would not re-enable and I could not get updates
either just an error message.

Nothing like this has ever happened to me before when running MBAM.

I ran mbam-clean and did a clean re-install. Since then the program appears to be functioning normally again - all protections
are enabled and it is updating and scanning normally.

It has left me baffled though as to how/why it happened and feeling a bit uneasy as it certainly had all the hallmarks
of a targeted malware attack designed to cripple malwarebytes.
But if it were malware then presumably it wouldn't have let me re-install malwarebytes again and also Norton has not
been affected in any way - that was left functioning perfectly through all this. Again, if it were a malware attack would it
not have crippled Norton as well ?

I have attached the standard diagnostic logs and would appreciate it if someone could take a look and advise me if it
warrants further investigation - I'm not sure if something on my system somehow scrambled MBAM of if I have been infected with something

Thank you.

CheckResults.txt

FRST.txt

Addition.txt

Link to post
Share on other sites
Firefox

Firefox

Posted
Posted

Not seeing anything specific in those logs, but I see you already did a clean re-install of Malwarebytes and that corrected your issue. Below are a few things to check when and if this happens again. Should it happen again, come on back and post when the computer is in that state, before you do anything so we can collect logs and see if we can tell what happened.

A couple of easy things to check:

>> First, please be sure your system date/time are correct.

>> Then, please be sure that your AV and firewall both give MBAM full permissions. It's possible that your AV or firewall might be treating the new build as a new program and may be blocking it -- the files that need to be excluded can be found =>HERE<=. Please post back if you need help with that.

>> Also, please check to be sure there are no "Detected Threats" that need to be dealt with first, as this can prevent the program from updating: Click the "Scan" button at the top of the dashboard and verify that there are no detected threats (especially PUPs or PUMs) awaiting your actions.

Thanks,

Link to post
Share on other sites
1PW

1PW

Posted
Posted

Hello Andrew6974:

Strictly on a volunteer basis, the Malwarebytes developers would appreciate, when mbamservice.exe comes to an abnormal end (ABEND) again, if you would capture and send us a dump from a time immediately after the ABEND event.

Please look over the two instruction postings that follow to see if you would like to participate.

We do appreciate that your personal time is important to you, and if events in your day do not permit, we will understand and thank you for your consideration.

Thank you.

Link to post
Share on other sites
1PW

1PW

Posted
Posted

Hello Andrew6974:

Create a Full Crash Dump using Sysinternals Process Explorer:

  • Please download the most recent Microsoft Sysinternals Process Explorer from here and save it to your desktop.
    • Note: If using Windows Vista,Windows 7 or Windows 8 then you also need to do the following:
      • Right-click on procexp.exe and select Properties
      • Click on the Compatibility tab
      • Under Privilege Level check the box next to Run this program as an administrator
      • Click on Apply then click OK
  • Double-click procexp.exe to run it.
  • Once the crash happens, leave the error window open and find mbamservice.exe in the process list in Process Explorer and right-click on it and hover your mouse over Create Dump and select Create Full Dump...
  • Save the mbamservice.dmp file to your desktop and close Process Explorer
  • Right-click on the mbamservice.dmp file you just created and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the ZIP file you just created to your next reply if it is small enough. If it isn't, then please upload it to a file sharing service such as WeTransfer and provide the download link for the file in your next reply.
Thank you.
Link to post
Share on other sites
1PW

1PW

Posted
Posted

Hello Andrew6974:

The following are the instructions for using the recommended WeTransfer service:

Upload File(s) to WeTransfer:

  • Visit WeTransfer.com
  • Click on I Agree

    4ENbg3P.png

  • Click on the icon on the lower left indicated in the below image

    qKOjzXD.png

  • Select the Link option

    Cyzhcx1.png

  • Click on +Add Files

    CvZMyrC.png

  • Browse to the location of the file and double-click on it or click once on it and select Open

    S5Ty834.png

  • Click on Transfer

    8eYfZGi.png

  • Once the transfer completes, click on Copy link

    fkb0tkR.png

  • Once you receive the Copied! message as indicated below, paste the link into your next reply

    ndpEstA.png

Thank you.
Link to post
Share on other sites
Andrew6974

Andrew6974

Posted
  • Author
Posted

Hi Firefox,

 

Thank you for checking the logs for me.

 

To address the issues in your post...

 

> System date / time is correct

> I have mutual exclusions set between Malwarebytes and Norton

> I have ran a threat scan and a full / custom scan with Malwarebytes and nothing has been detected (same with Norton too).

 

... the only other oustanding issues regarding MBAM is the occasional double icon bug (sometimes two MBAM icons appear in taskbar) and the MBAM icon doesn't appear in the taskbar whenever Norton runs it's occasional 'early launch anti-malware scan' - however I have reported on these issues in the past. They have been present since MBAM 2.0 was first rolled out. Simply rebooting corrects this when it happens and I regard it more as an annoyance rather than a serious problem.

It would be nice if these problems could be fixed in a future version though.

Link to post
Share on other sites
Andrew6974

Andrew6974

Posted
  • Author
Posted

Sorry 1PW - I may have misread your instructions. Are you looking for the dump of the previous crash (as I described in post #1) to be located and uploaded or is this to capture a crash in realtime as it happens ?

 

You said...

 

"Once the crash happens, leave the error window open and find mbamservice.exe in the process list in Process Explorer and right-click on it and hover your mouse over Create Dump and select Create Full Dump..."

 

As I expained since re-installing it yesterday there have been no further MBAM crashes. It was just the one event yesterday morning.

 

If you are looking to capture a crash in progress I can certainly install sysinternals as described so that if it does happen again I can capture it for you. Is that what you meant ?

 

I would appreciate it if you could clarify for me as I don't have much experience in such matters.

 

Thanks.

Link to post
Share on other sites
1PW

1PW

Posted
Posted

Sorry 1PW - I may have misread your instructions. Are you looking for the dump of the previous crash (as I described in post #1) to be located and uploaded or is this to capture a crash in realtime as it happens ?

It is unlikely that a previous abnormal ending created a dump file.

You said...

 

"Once the crash happens, leave the error window open and find mbamservice.exe in the process list in Process Explorer and right-click on it and hover your mouse over Create Dump and select Create Full Dump..."

 

As I explained since re-installing it yesterday there have been no further MBAM crashes. It was just the one event yesterday morning.

 

If you are looking to capture a crash in progress I can certainly install Sysinternals as described so that if it does happen again I can capture it for you. Is that what you meant ?

Collectively we are hoping that something useful can be captured immediately after the next failure event. BTW - Sysinternals (procexp.exe) is completely portable and never requires installation. When subsequently deleted, no traces will be left in your system. One or more system logs may have an entry showing the past download and execution.

I would appreciate it if you could clarify for me as I don't have much experience in such matters.

 

Thanks.

I've sent you the instructions when and if you have the time and inclination. Again, we appreciate any information you can pass us.

Thank you.

Link to post
Share on other sites
Andrew6974

Andrew6974

Posted
  • Author
Posted

Thanks for clearing that up for me 1PW.

 

Collectively we are hoping that something useful can be captured immediately after the next failure event.

 

Although I am hopeful that there won't be a next "failure event" on my computer I will nevertheless set up sysinternals process explorer as you instructed so that if / when it happens again I will be prepared to create and upload the information to you.

 

Hopefully if it does happen again I will be able to provide some useful data.

Link to post
Share on other sites
  • 3 weeks later...
Andrew6974

Andrew6974

Posted
  • Author
Posted

Hi.

 

Just checking in with this topic to report that I have not experienced any further issues with MBAM in the past three weeks.

 

I have noticed on the forums in recent weeks an increase in people using Windows 8.1 reporting the exact same problem I had.

Is this anything to be concerned about ?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.