Jump to content

Malwarebytes crashes

mytyfyn

By mytyfyn
in Resolved Malware Removal Logs

 Share

Recommended Posts

kevinf80

kevinf80

Posted
Posted

Hiya Bill,

 

Apologies about the link for ZA, have copy again here: http://www.bleepingcomputer.com/download/zonealarm-uninstall-tool/ you mention Windows FW and ZA FW being turned off, it is bad management having two active firewalls, that will cause big issues....

 

Regarding Avast, it does show as disabled but upto date in Security Center section of FRST log...

 

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: ZoneAlarm Firewall (Enabled) {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

 

Avast do have an uninstall tool here: https://www.avast.com/uninstall-utility  run that tool to remove all remnants....

 

So use the ZoneAlarm tool to remove its Firewall. Use Avast removal tool to remove all remnants of Avast.... Make sure Windows Firewall is on....

 

Next,

 

See if Malwarebytes will run in Normal mode.... if it crashes again try to run through Chameleon as follows:

 

 

Select > Start > All Programs > Malwarebytes` Anti-Malware > Tools folder > Malwarebytes Anti-Malware Chameleon:


 

Cha.png


 

A new window will open with Chameleon Tabs CHb.png to CHc.png


 

Select tabs in turn until you get a successful run by double click on the tab,

Vista and Windows 7/8 user will have to accept UAC prompt. If successful you will see the following:
 

MBa.png


 

As instructed press any key to continue, you will now see the following as Malwarebytes attempts to run:


 

MBa1.png


 

Do nothing, let MB continue, it will try to update:


 

MBa2.png


 

You may see the following:


 

MBa6-1.png


 

Then.....


 

MBa7.png


 

MB will prompt if successful, do nothing; let it continue.


 

MBa3.png


 

MB will try to kill known malicious processes, do nothing; let it continue.


 

MBa4.png


 

MB will try to start a quick scan, if successful the following will open; do nothing the scan will run automatically.


 

MBc.png


 

When complete MB will produce a log, save that and copy to next reply.

 

MB will continue and remove the protective driver, you will then be given the option to "Press any key to continue" do that.
 

MBa5.png
 

Let me see the log from Malwarebytes in your reply,

Link to post
Share on other sites
  • Replies 93
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

mytyfyn

mytyfyn

Posted
  • Author
Posted

Hi Kevin,

I turnod off Zonealarm and turned on Windows Firewall; turn on Windows Defender. Then I ran Malwarebytes in normal mode and the popup came up but behind it it states that Malwarebytes ended successfully - please see att. Also, I wanted to ask you why you didn't want me to allow RougeKiller to fix anything? Thanks,

~Bill

MWB_close.rtf

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hiya Bill,

 

RogueKiller log had no malicious entries, that is why I give no more instructions.....

 

The image you post is showing Malwarebytes to complete also showing stopped working, lets go for a clean install, then run again...

 

 

Please download MBAM-clean and save it to your desktop.

  •    Right-click on mbam-clean.exe icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  •    It will ask you to reboot the machine - please do so.
  •    Run the cleaner tool again, re-boot when complete. <<<---do not miss this step



Download & install the newset MBAM version.

Please download 51a46ae42d560-malwarebytes_anti_malware.Malwarebytes Anti-Malware

  •    Install the progam and select update.
  •    Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  •    In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
  •    Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  •    If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  •    Upon completion of the scan (or after the reboot), click the History tab.
  •    Click Application Logs and double-click the Scan Log.
  •    At the bottom click Export and choose Text file.



Save the file to your desktop and include its content in your next reply.

 

Thanks,

 

Kevin

 

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Yes, update Malwarebytes, then disconnect from Internet and run a scan..... Let me know the outcome. Regardless of what happens alos run FRST again...

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt and Shortcut.txt under "Optional scan" Select scan, when done post the new logs....

 

Post those logs when you are ready...

 

Thank you,

 

Kevin
 

Link to post
Share on other sites
mytyfyn

mytyfyn

Posted
  • Author
Posted

Hi Kevin,

 

I really appreciate all your efforts I just want to say. Unfortunately, I still didn't work, I did the unistall just as you asked. I then ran Malwarebytes in  Chameleon mode, and that failed as before. Then I ran it exactly as as you stated and it failed again same as all the other times. Can you give me an idea of what you think might be going on? I need to use this computer for sensitive data and I have been holding off, so if you have any ideas, can you share? Should I be very concerned? Thanks again,

 

~Bill

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hiya Bill,

 

I understand your frustration with the problem in hand, especially if your system is used for sensitive activities. I`m not convinced you actually have a malware/infection issue, I could be wrong but I see nothing in recent logs to change my mind...

 

Malwarebytes runs fine in safe mode, normal mode is where the problem is. I believe the issue is down to software or security software clashes.... If the step I want to try does not work then maybe i`m totally wrong....

 

I want you to open and update Malwarebytes, then close it out. Now I want you to set your system to run a "Clean Boot" basically that is all none system services disabled. Run Malwarebytes with the system in that mode and see what happens....Post its log if successful...

 

Clean boot instructions are here: https://support.microsoft.com/en-gb/kb/929135 let me know if Malwarebytes is successful in that mode....

 

Thank you,

 

Kevin...

Link to post
Share on other sites
mytyfyn

mytyfyn

Posted
  • Author
Posted

Hi there,

 

 

Before I do That, I'm a little concerned because of what I read here:

 

"Note This step lets Microsoft services continue to run. These services include Networking, Plug and Play, Event Logging, Error Reporting, and other services. If you disable these services, you may permanently delete all restore points. Do not do this if you want to use the System Restore utility together with existing restore points."

Link to post
Share on other sites
mytyfyn

mytyfyn

Posted
  • Author
Posted

Kevin hi,

 

I ran Malwarebytes in safe mode again and this is the results - att.

 

Can you tell me - what was the significance of all the PUP and POM entries?

 

Also, if Malwarebytes ran okay in safe mode, why is it so important that it runs in normal mode?

 

Lastly, Do you recommend that I re-install Avast ... or some other AV software? MWB? Do you think Windows firewall is sufficient or would you recommend Zonealarm ... some other firewall? Thanks very much

 

~Bill

MWB_safemode.rtf

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hiya Bill,

 

 

"Note This step lets Microsoft services continue to run. These services include Networking, Plug and Play, Event Logging, Error Reporting, and other services. If you disable these services, you may permanently delete all restore points. Do not do this if you want to use the System Restore utility together with existing restore points."

 

I`ve not recommended that you stop any Microsoft System Services, only 3rd party services. The idea of a clean boot is to see if a NONE System Service is conflicting with Malwarebytes, also if so we then search for and identify the culprit....

 

Next,

 

PUP reference is Potentially Unwanted Programs -  These are programs Malwarebytes researchers have found are sometimes added to a system without the user's knowledge or approval. In Malwarebytes Anti-Malware versions 2.0 and higher, PUPs are set to be quarantined by default.

 

PUM reference is Potentially Unwanted Modifications -  These detections are not false positives or actual infections but rather settings which you may have made and in some cases, malware also makes. So we scan those sections of the registry for changes which differ from default settings.

If you made the modification, you can add them to ignore after your next scan or allow them to be set to Microsoft default settings by our software.

 

The two above references are direct from Malwarebytes Support, very good advice.....

 

Next,

 

 

Do you think Windows firewall is sufficient or would you recommend Zonealarm ... some other firewall?

 

Regarding Firewalls, Windows 7 own Firewall is adequate for home users, I see no reason to use a 3rd party firewall unless it is part of a full security suite such as Kaspersky.... (that is what I use)

 

Have a read here: http://windows.microsoft.com/en-gb/windows/understanding-firewall-settings#1TC=windows-7 for W7 Firewall information....

 

Next,

 

 

if Malwarebytes ran okay in safe mode, why is it so important that it runs in normal mode?

 

If Malwarebytes crashes with the system in Normal mode, yet it runs fine in Safe mode there is obviously a reason why that happens. The biggest culprit is usually malware or infection, but can also be other security or 3rd party service. Running the system in a "clean boot" is the ideal way to look for reasons.

The latest logs produced did not indicate any obvious malware or infection, so we have to check for another reason. Hence the clean boot request...

 

Next,

 

Regarding an Anti-Virus program ( Be aware Malwarebytes does not have any AV components) Free versions of Anti-Virus programs can come bundled with unwanted extras such as Toolbars, that is used as a means of recouping costs.... Have a read at the following link: http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629 specifically tha AV section...

 

Thank you,

 

Kevin

Link to post
Share on other sites
mytyfyn

mytyfyn

Posted
  • Author
Posted

Hello Kevin,

 

I appreciate all of that answer. Regarding clean boot - step 4.confuses me still because it appears to contradict itself. The way I read it now, after your explanation I read it this way ... on the services tab, DO hide all MS services / do NOT click (3) 'disable all'. Is this correct?

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

As clean boot has not made any difference and Malwarebytes still fails obviously 3rd party services were not at fault. Go back to the link and follow the instructions to reset the system for Normal mode....

 

I`d like you to run a scan from outside of windows, maybe we are not finding a hidden exploit...

 

Do you have access to another PC to create the Widows Defender Offline Tool, I give the instructions to load to a USB flash drive.  It can also be run from a CD, just change to that option in the instructions…

It can be created from the PC with issues, but a different clean PC is preferred!

Download the tool from here :- http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline and save to the Desktop.

You will have to select the correct version for your system, either 32 or 64 bit

Run the tool, Windows 7/8 or Vista user right click and select "Run as Administrator"

Read the instructions in the new window and select "Next"

WD2.png

In the new window accept the agreement:

WD2a.png

In the new window select your USB Flash Drive, then select "Next"

WD3.png

In the new window ensure you Flash drive is selected, if not click on "Refresh" then select "Next"

WD3a.png

In the new window accept the formatting alert by selecting "Next"

WD3b.png

Files will be Downloaded:

WD4.png

Files will be processed and created

WD5.png

Flash drive will be formatted and prepared

WD6.png

Files will be added to the Flash Drive and the tool will be created.

WD7.png

The procedure is finished and the Tool created, click on "Finish" to complete.

WD8.png

Plug the USB into the sick PC and boot up, if it does not boot from the flash drive change the boot options as required,  Use F12 as it boots, change options...
As it boots you`ll see files being loaded and the windows splash screen, eventually the tool will run a "Quick Scan" follow the prompts and deal with what it finds.
When complete do a full scan, deal with what it finds.
When finished, remove the USB stick then press the Esc key to boot into regular windows.
Navigate to the following file:

"C:\Windows\Windows Defender Offline\Support\MPLog-MM/DD/YYYY-HH/MM/SS .txt"

Open with notepad and copy and paste it into a reply.
 

Link to post
Share on other sites
mytyfyn

mytyfyn

Posted
  • Author
Posted

Will do, but I might need to wait till tomorrow for me to get the needed resources. Thanks!

 

~Bill

 

PS: Is it meaningful that both my desktop shortcuts for Malwarebytes and FRST lost their icons and returned to generic icons? I put the proper icons back and I can open the programs though.

Link to post
Share on other sites
mytyfyn

mytyfyn

Posted
  • Author
Posted

Hello Kevin,

 

Thank you for your help and patience. I created the Defender boot USP drive yesterday at work from my work PC and ran it in boot mode last evening on my laptop. It ran through the quick scan in about 25 minutes, and said - my words - 'all is fine'; more correctly 'your computer is running normally'. Then I did a full scan, which took about 6 hours, and with exactly the same result. No issues popped up and nothing was asked of me to do. Of course, I didn't sit in front of the computer for 6+ hours, so if something did pop up and then disappear, I would not have seen it - I only saw the result. I just happened to wake up at 3AM (EST) and checked it.

 

I checked to see if there was a log file, but there wasn't even a Windows Defender Offline folder. So there does not seem to be anything for me to post.

 

One thing that concerns me is that the Dell system check software that came with the laptop, and that used to come up with each boot up went away a few days ago and no longer comes up.

 

I just don't know what to make of this. What I was going to do was to put a fresh copy of Malwarebytes onto my USB drive and try to run it from there in Normal mode, but at 3AM I was not about to do that and I didn't have time before work today - perhaps tonight I will. One thing I will say is that the laptop is running faster now, but that might just be because Avast, Spybot and Zonealarm have been removed. Thanks,

 

~Bill

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Windows Defender version for Windows 7 is not an ant-virus program, it is purely anti-malware. Windows Defender Offline does have AV components. Windows Defender for Windows 8, 8.1 and 10 does have AV components...

 

The Window security for Windows 7 is Microsoft security Essentials. Lets install MSE, that installation will turn off Windows Defender as all WD components are combined with MSE. Does that make sense...

 

So go here: http://windows.microsoft.com/en-gb/windows/security-essentials-all-versions scroll to the correct version for W7...

 

Next,

 

Lets run FRST again, post the two fresh logs and i`ll remove any remnants of previous security programs....

 

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....
 

Thanks,

 

Kevin....

Link to post
Share on other sites
mytyfyn

mytyfyn

Posted
  • Author
Posted

Thanks Kevin,

 

By the way, I sent you a donation via paypal because I really appreciate your help.

 

Because I can't do any of this until this evening, a couple quick questions ...

1. Is MSE better than Avast

2. I thought that MSE was not free, is it?

3. In the above, do you want me to run FRST 2X?

4. Do you have any idea why the Dell software stopped working? I really liked it because it checked all the hardware and software together.

 

Regards,

 

~Bill

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.