Jump to content

mbae.dll injection anomalies with edge and other win store apps

zerohearne
 Share

Recommended Posts

zerohearne

zerohearne

Posted
Posted

hi I was just checking up on the dll injections to make sure everything was working correctly but there wasn't any dll injections for Edge nor the "Microsoft.photos.exe" app, I've checked both 32 & 64 bit dlls but non have shown up, other programs do tho. Steam.exe shows up and so does skype.exe I've also ran the mbae-testing tool and that worked fine.

Link to post
Share on other sites
zerohearne

zerohearne

Posted
  • Author
Posted

I've noticed that all my Windows App Store programs are also not showing any dll injections. I think it could be conflicting with its sandboxing protocols and since Edge employs some of these sandboxing technics it might be the reason why its also not showing I could be completely wrong but that's the only link I can think of in this case. Skype.exe, steam, internet explorer, iTunes all show dll injections. The ones that aren't showing any that i've tested so far are the Photos app, Movies & TV/media player and Edge. Let me know what else I can do to help.

MB-CheckResult.txt

Link to post
Share on other sites
dcollins

dcollins

Posted
Posted

Interesting that none of the apps are showing up, I just tested the others to verify and they are working here, so it must be some setting on your machine. Can you grab us the FRST logs as outlined below so we can see what else is on your machine that we may be conflicting with?

  1. Download FRST and save it to your desktop
    1. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
  2. Double-click to run and when the tool opens click Yes to the disclaimer
  3. Press Scan button
  4. This will product two files in the same location (directory) as FRST: FRST.txt and Addition.txt
    1. Attach both of these logs to your post by clicking on the "Drag files here to attach, or choose files..." or simply drag the files to the attachment area
Link to post
Share on other sites
dcollins

dcollins

Posted
Posted

Can you also grab the logs folder for us please?

  1. Navigate to C:\ProgramData\Malwarebytes\MBAMService
    • The ProgramData folder may be hidden so you'll need to type the path in manually or turn on showing hidden files/folders
  2. Right click the logs folder and choose Send to -> Compressed (Zipped) folder
  3. This will create a zip file on your desktop named logs.zip, please upload this file in your response
Link to post
Share on other sites
dcollins

dcollins

Posted
Posted (edited)

Strange, according to the logs Edge is being shielded properly. Can you try using the attached zip file to grab some information? Simply extract the zip file and double click RUNME.bat. This will print out a list of DLL's that are attached to Edge using a different program just for sanity sake. It will output the results to a file named output.txt. Please upload that file

ListDlls.zip

Edited by dcollins
Link to post
Share on other sites
zerohearne

zerohearne

Posted
  • Author
Posted

I played around with Microsoft's EMET toolkit some and added Chrome what was previously not working with MBAE DLLs and I can now see EMET64.DLL injections on the chrome browser. I then went on to add the Edge browser and I still do see its injection on either mbae or emet dlls.

Link to post
Share on other sites
  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.