Jump to content
betsar

False Positive - HxTsr.exe quarantined & cannot restore

Recommended Posts


MBARW beta6 - build 0.9.15.416 quarantined C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6868.40731.0._x64__8wekyb3d8bbwe\HxTsr.exe and cannot restore.  When I try to restore I get the following error message:

"The Restore operation could not be performed due to an error.  Please visit the beta forum to request assistance."

Once HxTsr.exe was quarantined, Windows 10 Mail no longer works - it now crashes upon trying to open.   Please provide a solution to restore HxTsr.exe.

Additionally when I click Add File under Exclusions, MBARW crashes and displays the following error message:

"Malwarebytes Anti-Ransomware has stopped working.  A problem caused the program to stop working correctly.  Windows will close the program and notify you is a solution is available."

 

Share this post


Link to post
Share on other sites

Hello betsar:

Thank you kindly for creating your topic.  Please create the following zipped archives for MBARW developer team analysis:

Create a .zip archive of the directory C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\
Create another .zip archive of the directory C:\ProgramData\Malwarebytes\MBAMService\logs\

Please attach the above zipped archives to your next reply.  Thank you for beta testing MBARW and your valuable feedback.

Share this post


Link to post
Share on other sites

Hello betsar:

Perfect!  Thank you!  A Malwarebytes staffer may weigh-in with further requests.  This is being worked on now.

Q: Does this system have any recent System Restore Points, Backups, or Images?

Share this post


Link to post
Share on other sites

Backup image is a few months old and last restore point probably a month old (I am not sure how to find a restore point date in Win 10).  I am still hoping that the missing file can simply be restored.

Share this post


Link to post
Share on other sites

Hello betsar:

Please try drilling down to:

    "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6868.40731.0_x64__8wekyb3d8bbwe\HxTsr.exe"

and see if that copy exists on your system.  If it exists, a workable procedure can be written for your system.

Thank you

Share this post


Link to post
Share on other sites

Hello betsar:

That was my mistake.  I thought that was where the KB3115127 update might have left an additional copy with this month's updates from Microsoft.  My bad.

Share this post


Link to post
Share on other sites

I located HxTrs.exe under C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6868.40731.0_x64__8wekyb3d8bbwe on another Windows 10 64-bit system I own.  I have copied the file but do not have permissions in the same folder on the affected system.

Share this post


Link to post
Share on other sites

Hello betsar:

Yes.  That is one of the complications.  If we can't find an easier way (through a re-installed Microsoft update) then a related & recently used procedure can be adapted to deal with the ownership obstacles.

The last thing we wish is to cause further harm to the existing system.

Share this post


Link to post
Share on other sites

Hello betsar:

Rather than a simple re-install of MBARW Beta6, please consider a clean re-install of MBARW Beta6:

1. Close all open user applications followed by a conventional Windows based uninstall of Malwarebytes Anti-Ransomware through the Windows system Control Panel.
2. If MBARW Beta6 was uninstalled successfully, the following sub-directories will have been deleted from a typical Windows 10 x64 system:

                         C:\Program Files\Malwarebytes\
                         C:\ProgramData\Malwarebytes Anti-Ransomware\
                         C:\ProgramData\MBAMService\

3. If any of the above directories remain, please delete them manually.  If necessary, any remaining/uninstalled directory must be deleted in the Windows Safe mode.
4. Execute a conventional Windows restart to the Normal Windows boot mode and log-in through an Administrator's account. <===IMPORTANT!
5. Using an Administrator's account only, download a fresh MBARW_Setup.exe file and save to the Administrator's Desktop from the MBARW Introduction topic.
6. Right-click the saved MBARW_Setup.exe file and left-click RunAsAdmin.jpg  Run as administrator from the context menu and continue.
7. Upon a successful installation, please restart the computer in a conventional manner to the Windows Normal boot mode.

Please reply to your topic with the status of your reported issue.  Thank you for beta testing MBARW and your valued feedback.

Share this post


Link to post
Share on other sites

Sorry for the FP. I'm currently heading out the door but will be back a little later today and I'll help you with this.

Thanks

 

Share this post


Link to post
Share on other sites

Hi,

 

I am still hear and Win10 Mail is still disabled because HxTsr.exe was quarantined.  I have a copy of HxTsr.exe from another Win10 system and am waiting on a method to copy the file to the appropriate folder on the affected system.

Thank.

Share this post


Link to post
Share on other sites

Meant to add this to my reply, but time ran out and couldn't edit. Your path to the file will show different #'s for version (17.6xxx.xxxxx), but its the same folders used for pasteing..

Share this post


Link to post
Share on other sites

Hi,

I already had a copy of the right version of HxTsr.exe, but downloaded it from your sourse.  My problem is still permissions.  When I try to paste to "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6868.40731.0_x64__8wekyb3d8bbwe\" it says I do not have required permissions.  I have tried signing on the system as an Admin (net user administrator /active:yes) and get the same permissions error.

 

Thanks.

Share this post


Link to post
Share on other sites

File versions are very important. I can force the copy of the file where it should go but if its the wrong version it still will not work.

Where is the file you have located. The exact path and file name.

 

Share this post


Link to post
Share on other sites

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6868.40731.0._x64__8wekyb3d8bbwe\HxTsr.exe is what MBARW said was quarantined but the path does not exist.  "1PW" who was helping me earlier had me check for the file in "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6868.40731.0_x64__8wekyb3d8bbwe" and the path existed but the file was not present.  So I have been trying to place the file that directory.  As far as file version, using the links you provided, I downloaded HxTsr.exe for Win 10 Home 64-bit which is the OS I am using.  The file I had copied from another system I own is also running the same OS and I found the file in the same path which exists on the affected system.

 

Thanks

Share this post


Link to post
Share on other sites

I need to know where the file you downloaded exists please. Full path and name with extension so that I can write a script move the file into that location.

Thanks again

Ron

Share this post


Link to post
Share on other sites

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6868.40731.0_x64__8wekyb3d8bbwe\HxTsr.exe

Share this post


Link to post
Share on other sites

Hello betsar:

The full pathname is needed for the present location of the file you intend to use as a replacement for HxTsr.exe.

Thank you.

 

Share this post


Link to post
Share on other sites

Hi, 

The file is currently located on my Desktop, "C:\Users\Russ\Desktop".  I you prefer I can move it to any location.

Thanks.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.