Jump to content

Recommended Posts

Hello @guthrie:

The MBARW devs must have good, detailed, documentation for a quality analysis.  Please consider running the following Malwarebytes written data gathering Support Tool:

1.) Download arwlogs.exe to an Administrator desktop of the system in question.
2.) Right-click the arwlogs.exe icon and select "Run as administrator".  A zipped archive should soon be generated to the Administrator desktop.
3.) Rather than email the archive as the tool directs, please attach the archive to your next reply in this topic.

Although more data may be required, after the requested data is posted, the Malwarebytes' QA & Developer Teams, and staffers can commence their analysis.  Thank you always for your assistance.

Link to post
Share on other sites

Ok; here:

=========================================
Malwarebytes Anti-Ransomware Logs Grabber
=========================================

--07:12:22--  https://meps.mwbsys.com/health
           => `meps.txt'
Resolving meps.mwbsys.com... done.
Connecting to meps.mwbsys.com[52.22.192.172]:443... connected.

Unable to establish SSL connection.

Unable to establish SSL connection.
The system cannot find the file specified.
        1 file(s) copied.

7-Zip (A) 9.20  Copyright (c) 1999-2010 Igor Pavlov  2010-11-18
Scanning

Creating archive 2017-02-20-PCGRG.zip

Compressing  MalwarebytesARW\Malwarebytes Anti-Ransomware\mbarwind-00.arw
Compressing  MalwarebytesARW\Malwarebytes Anti-Ransomware\mbarwind-01.arw
Compressing  MalwarebytesARW\Malwarebytes Anti-Ransomware\mbarwind-02.arw
Compressing  MalwarebytesARW\Malwarebytes Anti-Ransomware\mbarwind-03.arw
Compressing  MalwarebytesARW\Malwarebytes Anti-Ransomware\mbarwind-04.arw
Compressing  MalwarebytesARW\Malwarebytes Anti-Ransomware\mbarwind-05.arw
Compressing  MalwarebytesARW\MBAMService\ArwDetections\039d048c-a76c-11e6-a018-f48e38d9be93.json
Compressing  MalwarebytesARW\MBAMService\ArwDetections\13299cc0-a6aa-11e6-a16f-f48e38d9be93.json
Compressing  MalwarebytesARW\MBAMService\ArwDetections\1523acfa-a8d5-11e6-9780-f48e38d9be93.json
Compressing  MalwarebytesARW\MBAMService\ArwDetections\26c35e5a-a0b1-11e6-b885-f48e38d9be93.json
Compressing  MalwarebytesARW\MBAMService\ArwDetections\2fbb2b80-a4f0-11e6-9bd7-f48e38d9be93.json
Compressing  MalwarebytesARW\MBAMService\ArwDetections\6f71b0a6-a0f3-11e6-8a40-f48e38d9be93.json
Compressing  MalwarebytesARW\MBAMService\ArwDetections\81f7c7b4-9f19-11e6-b4a7-f48e38d9be93.json
Compressing  MalwarebytesARW\MBAMService\ArwDetections\86449dc4-a12b-11e6-8857-f48e38d9be93.json
Compressing  MalwarebytesARW\MBAMService\ArwDetections\864e51a2-a12b-11e6-aa6f-f48e38d9be93.json
Compressing  MalwarebytesARW\MBAMService\ArwDetections\aec971c4-a12c-11e6-bcac-f48e38d9be93.json
Compressing  MalwarebytesARW\MBAMService\ArwDetections\cc6f832a-c202-11e6-8268-f48e38d9be93.json
Compressing  MalwarebytesARW\MBAMService\ARW\mbarwind-00.arw
Compressing  MalwarebytesARW\MBAMService\ARW\mbarwind-01.arw
Compressing  MalwarebytesARW\MBAMService\ARW\mbarwind-02.arw
Compressing  MalwarebytesARW\MBAMService\ARW\mbarwind-03.arw
Compressing  MalwarebytesARW\MBAMService\ARW\mbarwind.arw
WARNING: The process cannot access the file because it is being used by another process.

Compressing  MalwarebytesARW\MBAMService\config\ArwControllerConfig.json
Compressing  MalwarebytesARW\MBAMService\config\CleanControllerConfig.json    1%
Compressing  MalwarebytesARW\MBAMService\config\CloudConfig.json
Compressing  MalwarebytesARW\MBAMService\config\LicenseConfig.json
Compressing  MalwarebytesARW\MBAMService\config\TelemCtrlConfig.json
Compressing  MalwarebytesARW\MBAMService\config\UpdateControllerConfig.json     
Compressing  MalwarebytesARW\MBAMService\ctlrupdate\ArwControllerImpl.dll
Compressing  MalwarebytesARW\MBAMService\ctlrupdate\arwlib.dll
Compressing  MalwarebytesARW\MBAMService\ctlrupdate\ArwSdkShim.dll
Compressing  MalwarebytesARW\MBAMService\ctlrupdate\ctlr.64bit.7z
Compressing  MalwarebytesARW\MBAMService\ctlrupdate\mbupdatr.exe
Compressing  MalwarebytesARW\MBAMService\ctlrupdate\mbupdatr.log
Compressing  MalwarebytesARW\MBAMService\logs\MBAMSERVICE.LOG
WARNING: The process cannot access the file because it is being used by another process.

Compressing  MalwarebytesARW\MBAMService\logs\MBAMSERVICE.LOG.txt
Compressing  MalwarebytesARW\MBAMService\Quarantine\88608f79-a12b-11e6-9f0e-f48e38d9be93.data
Compressing  MalwarebytesARW\MBAMService\Quarantine\88608f79-a12b-11e6-9f0e-f48e38d9be93.quar
Compressing  meps.txt


WARNINGS for files:

C:\ProgramData\MalwarebytesARW\MBAMService\ARW\mbarwind.arw : The process cannot access the file because it is being used by another process.

C:\ProgramData\MalwarebytesARW\MBAMService\logs\MBAMSERVICE.LOG : The process cannot access the file because it is being used by another process.

----------------
WARNING: Cannot open 2 files
        1 file(s) copied.

========================================================================
Done collecting logs.
Please send the file 2017-02-20-PCGRG.zip from your Desktop to Malwarebytes Support.
========================================================================

 

2017-02-20-PCGRG.zip

Link to post
Share on other sites

Hello @guthrie:

Although I failed to see an immediate reason for the uncorrectable disabled MBARW protection, a much more detailed analysis may reveal something.  Since you have had MBARW Beta8 installed to the "E:\" partition, I see no immediate reason to discontinue that choice.  Please use the following MBARW Beta8 uninstall & reinstall procedure to guarantee proper ownerships and integrities:

  1. Delete any and all previous copies of the MBARW_Setup.exe file and perform a conventional Windows-based uninstall of Malwarebytes Anti-Ransomware version 0.9.17.661 followed by a system restart to Windows 10 Normal boot mode.
  2. Then, download a fresh copy of the MBARW_Setup.exe file to the system's Administrator desktop only.
  3. Right-click the saved MBARW_Setup.exe file icon and left-click RunAsAdmin.jpg  Run as administrator from the context menu and continue the install.  <===IMPORTANT!
  4. Upon a successful installation, restart the computer, in a conventional manner, to the Windows 10 Normal boot mode.
  5. See if MBARW Beta8's license activation has successfully completed and resolved the system's original protection disabled issue.

Then when possible, please reply to this topic with your system's status.   Thank you for using MBARW Beta8.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.