Jump to content

[SOLVED] Browser conflict with Brazilian Banks GBPlugin by GAS Tecnologia


Tangerine
 Share

Recommended Posts

Latest version of Malwarebytes anti-exploit seems to be running smoothly on xp ( Latest version of Mozilla and chrome ). However it does not allow me to view a pdf or word doc online as exploit attempts. Have to download them on my computer to be able to do so. Also it flags IE8 as an exploit attempt. Unfortunately I have to use IE8 on certain occasions the only way to access that particular site which is very safe indeed.

A workaround solution is to start/stop the programme which is not such a big problem,really. Is it supposed to work like this ? Will it affect my windows updates ( Malicious software tool and windows office 2007 ? Yes I am still getting those from MS ). Any ideas on this issue ?

 

Thank you in advance

Link to post
Share on other sites

Thank you for your attention ! The strange thing was that I downloaded FRST from link given ( Bleeping Computer) but after clicking the set up file it would not open. Then I downloaded from another site and bingo it worked. Weird. This actually happened before. I guess bleeping computer site have something against me. LOL.

Please find below the files that you requested.

 

FRST.txt

Addition.txt

Link to post
Share on other sites

  • Staff

Thanks for the logs Tangerine.

 

I see that you have some protection software for IE8 from ITAU bank. Could you please deactivate or uninstall it to see if that solves the problem? It could very well be that this component is preventing MBAE's injection into the IE browser.

Link to post
Share on other sites

This Itau bank thingy is impossible to uninstall. Only Itau bank are able to do so. I had an issue with that and Avast a couple of years ago and had to put it in Avast's exclusion list. About a year ago had to uninstall/install avast and since then no issues between the two of them. Furthermore I would like to inform you that I 've never had any issues whatsoever between the previous versions of MBAE and the Itau bank software.

 

Thank you

 

PS : Just tried to deactivate it but to no avail.

Link to post
Share on other sites

  • Staff

That confirms that the problem is most likely due to the Itau component. It is normal that the problem became apparent with MBAE 1.05 as it introduces some new exploit detection techniques which are the ones that probably conflict with the Itau component.

 

Try the following guidance to temporarily disable the Itau component:

http://www.sevenforums.com/tutorials/1018-internet-explorer-enable-disable-toolbars-extensions-add-ons.html

Link to post
Share on other sites

That is exactly what I did. The option to remove or deactivate it is not applicable. I would also like to draw your attention that another gentleman from Wilder's security forum has been having the same problem.

Link 

 

http://www.wilderssecurity.com/threads/malwarebytes-anti-exploit.354641/page-59

 

( Post # 1456 )

 

Cheers and thank you so much !

Link to post
Share on other sites

Please have a look at  Wilders post # 1457 and #1458. You are absolutely right to assume that the problem might not be the same.

On the other hand it could be a bug that needs fixing.

I don't really want to play around with that plugin in particular since it is against the law here also I can't afford something to go wrong due to my below average computer skills and not be able to access the bank. It will be quite devastating. Perhaps a MBAE programme update or GBplugin update might fix this issue. I'd rather wait. What do you reckon ?

 

I am most grateful to you

 

Thank you very much indeed !

Link to post
Share on other sites

  • Staff

It is actually your computer, so you can disable/enable and play around with it as much as you want.

 

With IE closed you can rename the gbiehuni.dll file and check if that is the problem with MBAE. You can then simply close IE and rename it back to its original name and your system will remain as it was.

 

There really isn't another thing to try without first verifying if this is the root of the problem. Alternatively you can ZIP this DLL and send it to me to take a closer look, but that is still secondary to the test I mentioned above.

Link to post
Share on other sites

  • Staff

Thanks for the file Tangerine.

 

It definitely looks like the Itau "browser defense" plugin is at fault here. I would imagine that in addition to MBAE it will also cause conflicts with other products like the avast example you mentioned above.

 

The best thing is to contact Itau so that they white-list MBAE. There is not much we can do on our end as the Itau component is generically preventing anything from hooking into IE.

 

Btw Microsoft has changed the guidelines for browser plugins and the way this plugin integrates into IE8 (taking away the option to disable it) will not be tolerated by Microsoft anymore. So my guess is that Itau will have to create a new version of this plugin anyway (if they haven't already). Again, best thing is to contact them for an updated & fixed version.

Link to post
Share on other sites

Thank you for your quick reply ! I also tried to download the files that I uploaded to the forum the two txt (notepad)ones and the zipped one and MBAE crashed firefox on the three occasions as an exploit attempt ( code ) has been blocked in Mozilla Firefox and add-ons. Later on when I restarted Mozilla as soon as my home page was downloaded MBAM would terminate it and I would get a plugin container.exe error. As soon as I uninstalled MBAE everything went back to normal. Should you require any further information I 'll be more than glad to furnish it.

 

Thanks

Link to post
Share on other sites

  • Staff

Added this to the Known Issues and Conflicts list.

 

GBPlugin from GAS Tecnologia may conflict with MBAE-protected browsers. GAS Tecnologia was acquired by Diebolt in 2012 and GBPlugin might no longer be supported. Users should contact Diebolt or their partner distributors to upgrade to the latest version of their security product or uninstall it altogether.

 

Thanks for your help in troubleshooting this issue.

Link to post
Share on other sites

Thank you ! The best way to uninstall is to call your bank. They provide you with a URL and a password that changes on a daily basis and the plugin can be uninstalled from there safely without any problems whatsoever. Of course if you search on the net there are various methods from very complicated to simpler ones that guarantee the removal of the said plugin. I am not sure about their efficacy. Whatever the case may be next time you access the bank you will have to install it again whether you like it or not.  I also found out that they have different versions of that plugin and in some cases it causes different problems. I reverted back to the latest 1.4 version and who knows maybe a MBAE update in conjunction with a gbplugin update might fix the issue.

 

I'll keep you posted.

 

Cheers and a happy New Year.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.