Jump to content

New Version Fails

PollyKate
 Share

Recommended Posts

Firefox

Firefox

Posted
Posted

Hello and :welcome:

Let's try this first....

Thank You,

Firefox

Link to post
Share on other sites
  • Staff
NCStafford

NCStafford

Posted
  • Staff
Posted

Hello PollyKate,

 

I am sorry that you are having difficulties with Malwarebytes Anti-Malware. There are a couple of actions that I would like you to take for me, so that I can better understand the issue that you are having.

 

1) First, if you could post the scan log where your error occurred along with the protection log of the day when this issue occurred.

 

2) Second, if you could run mbam-check and post that log:

 

Create and mbam-check log:
 

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please copy and paste the entire contents of the log into your next post, or, if you prefer, you may attach theCheckResults.txt file which should now be located on your desktop to your next post instead

3) Third, it would be great if you could run another threat scan and get a process monitor log during that scan:

 

Create a Process Monitor Log:
 

  • Create a new folder on your desktop called Logs
  • Please download Process Monitor from here and save it to your desktop
  • Double-click on Procmon.exe to run it
  • In Process Monitor, click on File at the top and select Backing Files...
  • Click the circle to the left of Use file named: and click the ... button
  • Browse to the Logs folder you just created and type MBAM Log in the File name: box and click Save
  • Exit Process Monitor and open it again so that it starts creating the logs
  • INSERT INSTRUCTIONS FOR USER TO REPLICATE ISSUE HERE, I.E., SCAN WITH MBAM ETC.
  • Close Process Monitor
  • Right-click on the Logs folder on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
  • Please attach the Logs.zip file you just created to your next reply.

 

All of these will greatly help us in determining the issue you are experiencing.

 

Thank You,

 

Noah

Link to post
Share on other sites
PollyKate

PollyKate

Posted
  • Author
Posted

Hello Noah,

 

The first things are easy and are attached - the Protection log, Scan log and CheckResults.txt.

 

The process log thing has me confused. I'm running a scan now and it just keeps making logs, I think I've got 11 of them and it's maybe halfway through. Do you want me to zip up ALL of those logs and post them?

 

Thank you!

PollyKate

CheckResults.txt

ProtectionLog.txt

ScanLog.txt

Link to post
Share on other sites
PollyKate

PollyKate

Posted
  • Author
Posted

Hi Noah,

 

I zipped the logs but the zip file is too big to upload. :unsure: It's 402MB, I must have done something wrong.

 

What can I do now? Could you confirm the instructions? I thought it was:

Start Procmon.exe

Start scan

Zip logs

If that's it, I'll delete all the logs and try again...?

 

thank you,

PollyKate

Link to post
Share on other sites
  • Staff
NCStafford

NCStafford

Posted
  • Staff
Posted

Hello PollyKate,

 

Thanks for all your help, we here really do appreciate your efforts :). If you still have all those zip files, we can try another method for sending them. Please zip the file and then upload it as mentioned below... (if the zip file is still that large after zipping that is)

Upload File(s) to WeTransfer:

  • Visit WeTransfer.com
  • Click on I Agree
    4ENbg3P.png
  • Click on the icon on the lower left indicated in the below image
    qKOjzXD.png
  • Select the Link option
    Cyzhcx1.png
  • Click on +Add Files
    CvZMyrC.png
  • Browse to the location of the file and double-click on it or click once on it and select Open
    S5Ty834.png
  • Click on Transfer
    8eYfZGi.png
  • Once the transfer completes, click on Copy link
    fkb0tkR.png
  • Once you receive the Copied! message as indicated below, paste the link into your next reply
    ndpEstA.png
Link to post
Share on other sites
  • Staff
NCStafford

NCStafford

Posted
  • Staff
Posted

Hello PollyKate,

 

I am glad that we can help learn about new tools. Learning something new each day is something I try to do ;). Thank you very much for the proc mon logs. I will be handing these over to the development team for analysis.

 

In the meantime, I have been informed by support that you may have an infection:

 

The FRST shows this:
HKU\S-1-5-21-2602612520-1628966450-300582549-1001\...\Run: [bRS] => C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe -runBRS
HKU\S-1-5-21-2602612520-1628966450-300582549-1001\...\RunOnce: [WSE_Astromenda] => wscript /E:vbscript /B "C:\Users\penny\AppData\Roaming\WSE_Astromenda\UpdateProc\bkup.dat"

Which sure looks like an infection --- astromenda.

 

The error MIGHT be the result of that malware infection, software conflicts or other problems.

Moreover, the absence of symptoms does NOT mean that a computer is clean -- some malware hides very well.

And malware is one possible reason for MBAM scans to have errors.

Further investigation and repair will require tools whose use is not permitted in this particular section of the forum.

 

So, that is why @AdvancedSetup suggested posting a new topic in the malware removal section after reading the advice here: Available Assistance for Possibly Infected Computers

 

I would suggest that you go ahead and click on that link. The experts there will assist you with looking into your issue and with getting MBAM up and running properly. Please let me know afterwards if those steps help you with your issue.

 

Thanks again for all your assistance,

 

Noah

Link to post
Share on other sites
PollyKate

PollyKate

Posted
  • Author
Posted

 

In the meantime, I have been informed by support that you may have an infection:

 

The FRST shows this:

HKU\S-1-5-21-2602612520-1628966450-300582549-1001\...\Run: [bRS] => C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe -runBRS

HKU\S-1-5-21-2602612520-1628966450-300582549-1001\...\RunOnce: [WSE_Astromenda] => wscript /E:vbscript /B "C:\Users\penny\AppData\Roaming\WSE_Astromenda\UpdateProc\bkup.dat"

Which sure looks like an infection --- astromenda.

 

 

Hello Noah,

 

I have searched the FRST.txt and those lines you have above are not in it. That doesn't make any sense to me, can you please explain?

 

Thank you,

PollyKate

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Hi PollyKate

 

Not sure what's up but I've replied to your topic in the malware removal forum.

https://forums.malwarebytes.org/index.php?/topic/158798-new-version-of-malwarebytes-anti-malware-fails-because-of-infection/

 

I'll go ahead and close this topic here and assist you in your other one.

 

Thank you

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.