Jump to content
phishy2

Anti-ransomware unable to start

Recommended Posts

Newly installed.  Unable to start.  Unable to connect the service.  Nothing else happens. I'm on the windows insider program build 16199.

Steve

 

Share this post


Link to post
Share on other sites

Hello @phishy2 and :welcome:

The Malwarebytes' developers/staffers/helpers must have good data for a quality fault analysis.  Use the following Malwarebytes data gathering support tool, on the system in question, restarted in the Windows NORMAL boot mode:

  1. Download the trusted, Malwarebytes authored arwlogs.exe utility/tool and save only to a system Administrator's desktop of the system in question.
  2. arwlogs.exe is an information gathering tool that neither installs nor does it make system/registry hive changes.
  3. Single right-click the j1Bynr2.png&key=c55e643d4ec26aa771880d2d  arwlogs.exe icon and select RunAsAdmin.jpg  Run as administrator from the Windows context menu.
  4. If a Windows User Account Control (UAC) alert/prompt for arwlogs.exe appears, select the "Yes" button to continue.
  5. If a Windows SmartScreen warning alert/prompt for arwlogs.exe appears, select "More info" then select the "Run anyway" button to continue.
  6. A Command window will appear and its contents may be mostly ignored.
  7. When "Press any key to continue . . . " appears at the bottom of the Command window, type an Enter key to close the window.
  8. A zipped archive (yyyy-mm-dd-{COMPUTERNAME}.zip) should have been generated to the system Administrator's desktop.
  9. Delete arwlogs.exe from the Administrator desktop.
  10. Attach the above zipped archive to your next reply in this topic.

Since you may have not already done so by now, please consider selecting the "Follow" button, near the upper-right corner of your topic, to receive timely notifications regarding replies.

Although more data may be required, after the requested data is posted, the Malwarebytes' team can commence their analysis.  Thank you always for your assistance.

Share this post


Link to post
Share on other sites

Hello @phishy2:

1) Does the system in question only have Malwarebytes 3.x (MB3 v3.0.6) installed, or does it also have Malwarebytes Anti-Ransomware (MBARW BETA8 v0.9.17.661) installed too?

2) Is MB3 the Free, 14-day Trial or Premium edition?

Thank you again.

Share this post


Link to post
Share on other sites

Hello @phishy2:

Because that Windows 10 system already has MB3 v3.0.6.1469-1.0.103 Premium installed, the Anti-Ransomware (ARW) module is already "baked in" and completely eliminates the need for MBARW BETA8 to also be installed.  The two (ARW & MBARW) are now likely interfering with each other.  Please perform a conventional Windows 10 based uninstall of only "Malwarebytes Anti-Ransomware version 0.9.17.661".  When completed, please restart Windows 10 to the conventional Normal boot mode.  Then...

Since that system's Malwarebytes 3 (MB3) version is fairly old, and resource utilization improvements and very many fixes have been made, please follow this procedure:

  1. Please follow the steps in the locked/pinned topic to uninstall the remnants of MB3 and reinstall the latest build: MB-Clean Tool (NOTE: After uninstalling with the MB-Clean tool, you will be asked to reboot.  Once restarted, the tool will ask you if you want to re-install Malwarebytes, you can select YES (it will download the MB3 release version) or you can download the MB3 release version manually (currently v3.1.2.1733-1.0.139-1.0.2060) to re-install from HERE).
  2. Only if that does not correct the system's issue, then please read the following and only separately attach to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: mb-check-results.zip, FRST.txt, and Addition.txt).

NOTE: The following MB3 information is also available: MB3 User Guide ONLINE, MB3 User Guide PDF, and the MB3 FAQ.

Edited by 1PW

Share this post


Link to post
Share on other sites

OK, thanks for getting that fixed and updated.  How come MB3 did not get those updates automatically?

Another question.  I'm frequently getting website blocked messages from utorrent.  How do I fix them?

I am using a VPN if that matters.

 

Steve

 

Share this post


Link to post
Share on other sites
6 minutes ago, phishy2 said:

How come MB3 did not get those updates automatically?

 

MB3 updates are being metered/throttled out globally to many millions of installs.  Your MB3 install update had not been downloaded yet in the strictly randomized scheme of updates.

Quote

I'm frequently getting website blocked messages from utorrent.  How do I fix them?

The use of a VPN service is likely unrelated unless MB3 Web Protection blocks are frequently experienced when the uTorrent task is NOT running in W10's background, and the VPN may have contracted with portals hosting badware. (Yes - this has happened.)

Many other uTorrent users have known bad Internet intentions and when their URLs/IPs are identified, they are blocked by MB3's Web Protection feature.  Other uTorrent user systems, with otherwise good intentions, can unknowingly become home to badware and their URLs/IPs become blocked, when identified, similarly.

If the blocks are related to inbound data transfers, the MB3 Web Protection module is doing its job to protect your system.  If the blocks are related to outbound data transfers, then I strongly recommend you open a separate/new topic in the Malware Removal for Windows sub-forum and have the malware removed from your system.  When you accidentally/intentionally browse to a Malwarebytes identified site that hosts badware, the MB3 Web Protection module will also protect your system.

Later, if you would like to attach separate text (.txt) based logs that document the relevant Web Protection blocks, Malwarebytes staffers/helpers can assist you with the action(s) you should take.

Thank you.

 

Share this post


Link to post
Share on other sites

They are all outbound blocks.  Two different IP addresses, 181.189.152.235  and 94.102.54.34   Ports seem to vary.  I've gotten 50 plus in less than 2 hrs.

Is there a simple way to send all of them?

Thanks!

 

Steve

 

 

Share this post


Link to post
Share on other sites

Hello @phishy2:

Without an expert qualified analysis, I am guessing that the system is likely infected from uTorrent use.

https://www.malwarebytes.com/support/guides/mbam/Reports.html#view -> Viewing or Deleting Logs is the suggested documentation for extracting just the illustrative two or so complete lines of text from a relevant "Website blocked" log.  Then, generate the two output diagnostic text files from the Farbar Recovery Scan (FRST) utility.

Carefully read through the locked/pinned topic at I'm infected - What do I do now?.  Then, go to Malware Removal for Windows and select the Start new topic button and compose a thoughtful & detailed narrative, Copy and Paste the relevant two or so complete lines of text from the Website blocked log above, and attach the FRST.txt and Addition.txt files.

HTH

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.