wolf_b Posted August 3, 2014 ID:862071 Share Posted August 3, 2014 The context menu is available but it does not scan anything. Only the main screen of MBAM opens. New version 2.0.2.1012. Link to post Share on other sites More sharing options...
daledoc1 Posted August 3, 2014 ID:862074 Share Posted August 3, 2014 Hello and : Yes, we have seen that behavior reported a few times, mostly on systems that did an in-place upgrade from version 1.75 to version 2.0. First, please try to reboot the system (the right-click context menu scan requires integration with the Windows Operating System, so a reboot may fix it).Also, please be sure you have the proper setting enabled (context menu scanning is disabled by default in version 2) -- see screen shot.If those suggestions don't resolve your issue:Please follow the steps in this pinned topic to uninstall your current version of MBAM and reinstall the latest build - MBAM Clean Removal Process 2xIf that does not correct the issue, then please read the following and post back attached to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)NOTE: There is an FAQ section with valuable information located here - Common Questions, Issues, and their SolutionsPlease let us know how it goes.Thanks, Link to post Share on other sites More sharing options...
wolf_b Posted August 7, 2014 Author ID:863522 Share Posted August 7, 2014 Hello,installing 2.0.2.1012 new did not change anything.Addition.txtFRST.txtCheckResults.txt Link to post Share on other sites More sharing options...
Firefox Posted August 7, 2014 ID:863579 Share Posted August 7, 2014 Your logs indicate that this computer is infected, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware. Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers Thank you Link to post Share on other sites More sharing options...
wolf_b Posted August 9, 2014 Author ID:864392 Share Posted August 9, 2014 Hello,Sorry, I have already made a scan few days ago and removed 3 possibly unwanted Programs. However, if it is infected anyway, malwarebytes should run in the way it is designed or there is a bug in the newversion! :angry2: Link to post Share on other sites More sharing options...
daledoc1 Posted August 9, 2014 ID:864414 Share Posted August 9, 2014 Hi: There may well be other infections or remnants from infections or damage from infections on the system.Some malware specifically targets MBAM and other security applications, preventing them from running properly.This article explains a bit more: The complexity of finding, preventing, and cleanup from malware If you would like help getting a deeper look at the system and cleaning it up, please follow the advice in this pinned topic: Available Assistance for Possibly Infected ComputersYour helper there can also assist you with getting MBAM up and running. Thanks, Link to post Share on other sites More sharing options...
wolf_b Posted August 10, 2014 Author ID:864753 Share Posted August 10, 2014 Hi,I have tested it with Process Monitor: it shows that the file to be scanned is not opened by Malwarebyte. The only command that contains this file (CAPTURE88 QVC 2.AVI) is the following: C:\Program Files (x86)\WinRAR\RarExtLoader.exe"C:\Program Files (x86)\WinRAR\RarExtLoader.exe" RarLdrTitle252730480#RarExtMapFile252730480Date & Time: 10.08.2014 08:58:29Event Class: File SystemOperation: QueryOpenResult: SUCCESSPath: M:\Public Videos\CD\CD-R5\CAPTURE88 QVC 2.AVITID: 5700Duration: 0.0000118CreationTime: 08.08.2014 13:21:20LastAccessTime: 08.08.2014 13:21:20LastWriteTime: 27.09.2001 13:09:30ChangeTime: 08.08.2014 13:31:33AllocationSize: 5.722.112EndOfFile: 5.722.072FileAttributes: A I think, malwarebytes should open this file also and there should be an appropriate command. Furthermore, Windows event viewer reports an error:Log Name: ApplicationSource: Application ErrorDate: 10.08.2014 08:58:48Event ID: 1000Task Category: (100)Level: ErrorKeywords: ClassicUser: N/AComputer: Wolf-PCDescription:Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: QtCore4.dll, version: 4.8.4.0, time stamp: 0x51352df8Exception code: 0xc0000005Fault offset: 0x001256a3Faulting process id: 0x4fcFaulting application start time: 0x01cfb46882331499Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeFaulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\QtCore4.dllReport Id: c66a95a8-205b-11e4-9bae-50465d082d91Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Application Error" /> <EventID Qualifiers="0">1000</EventID> <Level>2</Level> <Task>100</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2014-08-10T06:58:48.000000000Z" /> <EventRecordID>25325</EventRecordID> <Channel>Application</Channel> <Computer>Wolf-PC</Computer> <Security /> </System> <EventData> <Data>mbam.exe</Data> <Data>1.0.0.532</Data> <Data>53518532</Data> <Data>QtCore4.dll</Data> <Data>4.8.4.0</Data> <Data>51352df8</Data> <Data>c0000005</Data> <Data>001256a3</Data> <Data>4fc</Data> <Data>01cfb46882331499</Data> <Data>C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe</Data> <Data>C:\Program Files (x86)\Malwarebytes Anti-Malware\QtCore4.dll</Data> <Data>c66a95a8-205b-11e4-9bae-50465d082d91</Data> </EventData></Event> So, there is probably a bug in Malwarebytes new version. It is too easy to say, the system is infected and the software does not run correctly!!! Where did you locate the infection in my logs posted? Link to post Share on other sites More sharing options...
wolf_b Posted August 10, 2014 Author ID:864757 Share Posted August 10, 2014 This is the last scan result: ((It did not post the screenshot.)) Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 10.08.2014Scan Time: 08:58:45Logfile:Administrator: YesVersion: 2.00.2.1012Malware Database: v2014.08.07.01Rootkit Database: v2014.08.04.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: WolfScan Type: Threat ScanResult: CompletedObjects Scanned: 1Time Elapsed: 0 min, 24 secMemory: DisabledStartup: DisabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end) I see in this log, the object scanned is only one! But it does not tell, which object has been scanned. Link to post Share on other sites More sharing options...
daledoc1 Posted August 10, 2014 ID:864763 Share Posted August 10, 2014 Thanks for the update. However, as @Firefox mentioned earlier, your logs show evidence of residual infection/damage.We are not permitted to work on possibly infected computers in this particular section of the forum.So, for help with this, we suggest that you please refer to the earlier recommendations: Hi: There may well be other infections or remnants from infections or damage from infections on the system.Some malware specifically targets MBAM and other security applications, preventing them from running properly.This article explains a bit more: The complexity of finding, preventing, and cleanup from malware If you would like help getting a deeper look at the system and cleaning it up, please follow the advice in this pinned topic: Available Assistance for Possibly Infected ComputersYour helper there can also assist you with getting MBAM up and running. Thanks, After you get the "all clear" from the malware helper, if there are still issues with MBAM, he/she will send you back here, if needed. Thank you very much for your understanding, Link to post Share on other sites More sharing options...
wolf_b Posted August 10, 2014 Author ID:864768 Share Posted August 10, 2014 Now I repeated the monitoring with process monitor and let it more time watching. So it showed that Malwarebytes opened the file, sorry for my last posting! That was in error. The only complaint I have is that malwarebytes does not list the files scanned and that it makes no difference in the final message: Malwarebytes has finished scanning your computer. If only one file was scanned this message is misleading. Link to post Share on other sites More sharing options...
wolf_b Posted August 10, 2014 Author ID:864781 Share Posted August 10, 2014 Tested Malwarebytes with an infected file: WPA_Kill.exe Trojan.Siggen3.47407 It does not detect this Trojan. Link to post Share on other sites More sharing options...
daledoc1 Posted August 10, 2014 ID:864783 Share Posted August 10, 2014 Hi: If you have a file for possible inclusion in the malware database, please read the instructions here:Purpose of this forumMalware hunters please read Then, please submit the requested information (VT report, archived file) here: Newest Malware Threats The Research Team will analyze the file to determine whether or not it needs to be added to the database. Thank you, Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 12, 2014 Root Admin ID:865466 Share Posted August 12, 2014 As the original topic of Context Scanning has been answered I'll go ahead and close this topic now. If you have suggestions for program changes or additions please post in the appropriate suggestions forum. Thank you Link to post Share on other sites More sharing options...
Recommended Posts