Jump to content

Recommended Posts

Now I need help!!

Your bad beta disabled PDExploNXP.exe from my PowerDesk 9.0 Professional that is most certainly not ransomware!!!

If there would be one in the folder I tried to open, a PDF-file, it should in that case have disabled only that file and not the filemanager - but that file will be also safe.

I wanted to restore the quarantined file, but got the message that a file marked for deletion cannot be restored.

I then entered it as exclusion and restarted. PDExploNXP.exe did not work. Neither did you anti-ransomware!..The latter told me:

" Problem Event Name:    APPCRASH
  Application Name:    mbarw.exe
  Application Version:
  Application Timestamp:    56bbbad8
  Fault Module Name:    MSVCR120.dll
  Fault Module Version:    12.0.21005.1
  Fault Module Timestamp:    524f7ce6
  Exception Code:    40000015
  Exception Offset:    000a7676
  OS Version:    6.1.7601.
  Locale ID:    1033
  Additional Information 1:    8690
  Additional Information 2:    8690a2e0519270605497ca6ca59a233e
  Additional Information 3:    4046
  Additional Information 4:    404608b3896d7071cacbb501e2377863"

Now I urgently need to know how to make it work again!!! Quickly, please!

Quickly please!!!




Link to post
Share on other sites

Silent i shame?

Such a thing should not happen!

But I could copy PDExploNXP.exe from my laptop to the desktop after renaming the blocked one to PDExploNXP.0xe.

Then it worked. But Anti-Ransomware still does not work. I will have to reinstall it.

It will have occurred when I tried to open a PDF with PowerDesk that for some reason did not want to run. That PDF should then have been blocked and not the PDExploNXP.exe!!

If there is something wrong with it ... But I checked it with Emsisoft, MalwareByte and SuperAntispyware. Nothing suspicious found.

Yet PLEASE let me know what I should do if this happens again and I have nowhere from where to take a file to replace with.

By the way: The PDF is in a Slavic language and contents in strange letters could have caused a false alarm.


Link to post
Share on other sites

Hello allesok:

If MBARW Beta has been installed on any production system, you are strongly urged to uninstall it and not re-installed.

If a conventional Windows restart to the Normal boot mode has/does not resolve(d) the reported issue, please consider a clean re-install of MBARW Beta:

1. Close all open Windows applications followed by a conventional Windows based uninstall of Malwarebytes Anti-Ransomware.
2. If MBARW Beta was uninstalled successfully, the following directories will have been deleted from a typical Windows 64-bit system:

C:\Program Files\Malwarebytes\
C:\ProgramData\Malwarebytes Anti-Ransomware\

3. If any of the above directories remain, please delete them manually. If necessary, any remaining/uninstalled directory may be deleted in the Windows Safe mode.
4. Execute a conventional Windows restart to the Normal Windows boot mode and log-in through an Administrator's account. <===IMPORTANT!
5. Using an Administrator's account only, download a fresh MBARW_Setup.exe file and save to the Administrator's Desktop from the MBARW Introduction topic.
6. Right-click the MBARW_Setup.exe file and left-click RunAsAdmin.jpgRun as administrator from the context menu.
7. Upon a successful installation, please restart the computer in a conventional manner to the Windows Normal boot mode.

Please reply to your topic with the status of your reported issue.

Thank you for beta testing MBARW and your valued feedback.

Link to post
Share on other sites

Hello allesok:


I suppose that it should make no difference that I installed it in C:\_ANTIMALWARE\Anti-Ransomare...

If anything is "hardwired" in MBARW's source code by the developer team that relies on:

then results could of course be unpredictable at best.

C:\Program Files\Malwarebytes\Anti-Ransomware\ or %SystemDrive%\Program Files\Malwarebytes\Anti-Ransomware\

What could I have done

With great respect, a well maintained system has pre-install System Restore Points, backups, and images hopefully. Even so with a beta testing system.

Hopefully all is going well with your beta testing system now.

Link to post
Share on other sites

Yet the setup file offers to choose where to install...

I like to have a certain order, such as all antimalware in one folder, all office-related applications in another, etc.

It appears that Anti-Ransomeware somehow marks the file to be "quarantined", so that it no more works.

My question actually was about how such a mark can be reversed, even in a case like mine, where it accidentally (don't know how) was also marked for deletion (but was not deleted...).

Restoring a somewhat older restore point may also change some other things back to earlier states which would not happen if the "mark" can be reversed. Unless a restore point is made with each startup.

Anyway it here appears that Anti-Ransomware "marked" the wrong file, the main file of the file manager, rather than the file that it was trying to open.

As I reported earlier it once even wanted to quarantine explorer.exe, probably in a similar manner. How could I have restarted at all if that had happened? But luckily it was not quarantined.


Link to post
Share on other sites

OK, glad if I can help.

But a strange observation: I get notes to my e-mail address about a new post here, and when I open the link I get:

We could not locate the item you are trying to view.

Error code: 2S136/C


How about being noticed by the Anti-Ransomware when there is an update or upgrade? I did not see that option...

Link to post
Share on other sites
52 minutes ago, allesok said:

How about being noticed by the Anti-Ransomware when there is an update or upgrade? I did not see that option...

If any available MBARW Beta upgrades/updates do not or can not be automatically downloaded/applied, you may concurrently receive an email notification at your registered forum email address if you tick the "Follow this" button for the: https://forums.malwarebytes.org/topic/177751-introducing-malwarebytes-anti-ransomware/ topic.

The Malwarebytes originated email notification you receive, with a link to an error code: 2S136/C, has now been reported to staffers.

Thank you again.

Link to post
Share on other sites

This is why in Big red letters it suggests that you "do not" test this on your main system, you assume the risk if you ignore the Dev's warning and install the beta on a production system. PeAcE

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.