Jump to content
MJB

Your system is at risk

Recommended Posts

I suddenly started getting this. The "Fix Now" and "Start Protection" do nothing. I did a complete uninstall, redownloaded the beta installer, and reinstalled. Still get this. This is version 0.9.15.416

 

AtRisk.jpg

Share this post


Link to post
Share on other sites

Hello MJB and :welcome:

Please create the following zipped archives for MBARW developer team analysis:

Create a .zip archive of the directory C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\
Create another .zip archive of the directory C:\ProgramData\Malwarebytes\MBAMService\logs\

Please attach the above zipped archives to your next reply.  Thank you for beta testing MBARW and your valuable feedback.

Share this post


Link to post
Share on other sites

Here you go with the log. I can't upload the zipped C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\ directory because it exceeds the 30MB upload file size limit of this forum.

 

MBAMServicelogs.zip

Edited by MJB

Share this post


Link to post
Share on other sites

Hello MJB:

Rather than a simple re-install of MBARW Beta, please consider a clean re-install of MBARW Beta:

1. Close all open user applications followed by a conventional Windows based uninstall of Malwarebytes Anti-Ransomware through the Windows system Control Panel.
2. If MBARW Beta was uninstalled successfully, the following sub-directories will have been deleted from a typical Windows x64 system:

                         C:\Program Files\Malwarebytes\
                         C:\ProgramData\Malwarebytes Anti-Ransomware\
                         C:\ProgramData\MBAMService\

3. If any of the above directories remain, please delete them manually.  If necessary, any remaining/uninstalled directory must be deleted in the Windows Safe mode.
4. Execute a conventional Windows restart to the Normal Windows boot mode and log-in through an Administrator's account. <===IMPORTANT!
5. Using an Administrator's account only, download a fresh MBARW_Setup.exe file and save to the Administrator's Desktop from the MBARW Introduction topic.
6. Right-click the saved MBARW_Setup.exe file and left-click RunAsAdmin.jpg  Run as administrator from the context menu and continue.
7. Upon a successful installation, please restart the computer in a conventional manner to the Windows Normal boot mode.

Please reply to your topic with the status of your reported issue.  Thank you for beta testing MBARW and your valued feedback.

Share this post


Link to post
Share on other sites

Hello MJB:

The split directory sent was for that system's Malwarebytes Anti-Malware (MBAM) product.

If the MBARW directory is now deleted, hopefully the devs will not need it this time.

Not to worry.

Share this post


Link to post
Share on other sites

1PW: The directory you asked for, "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\", didn't appear to exist on my system at the time, despite Anti-Ransomware running and showing the message above. Go figure.

Upon a later reboot of the system, when I did press  "Fix Now", it claimed it was working and that directory appeared.

About a day later, it popped up a tray message claiming that FireFox Portable was ransomware and claimed it quarantined it. However, nothing appeared to be in quarantine and FireFox Portable was working fine. I should point out that FireFox Portable is installed on a Bestcrypt virtual drive, so maybe that confused Anti-Ransomware(?)

Anyway, since then, the Anti-Ransomware beta has been claiming it is working OK.

 

Share this post


Link to post
Share on other sites
3 minutes ago, MJB said:

 I should point out that FireFox Portable is installed on a Bestcrypt virtual drive, so maybe that confused Anti-Ransomware(?)

 

As an additional note to the FireFox Portable thing, I do have Malwarebytes Anti-Malware Free installed that I run every once in a while as a "second opinion" AV scanner. Malwarebytes Anti-Malware Free will trigger a hard crash of the PC if it is run when any of my Bestcrypt volumes are mounted. Both Malwarebytes & Jetico were informed of this issue years ago. Jetico claimed it's a Malwarebytes issue, Malwarebytes never responded to the report. Kasperski & Norton stand alone AV scans don't trigger these crashes, just Malwarebytes Anti-Malware Free. If Anti-Ransomware beta contains similar code, that might explain the transient false positive of identifying FireFox Portable installed on a Bestcrypt virtual drive.

Share this post


Link to post
Share on other sites

Hello MJB:

On systems where a directory is hidden, the "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\" directory can be revealed from its hidden state by copying/pasting the directory's full pathname (with quotes) into a WindowsKey.png + R Run box.

I have failed to locate a previous report of an issue from your username (MJB) regarding Jetico's BestCrypt and Malwarebytes Anti-Malware (MBAM) v2.2.1.1043 in this forum.  Is it possible you opened your report with the separate Malwarebytes Consumer Help Desk?  If so, I would like to pursue that issue with you.

Just so I have a better understanding of your terms and definitions, please expand on:

Quote

"Malwarebytes Anti-Malware Free will trigger a hard crash of the PC if it is run when any of my Bestcrypt volumes are mounted."

When you said "hard crash", do you mean Blue Screen of Death (BSoD)?

Thank you.

Share this post


Link to post
Share on other sites

Hello @Mustang_John and :welcome:

It is disappointing to read your testing system is having MBARW Beta issues but each computer is unique.  Problems that seem "the same" frequently are not.

The same is true for solutions.  Solutions may often need to be individualized for your unique testing system.

It is less confusing for everyone if a "One Member Per Topic" policy is adhered to instead of posting to the topic of another member.

Development Team Members, Staffers, and Helpers will be able to more easily provide both you and the OP/Topic Starter, with individualized assistance.

Please start a NEW, and SEPARATE topic by left-clicking this >>Start New Topic<< link now.

Thank you always for your patience and understanding.

Share this post


Link to post
Share on other sites
4 hours ago, 1PW said:

Hello MJB:

On systems where a directory is hidden, the "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Ransomware\" directory can be revealed from its hidden state by copying/pasting the directory's full pathname (with quotes) into a WindowsKey.png + R Run box.

I have failed to locate a previous report of an issue from your username (MJB) regarding Jetico's BestCrypt and Malwarebytes Anti-Malware (MBAM) v2.2.1.1043 in this forum.  Is it possible you opened your report with the separate Malwarebytes Consumer Help Desk?  If so, I would like to pursue that issue with you.

Just so I have a better understanding of your terms and definitions, please expand on:

When you said "hard crash", do you mean Blue Screen of Death (BSoD)?

Thank you.

By "hard crash", I mean the PC immediately jumps to booting the bios.

The drives in the machine are self encrypting SSD's, which require a password for the machine to start booting Windows. During a warm boot, the drive passwords are not needed. My recollection of the Malwarebytes instigated crash, causes a full cold boot where those passwords are required. I reported this to Malwarebytes on December 4, 2014. I still have the acknowledgement email with the subject "Re: Crashes the machine when scanning drivers [Request received]" sent to me by support@malwarebytes.org. I don't have a record of a support ticket number. I only joined this forum the other day, so this user ID (MJB) only has a history of a few days. I don't recall the way the report was made back in 2014. I presume I made it via whatever the standard Malwarebytes support request system was at the time.

The machine is a Lenovo ThinkPad E531 688528U, with 16GB RAM, SAMSUNG 840 EVO MZ-7TE1T0BW 2.5" 1TB SATA III MLC Internal Solid State Drive (SSD) as the boot drive (self encryption active) and a secondary drive of a Transcend TS256GMTS400 256 GB SATA III 6Gb/s MTS400 42 mm M.2 SSD Solid State Drive (SSD) (self encryption active). 

I have not trues running a Malwarebytes Anti-Malware scan while Bestcrypt containers are mounted in quite a while, for obvious reasons. If need be, I could try that and see what happens. 

Share this post


Link to post
Share on other sites

Hello MJB:

Have you been able to follow the procedure for the hidden directory?

Thank you.

Share this post


Link to post
Share on other sites
4 hours ago, 1PW said:

Hello MJB:

Have you been able to follow the procedure for the hidden directory?

Thank you.

The directory was not hidden. It simply was not there. My machine is set to show all hidden files & directories, as well as all file extensions. As I said, a few reboots later on Friday, the "Fix it" button worked and that directory was created. It has a creation date of Friday at 7pm EDT. 

Share this post


Link to post
Share on other sites

Hello MJB:

Since your post reads as if MBARW Beta6 is now starting correctly with each system restart, would it be okay with you if you reported a few details regarding OS minidumps before the issue with Jetico's BestCrypt and Malwarebytes Anti-Malware (MBAM) is examined?

Please report if the following directory exists, and if so, does it have any (.dmp) content:

  "%SystemRoot%\Minidump"  or  "C:\Windows\Minidump"  

Also, please report the results of the following passive information request using an Windows OS elevated command prompt:

  wmic RECOVEROS get DebugInfoType  

Thank you.

Share this post


Link to post
Share on other sites

The minidump directory is empty, which I would expect it to be, since I run Disk Cleanup regularly plus have Iolo's System Mechanic automatically decluttering the system as well.

Running "wmic RECOVEROS get DebugInfoType" in an elevated command prompt results in "DebugInfoType 3".  (Small dump file.)

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.