Jump to content

Profile corruption

VBFirefoxUser
 Share

Recommended Posts

Super Dave

Super Dave

Posted
Posted
49 minutes ago, John A said:

You should be able to quit and uninstall.

John thanks for the reply. Not sure what I'm going to do yet. Try to uninstall and run V2 or start it up after I'm in windows. Its not my only protection. Have Norton security also.

I guess this is not a widespread problem but.................... pretty serious. With so many problems this might never get sorted out

Link to post
Share on other sites
  • Replies 62
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

John A

John A

Posted
Posted

Yes, it is has been known about since beta testing but not listed as a known issue, so who knows when it will be fixed.  The fact that it happens is a worry though. I understand that it is a difficult issue to track down.  I am reluctantly using Malwarebytes 3 just as a secondary scanner at present, not starting with Windows.

Link to post
Share on other sites
Doctor9fan

Doctor9fan

Posted
Posted
19 minutes ago, Super Dave said:

Just uninstalled and went back to version 2.  Doctor9fan so you have been back on version2 ? If so any more problems with profile?

I decided to testi out turning on 'delay protection at startup' & have set it to 60 second delay, hence why I'm also asking if any other members had tried this & whether it affected the profile corruption, if others have tried it & it didn't work then I'll certainly go back to version 2.

Link to post
Share on other sites
Super Dave

Super Dave

Posted
Posted
13 minutes ago, Doctor9fan said:

I decided to testi out turning on 'delay protection at startup' & have set it to 60 second delay, hence why I'm also asking if any other members had tried this & whether it affected the profile corruption, if others have tried it & it didn't work then I'll certainly go back to version 2.

Well I am not going to reboot for no reason. But will update here if I have any additional profile problems after reverting to ver 2

Link to post
Share on other sites
Doctor9fan

Doctor9fan

Posted
Posted (edited)

So far so good. I restarted 6 times & no profile corruption, I forced restart three times & still no corruption. 
I will continue to monitor with the setting I have mentioned & see how things go.

I normally wouldn't do this either but as I hardly have to restart my PC preferring to set it to 'sleep' overnight I thought if I didn't try it then it could be weeks before we know the outcome of my test.

I never had any profile corruption problems with ver 2 so would be surprised if it did.

Edited by Doctor9fan
Link to post
Share on other sites
Super Dave

Super Dave

Posted
Posted
1 hour ago, Doctor9fan said:

So far so good. I restarted 6 times & no profile corruption, I forced restart three times & still no corruption. 
I will continue to monitor with the setting I have mentioned & see how things go.

I normally wouldn't do this either but as I hardly have to restart my PC preferring to set it to 'sleep' overnight I thought if I didn't try it then it could be weeks before we know the outcome of my test.

I never had any profile corruption problems with ver 2 so would be surprised if it did.

Good to know. Now that Ive rolled back I'll wait till things seem to get sorted out. I also did not trust the web protection DNS issue blocking problems

Link to post
Share on other sites
Doctor9fan

Doctor9fan

Posted
Posted (edited)
2 hours ago, Telos said:

@Doctor9fan It would be interesting to see if the problem recurs, by disabling  "delay protection at startup" and then rebooting.

@Telos  I enabled that setting & set it to 60 second delay. As stated I restarted 6 times with no corruption.

I will of course continue to monitor this to see if the corruption recurs.

Edited by Doctor9fan
Link to post
Share on other sites
John A

John A

Posted
Posted
4 minutes ago, Doctor9fan said:

I enabled that setting & set it to 60 second delay. As stated I restarted 6 times with no corruption.

I will of course continue to monitor this to see if the corruption reoccurs.

I have fiddled with this setting some time ago with no luck.  You might restart a few times and it seems fine, then try a few hours later and it happens again.  Tricky to pin down.

Link to post
Share on other sites
x64

x64

Posted
Posted
On 19/02/2017 at 9:10 PM, Super Dave said:

OMG I just found this thread. I have been having this problem and did not connect it to MBAM till today. This is on a windows 10 machine. I have had this happen on a restarts. The first few times just clicking on log out and log back in worked. Yesterday it required a 2nd restart I thought I was screwed big time but finally got back to my desktop. I've had this win 10 machine for over a year with no problems like this until MBAM version 3

Now with the new beta installed self protection cannot be turned off. I have unchecked start at windows startup. I hope this corrects any future windows logon problems.

When I thought the only problems included MBAM not working correctly it was not a big deal but now finding its screwing up my OS is pretty disturbing.

It not being able to turn off self protection going to be a problem if I decide to uninstall? Or just quit MBAM and uninstall?

 

Hi Super Dave.

I've just seen the extra posts io this thread and it piqued my interest as I'm hunting down a windows 10 profile corruption issue (and have been chasing it for over a year).

The issue that I'm chasing sounds very similar to yours. The salient factor that links your case to the issue that I'm chasing is "The first few times just clicking on log out and log back in worked". That to me sugegsts that the failure that is afflicting you is a failure to correctly mount the User classes registry hive during logon. The reason that a logoff/'log back in' is fixing it is that Microsoft have included a very tacky cleanup routing that (when it works) cleans up some corruption.

When the User classes hive fails to mount, important registry entries get created in the main user registry hive instead of getting created in the user classes hive. If those entries remain, then on next logon the user classes hive cannot load (as It's place is occupied), and subsequent logons will also have the same issue. Other symptoms are start menu failures, system tray icons arrangements not persisting, as well as many other less identifiable issues.The tacky clean-up routine removes any registry entries that would get in the way of the User Classes hive loading. The routine fails as it runs as the userd identity and cannot clean up keys that have different security srt on them (Cortana does this as does the Dropbox desktop client).

I get hit once or twice a month but it's not regular - it can be a couple of times close together or nothing for severl weeks...... Microsoft's solution when the corruption cannot automatically cleaned is to guide the person to create a new user account (because doing that creates a fresh profile). I'm not convinced that Microsoft actually recognise this issue for what it is, however their tacky cleanup routine suggests that they have seen it. 

I have a batch file set up on my main system that runs on logon and warns me of the issue so that I can log off/on quickly before the corruption gets too bad. If it does get too bad then the only fix is a profile rebuild (or restore from backup if you keep one - In additon to my reguar system images, I stared doing a file/fp;der backup of my profile each night - all using Macrium)

Apart from mentioning the 'user classes hive' above, I've tried to attempt getting too technical in my description of the issue. I'm a third line network technician and I have dove very deeply into this issue. See my posts here for a more technical discription of what I've found so far.

Note despite the name of this thread - (it was named by the thread's original poster) the issue was not related to a W10 update. https://www.bleepingcomputer.com/forums/t/608833/automatic-update-caused-your-start-menu-isnt-working/   (I post as x64 on BC as well).

I certainly had this before Malwarebytes 3. Most of the time I've had it I have been running Malwarebyres 2.2 or 3.0 alongside Kaspersky IS/TS 2016/2017.

In my posts last yeare I did state that I've ruled our Malwarebytes as a contributing factor. I ruled out Kaspersky fairly on as other users on the Internet reporting similar issues were using other AVs. I dont recall why I ruled our Malwarebytes. In my mind 'm still looking to rule out both MWB ans KIS/KTS through my own direct observation. Short of running unprotected for several weeks (I won't do it) I don't see how I can do that.

I'm still chasing the issue and have not got much further that that which I posted on Bleepingcomputer. The smoking gun that 'm lookign for would be a (sysinternals) process monitor trace capturing the first logon in which the User Classes Hive fails to mount. I did think of leaving process montor boot logging turned on until the issue bit, however process monitor has a bug that caued blue screens on win10, so I could not do that. Short of seeing such a trace, I doubt I'll get much further.

x64

Link to post
Share on other sites
John A

John A

Posted
Posted

x64 - that is very interesting.  All I can add is that on three Windows 10 computers, I never had this user profile corruption with Malwarebytes 2.  But after installing MB3, it starts happening on all three computers.  I didn't try logout/login, I always recovered but restarting.

Link to post
Share on other sites
galileo

galileo

Posted
Posted

@x64 & John A:  I managed an SMB network (primarily W7P) on which I used MBAM (real-time) for over a decade and I currently have MBAM 3 (real-time) on two home machines (W10P 14393.693) and I have "never" seen any profile corruption issues on any installation related to MBAM.  I don't doubt for a minute that x64 has seen such issues and that the MS mitigation for profile corruption is cumbersome and essentially ineffective in that it doesn't actually "cure" the issue.  As many of us involved in system maintenance and malware mitigation have found, it is very much like the practice of medicine in that each "patient" is similar, but always different.  However subtle, the differences in the installed software stack, machine customization, personalization, minor hardware differences, permissions, etc, etc, etc. - again, however subtle - can result in all manner of issues.  Many times these are manifested as timing issues within the boot/startup cycle that can result in clashes and errors with perfectly clean running software.

@Doctor9fan:  Interestingly, delaying the early start of MBAM may well be a work around that avoids getting in the middle of boot and startup cycle timing issues.  Delaying startup seems a reasonable solution prior to MBAM zeroing in on their issues.  Although, it may ultimately prove futile against any underlying MS issues.

Link to post
Share on other sites
John A

John A

Posted
Posted

@galileo

The profile corruption is apparently rare, although there may be users out there experiencing it who don't realise that MB is causing it.  It happens on Windows 10 x 64, x32 and Windows 7.  I understand each computer is different, but MB should not interfere with basic Windows functions like user profiles.

Link to post
Share on other sites
Super Dave

Super Dave

Posted
Posted
1 hour ago, John A said:

@galileo

The profile corruption is apparently rare, although there may be users out there experiencing it who don't realise that MB is causing it.  It happens on Windows 10 x 64, x32 and Windows 7.  I understand each computer is different, but MB should not interfere with basic Windows functions like user profiles.

May not be all that rare John. I think you are correct that users would not think that MB was the problem. Whats more scary is the developers may be hoping for the same.

I've just browsed your posts in the beta forum along with a number of others with dates up into early December when ver 3 went public and am astonished it was released with that many known issues. Seems like a suits decision to me.

I'm a long time user and do hope all the issues are solved but right now this is just crazy

Link to post
Share on other sites
x64

x64

Posted
Posted (edited)

@John A, @Super Dave, @Galileo

The problem mode that I describe is fairly incidious. My suspicion is that many more users have experience the issue than realise it, initially at least the problems may appear as glitches/missing settings rather than recognisable profile corruption. Consider the following.

Case 1: On a user logon, the problem hits an the HKEY_CURRENT_USER registry hive is incorrectly assembled; In the user session the user sees odd issues (system tray icons not arranged as they were before, start panel not accepting clicks, some applications misbehaving).; Reboots (logout/in would have same effect) - issue gone - everything works as before..Who would think profile corruption? - Its just Windows 10 gone wonky isn't it?

Case 2: On a user logon, the problem hits an the HKEY_CURRENT_USER registry hive is incorrectly assembled; In the user session the user sees odd issues but manages to work on through them. The Contents of the (incorrectly assembled) HKEY_CURRENT_USER registry hive evolve alongside the other conventional files in the user profile. Maybe at some layer stage the odd issues become more severe (total start panel failure?); User logs out/in or reboots; MS Cleanup routine clicks in and makes space for the User classes hive to load, which it does do this time; Now HKCU\software\classes is disjoint with the rest of the files in te usrs profile, and the profile is 'corrupted' (and cannot self heal)

Case 3: would start the same as case 2 - but during first logon session some application on the system sets security on a subkey of HKCU\Software\classes that prevents it being deleted under the context of the logging in user. On the next logon, The MS cleanup fails (as it runs with insufficient rights) and the 'real' user classes hive cannot load - event 1542 is logged. At this stage, the user profile is technically corrupt (whether or not the issues are severe enough for the user to realise it).

Can you relate to having occasionally seen the outwardly visible symptoms of case 1?  ..."In the user session the user sees odd issues (system tray icons not arranged as they were before, start panel not accepting clicks, some applications misbehaving"...

x64

(added a few mins later: Thinking about it - I now recognise the Windows root issue so quickly and log out/in to regain normality that I may not see any contribution from Malwarebytes to it hypothetically contributing to case 3 above [absoultely not reaso nto believe that it does actually do this]. Such applications are not at fault - they however do help set the profile corruption om stone. Dropbox Desktop client is one - it does nothing wrong, but protects its reg keys in a way that causes the MS cleanup routine to fail)

Edited by x64
Link to post
Share on other sites
John A

John A

Posted
Posted

@galileo

I have had two periodic unexplained issues. They are BSOD, and Ethernet adaptor failure on wakeup from Sleep.  I haven't mentioned these to this point because I need more determine what causes them.  I am currently running with MB3 RTP off and so far haven't experienced either issue, but early days yet.

Link to post
Share on other sites
TONYBEE

TONYBEE

Posted
Posted

This topic has been an eye opener for me. I thought I was being lucky in having no problem/s with Malwarebytes, because I had none of the usual problems that other users seemed to be having. Malwarebytes always seemed to be working fine, but I was having a problem with my profile being corrupted, which I thought was a Windows 10 problem. It never occurred to  me that the frequent requests for me to verify my Microsoft account could be anything but a windows problem. When I first became aware of the problem it made me think, so I followed the advice given here on this forum. I turned off 'Start Malwarebytes at Windows Start up' and put a shortcut in the Start up Folder. Hopefully that will solve the profile problem. Everything seems to be ok now, I haven't had a request to reset my windows profile, the only thing that seems different is the Malwarebytes 'Splash Screen' that appears when Malwarebytes starts up, which is a reassurance that everything has been activated in Malwarebytes. My thoughts are with how many other users are having this problem without realising that it is a Malwarebytes problem. This should be a major concern for Malwarebytes and I am surprised and shocked that they haven't addressed the problem.

Link to post
Share on other sites
shaun279

shaun279

Posted
Posted

Does Malwarebytes need to run with administrative privileges? If I check administrative privileges for shortcut placed at Start Up folder, it fails to start up on log in.

I created a task scheduler instead, seems to be working fine. Also another issue I'm having on windows 7 here seems to have stopped as well.

 

Link to post
Share on other sites
TONYBEE

TONYBEE

Posted
Posted
13 minutes ago, shaun279 said:

Does Malwarebytes need to run with administrative privileges? If I check administrative privileges for shortcut placed at Start Up folder, it fails to start up on log in.

I created a task scheduler instead, seems to be working fine. Also another issue I'm having on windows 7 here seems to have stopped as well.

 

I noticed that problem too, when I gave the shortcut administrative privileges, Malwarebytes failed to open. Took admin privileges off the shortcut and it worked fine.

Link to post
Share on other sites
galileo

galileo

Posted
Posted
2 hours ago, TONYBEE said:

I noticed that problem too, when I gave the shortcut administrative privileges, Malwarebytes failed to open. Took admin privileges off the shortcut and it worked fine.

@TONYBEE

This is expected behavior - programs are not permitted to run as administrator (i.e. elevated ) automatically from "Startup" for security purposes.

Take a look at the tutorial in the link below as workaround.  This is from the "sevenforums.com" website.  Simply stated, create an elevated task in Task Scheduler to run your program, create a shortcut to run the elevated task, and finally create another task to run the shortcut at startup. Yes, it seems like your "reaching around your...." to accomplish what seems like a simple task. But, MS does not allow using the "Startup" folder to run elevated shortcuts.  Aside from security issues, consider this simply from a mechanics perspective:  how would a system continue to boot if it required the user to address a UAC prompt (which pauses all other system action) during the boot cycle?  The only way to circumvent "clicking" a UAC prompt is to create a task that will "Run with highest privileges".

Elevated Program Shortcut without UAC Prompt - Create - Windows 7 Forums

btw: The "sevenforums.com", "eightforums.com", and "tenforums.com" websites have a wealth of information and help for a multitude of Windows issues.  There are many tutorials there that address a whole host of issues and customizations.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.