Jump to content

Recommended Posts

Win XP SP3

IE 8.0.6001.18702

 

I rarely use IE (pretty much just for MS update).

 

I have 2 similar machines. This started on 1 a couple months ago, & on the other tonight. The attached file is from my main pc, which has had the issue for a couple months. I get a "blocked an exploit attempt" message upon opening, but no specifics as to what exploit is occurring.

 

I have 2 rootkit scanners (MB A-M PRO & Greatis Reg Run) on both machines & neither have found anything. Neither have several other malware & AV products.

 

Malwarebytes Anti-Exploit.zip

 

TIA

Link to post
Share on other sites

  • Staff

Yes EMET is known to cause quite a few conflicts, especially when adding non-default programs such as Chrome, Flash, etc.

 

The one good thing about EMET is that it's completely free.

 

MBAE has a Free version which protects against drive-by download exploits in web browsers, browser addons (Flash, Silverlight, etc.) and Java. But MBAE Premium is a paid version which protects other applications such as MS Office, PDF Readers, Media Players and the ability to add custom shields.

 

If you ask me I rather pay for MBAE and forget about the EMET conflicts. Plus I know I would be better protected with MBAE than with EMET.

Link to post
Share on other sites

  • 4 weeks later...

-- I'm running Windows 7 Professional 64-bit.
-- I have the premium versions of Malwarebytes Anti-Malware and Zemana AntiLogger installed.
-- AVG 2015 Free is my antivirus.
-- Free versions of SUPERAntiSpyware, Spybot Search & Destroy, and Malwarebytes Anti-Exploit, too, are installed.
-- All security software is kept up-to-date, and scans are run regularly. Scans do not seem to show infections.
-- Java is kept updated.
-- Firefox (latest version) is set as my default browser, and Chrome, Opera, and Internet Explorer 11 are kept in reserve.
-- My AOL Desktop software won't use my Firefox, and the browser it presents within the software window supposedly is Internet Explorer with an AOL skin, but their techs say their software can use Chrome, too. The skinned browser presented seems to be working, so maybe the one being accessed is Chrome, since there's a problem with IE.  

Each time I try to open Internet Explorer 11 directly, I get an alert that Malwarebytes Anti-Exploit has blocked an exploit attempt. The IE window stops responding or appears as blank, and then disappears completely. From time to time a window pops up asking to allow an IE add-on... but I've been denying it because of the concern over the exploit. I cannot update IE manually because it will not function. Not sure what to do.


 

-- Would accepting the IE add-on make my computer vulnerable to the exploit, even with MBAE installed?

-- Would somehow otherwise whitelisting Internet Explorer leave a door open for the exploit, despite MBAE?
-- Is there a way to shield IE so it can be used safely?

-- Does this exploit have a name?
-- Would uninstalling MBAE and doing a new install solve the problem?
-- Would uninstalling and doing a new install of IE solve the problem?

I also get frequent MBAM Premium alerts about inbound attempts by a malicious site using svchost.exe in its attempts. I contacted Malwarebytes Anti-Malware Support about the matter, but they did not seem worried about inbound attempts, only outbound. Could the exploit attempts blocked by MBAE be related somehow to the inbound attempts Malwarebytes Anti-Malware Premium is blocking?

Trying to figure this thing out... but I seem to have more questions than answers. Hope someone may provide some insight as to how this can be fixed. I am supplying zip file with MBAE log data. Also supplying system and software information and FRST scan results. Thanks for whatever help one can offer.

 

 

Program Data MBAE log copy.zip

Belarc report 03-0802015.rtf

FRST scan results.zip

Link to post
Share on other sites

  • Staff

Welcome to the forum and thanks for posting.

 

You have the busiest FRST log I've ever seen. I recommend doing a bit of cleanup (running a couple of second opinion on-demand malware scanners + uninstalling a bunch of software that you may not need or use).

 

Also your MBAE logs ZIP only has 1 file, applications.dat. Please re-create the ZIP but include the entire contents of C:\ProgramData\Malwarebytes Anti-Exploit.

 

Also I see you have EMET 4.1 installed, although I don't see it running. Try uninstalling EMET and rebooting to see if that makes a difference.

Link to post
Share on other sites

Dear Pedro:

Thanks for offering your help!

-- Attached is the corrected zip with all the log files in the Program Data MBAE folder. I was zipping with 7Zip for the first time before, and thought I had included all the files. Sorry 'bout that.

-- I uninstalled EMET, and tried opening Internet Explorer. This time I did not get an MBAE exploit alert! So, would that mean that the problem was simply a conflict between EMET and MBAE? That there is no exploit?

-- You suggested I run some online virus/malware scans. Have you particular sites you'd recommend? I wasn't too happy with the EULA for the Kaspersky Security Scan. Shall I try BitDefender?

RE: The busy FRST file. I like to collect software, compare, and see what works best for me. I keep a log of all software installed and reference text for each program. I have favorites among the software, of course, but I use programs as I need them. I do try to check programs for updates before using, particularly if it has been awhile since install or since last use.

mbae.zip

Link to post
Share on other sites

  • Staff

Thank you for the logs, this time they are correct! :)

 

If you uninstalled EMET and it is working correctly now, that means that yes, the root of your problem was the known conflict with EMET.

 

As for second opinion scanners, try Panda. Disclaimer: I used to work for Panda a lifetime ago :) But their "Cloud Cleaner" is pretty good.

 

PS: marking this thread as solved and merging with the existing EMET conflict thread.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.