Jump to content

False Positive - HxTsr.exe quarantined & cannot restore


betsar

Recommended Posts


MBARW beta6 - build 0.9.15.416 quarantined C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6868.40731.0._x64__8wekyb3d8bbwe\HxTsr.exe and cannot restore.  When I try to restore I get the following error message:

"The Restore operation could not be performed due to an error.  Please visit the beta forum to request assistance."

Once HxTsr.exe was quarantined, Windows 10 Mail no longer works - it now crashes upon trying to open.   Please provide a solution to restore HxTsr.exe.

Additionally when I click Add File under Exclusions, MBARW crashes and displays the following error message:

"Malwarebytes Anti-Ransomware has stopped working.  A problem caused the program to stop working correctly.  Windows will close the program and notify you is a solution is available."

 

Link to post
Share on other sites

Hello betsar:

Thank you kindly for creating your topic.  Please create the following zipped archives for MBARW developer team analysis:

Create a .zip archive of the directory C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\
Create another .zip archive of the directory C:\ProgramData\Malwarebytes\MBAMService\logs\

Please attach the above zipped archives to your next reply.  Thank you for beta testing MBARW and your valuable feedback.

Link to post
Share on other sites

Hello betsar:

Perfect!  Thank you!  A Malwarebytes staffer may weigh-in with further requests.  This is being worked on now.

Q: Does this system have any recent System Restore Points, Backups, or Images?

Link to post
Share on other sites

Hello betsar:

Please try drilling down to:

    "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6868.40731.0_x64__8wekyb3d8bbwe\HxTsr.exe"

and see if that copy exists on your system.  If it exists, a workable procedure can be written for your system.

Thank you

Link to post
Share on other sites

I located HxTrs.exe under C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6868.40731.0_x64__8wekyb3d8bbwe on another Windows 10 64-bit system I own.  I have copied the file but do not have permissions in the same folder on the affected system.

Link to post
Share on other sites

Hello betsar:

Yes.  That is one of the complications.  If we can't find an easier way (through a re-installed Microsoft update) then a related & recently used procedure can be adapted to deal with the ownership obstacles.

The last thing we wish is to cause further harm to the existing system.

Link to post
Share on other sites

Hello betsar:

Rather than a simple re-install of MBARW Beta6, please consider a clean re-install of MBARW Beta6:

1. Close all open user applications followed by a conventional Windows based uninstall of Malwarebytes Anti-Ransomware through the Windows system Control Panel.
2. If MBARW Beta6 was uninstalled successfully, the following sub-directories will have been deleted from a typical Windows 10 x64 system:

                         C:\Program Files\Malwarebytes\
                         C:\ProgramData\Malwarebytes Anti-Ransomware\
                         C:\ProgramData\MBAMService\

3. If any of the above directories remain, please delete them manually.  If necessary, any remaining/uninstalled directory must be deleted in the Windows Safe mode.
4. Execute a conventional Windows restart to the Normal Windows boot mode and log-in through an Administrator's account. <===IMPORTANT!
5. Using an Administrator's account only, download a fresh MBARW_Setup.exe file and save to the Administrator's Desktop from the MBARW Introduction topic.
6. Right-click the saved MBARW_Setup.exe file and left-click RunAsAdmin.jpg  Run as administrator from the context menu and continue.
7. Upon a successful installation, please restart the computer in a conventional manner to the Windows Normal boot mode.

Please reply to your topic with the status of your reported issue.  Thank you for beta testing MBARW and your valued feedback.

Link to post
Share on other sites

Hi,

 

I am still hear and Win10 Mail is still disabled because HxTsr.exe was quarantined.  I have a copy of HxTsr.exe from another Win10 system and am waiting on a method to copy the file to the appropriate folder on the affected system.

Thank.

Link to post
Share on other sites

Hi,

I already had a copy of the right version of HxTsr.exe, but downloaded it from your sourse.  My problem is still permissions.  When I try to paste to "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6868.40731.0_x64__8wekyb3d8bbwe\" it says I do not have required permissions.  I have tried signing on the system as an Admin (net user administrator /active:yes) and get the same permissions error.

 

Thanks.

Link to post
Share on other sites

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6868.40731.0._x64__8wekyb3d8bbwe\HxTsr.exe is what MBARW said was quarantined but the path does not exist.  "1PW" who was helping me earlier had me check for the file in "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6868.40731.0_x64__8wekyb3d8bbwe" and the path existed but the file was not present.  So I have been trying to place the file that directory.  As far as file version, using the links you provided, I downloaded HxTsr.exe for Win 10 Home 64-bit which is the OS I am using.  The file I had copied from another system I own is also running the same OS and I found the file in the same path which exists on the affected system.

 

Thanks

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.