Jump to content

Malwarebytes unable to start.


Recommended Posts

Malwarebytes has been repeatedly finding ByteFence and removing it requiring a reboot. Today after I rebooted a popup appeared advising me that a newer version of MBAM was available. I allowed it to install. Now it won't start. I am keeping that machine off the web as much as possible until I get this fixed. I purchased the upgrade to the paid version on 12/12/13 and I believe it is the older perpetual type license. I don't see ByteFence running in Task Manager. I am communicating using a laptop machine.

 

Link to post
Share on other sites

Hello @PaulL

Thank you for reporting the system's issue.  The Malwarebytes' staffers/helpers must have good log data for a quality fault analysis to begin.

  1. Please save your work and close all running user applications for your convenience. applications for your convenience.

  2. Please follow the steps within the locked/pinned topic at Having problems using Malwarebytes? Please follow these steps.

  3. In your next reply to your topic, please only attach the three (3) separate files that are developed above: mb-check-results.zip, FRST.txt, and Addition.txt.

Thank you.

Link to post
Share on other sites

I ran mb-check and FRST. The output files are attached.

I have additional information. I had been using Macrium Reflect V6 to make image backups regularly. In May Macrium failed to make image backups due to a VSS failure caused by a windows update. I switched to EaseUs image backups. Then, after another windows update, the machine refused to boot. I attempted to restore to several restore points but all restorations failed due to appxstaging being unable to delete the windows apps directory (see KB3213986). Restore points are now probably useless in all windows 10 installations!

I attempted to restore the images I had made using EaseUs but it would not restore and after many emails to EaseUs I gave up. I contacted Macrium who advised me that V7 would work but it is not yet available as a free version. I purchased Macrium Reflect V7 workstation, made a boot CD on my laptop, and restored this machines system disk to an image from 4/9/17 and salvaged my ancient compiler installations.

In the last three days MBAM has found ByteFence repeatedly requiring me to reboot to clear the registry. Today, after rebooting, a popup appeared advising me to update MBAM. (It finally noticed that it was from before 4/9/17.) I installed the update and now MBAM won't start. Please let me know what to do next.

Addition.txt

FRST.txt

mb-check-results.zip

Edited by PaulL
Link to post
Share on other sites

  • Root Admin

Hello @PaulL

Let's go ahead and scan your system to see if we can find and remove the cause.

 

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 02

 

 

adwcleaner_new.png Fix with AdwCleaner

 

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Link to post
Share on other sites

Hi Ron,

The first computer I wrote a program for was an IBM 1401 using Hollerith cards in 1957. I'm older than dirt and I wear both a belt and suspenders.

My desktop machine has a copy of MBAM-Pro, installed on 12/12/13. The ID you issued me is and the MBAM key is  I believe that this was a perpetual license. MBAM presently fails to start on the desktop. I am keeping the desktop off the internet until we fix this. I am writing this from my laptop. (My laptop has a copy of MBAM free which I run manually in addition to the McAfee/Intel VirusScan provided by my ISP.) I keep copies of files produced when troubleshooting and I usually append the date to the file name.

MBAM failed to start on the desktop once before on 5/16/17. I posted on this forum and was assisted most ably and got MBAM running again.

On 6/25/127 when I found that MBAM would not run I started this forum thread. I ran frst.exe and mb-check.exe on the desktop on 6/25/17 and attached addition.txt, FRST.txt and mb-check-result.zip to a post in this thread.

Per your instructions today (6/27/17) I just finished running JRT.exe, AdwCleaner.exe, Sophos Free Virus Removal Tool.exe, and FRST.exe on the desktop. I have attached the JRT-20170627.txt, addition-20170627.txt, FRST-20170627.txt and AdwCleaner-20170627.zip files to this post. Sophos FVRT.exe reported no virus files found and produced no details to copy into a file. AdwCleaner.exe wrote a directory, AdwCleaner-20170627, which I zipped into the AdwCleaner-20170627.zip file attched here.

In the addition-20170627.txt file I see under the security center that Windows Defender, and Malwarebytes entries are marked disabled, but that McAfee/Intel VirusScan is enabled. The McAfee/Intel program is provided free by my ISP, Cabelvision, and its installation is forced on all of us by the ISP. I don't know how to disable it so it was running while I was doing these scans today. We also receive excellent free remote support from McAfee/Intel in India.

When it was working MBAM was set to do an automatic scan once a day.

I'm looking forward to your reply with additional instructions.

PaulL
 

Addition-20170627.txt

AdwCleaner-20170627.zip

FRST-20170627.txt

JRT-20170627.txt

Edited by AdvancedSetup
Removed ID and Key
Link to post
Share on other sites

  • Root Admin

Well, someone that's been on or around computers longer than I have. Don't run into too many users such as yourself Paul - encouraging that one can still be doing computer work in their retirement age, I'm getting closer.

 

It looks like the tools have removed most of the junk but a little bit more left over. We'll have you run the script below to remove a few more things.
The logs indicate there may be some other non malware related issues with the computer but you can take a look at that later on to see about fixing.

I think your ISP only offers McAfee (now owned by Intel) - I could be wrong but I think it's illegal to force someone to use a specific brand of software on their computer. Ensuring that users have "some type" of security software while on their network is one thing, but a specific brand would not seem to be legal. That aside, nothing wrong with McAfee antivirus if it's working well. I've seen many corrupted installs that cause varying issues that a clean removal and reinstall of McAfee seems to fix.

 

NOTE: The following fix will also kick off a FULL disk check of your hard drive and if issues found repair them. The disk check could take a few hours to run depending on the size and speed of the drive. Please allow it to finish.

 


Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

Ron

 

 

Link to post
Share on other sites

Hi Ron,

Yep, I'm older than dirt! After winding up at Cornell in 1960 I worked in broadcasting and recording. I designed recording studios and broadcast transmitter antenna arrays and did some recordings of the Philadelphia Orchestra for a broadcast syndication prior to the establishment of PBS. After awhile the transitory nature of the jobs got to me and I took a job playing with aircraft electronics at Pan Am at JFK where I stayed until they went bankrupt in 1991. I then tried my hand at buying, rebuilding and selling tug boats down around Houston for ten years. Now I'm just writing database programs on a pro-bono basis for public charities from my home upstate New York. It's nice up here except when the dairy cows next door get loose and wander into the backyard swimming pools. Did you ever try to get a 1500 pound Holstein to climb slippery steps out of a swimming pool?

Running FRST64 with the fixlist.txt file broke the thing. It hung with a green screen and the word restarting for about an hour. I cut power and turned it back on and it tried to run chkdsk the slow and thorough way. It got to 10% and stalled. After about 30 minutes I did a cold start again and refused the chkdsk operation but it would not boot. I restarted it with the Win PE boot CD created by Macrium and restored the image from 4/8/17 again after which it began a windows update routine. Apparently that image had been made after updates had downloaded but hadn't installed. Then it restarted and began a second windows update routine. After the second update routine it restarted normally.

I cleaned out a bunch of junk programs, manually cleaned up the autorun assignments using autoruns.exe, cleaned up the desktop, and then let ccleaner clean out junk files and registry entries.

I ran a manual scan using MBAM. It found 2 entries for ByteFence and quarantined them. I rebooted and am waiting because windows is apparently running another upgrade procedure even though the wifi is turned off. Go figure.

I will next run chkdsk against the system disk, then the Western Digital diagnostics. I'll add more information when that's done. I think the system disk might be a little long in the tooth. It's been spinning away since 2011.

Paul

Link to post
Share on other sites

  • Root Admin

Very interesting work life Paul. My study of microwave radar was a bit stressful in the mathematics. I enjoyed the studies in laser better myself but never really ever did any laser work aside from studies. Yes, I can imagine how difficult it might be getting a cow out safely. Reviewed the fixlist again and don't see anything obvious that should have caused a hang unless maybe there was so other lower level process holding on that would not let go. Usually FRST just marks those for removal after reboot.

Glad you had an image and are back up and running again. Keep me posted and let me know what you find. Might be good to run AdwCleaner and JRT on it again too. Probably no need for Sophos scan at this time.

Ron

 

Link to post
Share on other sites

It never booted windows after MBAM rebooted it after quarantining the two ByteFence entries.

I restored the disk again using the Macrium boot CD. Then I again cleaned out some junk but not as much as before. Then MBAM ran a scheduled scan, found and quarantined the two ByteFence entries, rebooted, and again the machine would not boot. I figured for sure I had a bad disk sector in there somewhere.

I restored the disk again using Macrium, then disabled MBAMs scheduled scan. I ran chkdsk c: and it found no errors. Then I ran the Western Digital diagnostic program sector scan on c: which took 8 hours. IT PASSED! I have searched c: using Total Commander for ByteFence files and found none. I don't know what MBAM was finding.

I have to go to a wedding 150 miles away in Pennsylvania, my grandniece is getting married, and it will be very late today or early tomorrow before I get back. When I get back I will search for bytefence entries using regedit and then run MB-check, FRST, AdwCleaner and JRT with a reboot after each one to try to localize when the boot failure happens.

This mess didn't begin on last Sunday when I started this thread, it started three weeks ago with a failure to boot windows. I'm trying to recall exactly what happened and I believe that every boot failure has happened immediately after running MBAM and finding ByteFence. What the heck is ByteFence anyway?

Paul

 

Link to post
Share on other sites

Hi Ron,

This mess really began on 4/12 when microsoft broke the VSS service with an update. That caused Macrium Reflect V6 Free to fail to make an image. The last image it made was on 4/9.

I switched to making images with EaseUsToDo.

Then, on 6/2, something (possibly MBAM) caused me to reboot and the first boot failure happened.

When I tried to restore from a restore point it reported failure with error code 0X80070091. I found out that microsoft had broken the restore process. See KB3213986 and error 0X80070091.

Then I tried to restore the system disk with EaseUs. Five attempts failed. EaseUs support tried to help but it just wouldn't work.

Then I read that Macrium had fixed their program. I called them in England. They said that V7 will work but it would not be released as a free version for awhile. I bought the workstation V7. 

Macrium V7 restored from the 4/9 image, but that restoration would not boot.

Then it restored from the 4/8 image and that restoration booted into a windows update and then to a normal boot. Then something caused that first restoration to reboot and fail.

So I restored a second time from the 4/8 image and began investigation why it had failed. I scanned with McAfee which my ISP provides for free and found nothing. Then I tried to start MBAM and found that it would not start. That's when I started this thread.

Then I did your scans and finally ran FRST with the fixit file. That caused it to reboot which failed. So the restorations mentioned in the prior post were the third and fourth from the 4/8 image. 

Could it be connected with MBAM finding ByteFence or with the broken VSS service, or the broken restore points? I'll continue looking after I get back from the wedding.

Paul

 

Link to post
Share on other sites

  • Root Admin

Developed by Byte Technologies, ByteFence is a legitimate anti-malware suite that is occasionally distributed as a 'bundle' with other software. It is, therefore, classed as a potentially unwanted program (PUP). The main difference between direct and bundled installations is that ByteFence installs as third party software and modifies Internet Explorer, Google Chrome, and Mozilla Firefox browser settings by assigning their homepage and default Internet search engine to yahoo.com.

What you can do is stop all scheduled scans with Malwarebytes. Then do a manual scan. Then let it find what it wants to find. Do not remove anything with Malwarebytes. Just save the report and send that to me and I'll check it out.

Thanks, and have fun at the wedding

Ron

 

Link to post
Share on other sites

The wedding was a disaster! On the way back home at about 10:15 pm on a two lane road in a village a drunk crossed the double center line while trying to pass a car and slammed head on into me. His left front hit my left front, the air bags popped, the left front wheel was displaced rearward and twisted left 90 degrees, and my car drifted off onto the left shoulder and stopped. He apparently ricocheted into the car he was passing and slammed it into a tree or something. There were severe injuries in the two other cars but my wife an I are OK. My beautiful old Caddy is totaled. Both of the other vehicles are also trash. Now I have to go find a usable car and that ain't easy since I'm 6'3" and 280 pounds. I don't fit into most vehicles.

I just ran a manual scan with MBAM. It found a bunch of bytefence stuff. I did not let it quarantine them but I attached the report. I haven't tried to reboot since the last restoration.

Paul

detections 20170701.txt

Link to post
Share on other sites

  • Root Admin

Oh my gosh, that is terrible Paul, but so glad to hear that you and your wife were not hurt.

As for the log, that is odd that the computer would not boot by removing these entries. Since you have some computer skills maybe you make a new system restore point and then you manually remove these items yourself and see if a reboot issue comes from it and let me know.

Late for me, and long day tomorrow so I'm off to bed.

Ron

 

Link to post
Share on other sites

Hi Ron,

Late for you? You must be on the west coast. It's funny but I'm not sleepy at all after today's mess.

As I explained above, on 6/2 something (possibly MBAM) caused me to reboot and the first boot failure happened. When I tried to restore from a restore point it reported failure with error code 0X80070091. Microsoft has apparently broken the restore process. Search on Google for KB3213986 and "error 0X80070091". I doubt that restore points are going to be of much use in the future. Woody Leonard thinks microsoft is trying to disown the restore points stuff.

I just took a look at those ByteFence and ByteFenceScan files in c:\Windows\System32\Tasks and \Tasks_Migrated. They contain html code which tries to run c:\Program Files\ByteFence\ByteFence.exe at the highest available level at startup and at a scheduled time. I don't have a ByteFence directory or file in either \Program Files\ or \Program Files (x86)\ or anywhere else on the disk.

Could this be what is causing the boot to hang up?

Paul

Edited by PaulL
Link to post
Share on other sites

Hi Ron,

If you want to see the sneaky html code either send me an address to send it to or the address of some cloud file holding servers.

I don't want to paste it here or just attach it -- it would teach people how to hide things.

Paul

Link to post
Share on other sites

  • Root Admin

Hi Paul,

You can zip it up and attach it to a Private Message. Pretty sure our Research team already has this code but no harm in giving to them.

Are you able to safely remove these entries without causing a booting issue? That's all Malwarebytes is doing and I don't see a reason for booting to be affected.

Ron

 

Link to post
Share on other sites

  • Root Admin

Well, that's not good. Any backup software based on Volume Shadow Copy Service (VSS) would probably fail to perform a successful restore too on Windows 10 with this affected update. So you're saying that Macrium Reflect V7 workstation will make a valid image and is able to restore it properly even with this VSS folder error?

I'm glad that all my installations of Windows 10 are for test machines and not my work machine. Personally after reading more and more about issues with Windows 10 it might be best to backup all user data, format the drive and install Windows 7. Then restore user data. Keep good ongoing data backups. Windows 10 continues to have so many annoyances that it comes with.

Can't start win10, EaseUs can't restore image. Potential boat anchor.

Is Microsoft sabotaging Windows 10?

Microsoft, stop sabotaging Windows 10

 

The German author and Engineer Günter Born has some good information on this subject.

Windows 10 Update KB3213986 kills system restore
Windows 10 Version 1607: System restore error 0x80070091 [Fix]
Windows 10 V 1607: Fix for system restore error 0x80070091
Windows 10: News about System restore error 0x80070091

System Restore error 0x80070091

 

 

 

 

Link to post
Share on other sites

Hi Ron,

I sent you a private message with the html files and an extraction of my registry hive attached. I do need some assistance figuring out which registry keys to delete. I have never played around with the registry much.

Macrium managed to get around the problem caused by a change to VSS in version 7. It has restored about 118 GB to my system drive a few times taking about 18 minutes for the job. Macrium tells me that V7 will be available in a free version with a few less whistles and bells within a few weeks.

EaseUSToDo will not restore my system disk. Their tech support could not figure out why. Windows backup will likewise not restore my system disk.

I see that you found my original post from June 6. Nobody helped much on that one. I think that the failure to boot comes from a deliberate wait state in a startup task which tries to start ByteFence.exe after the executable has been removed.

I think that Microsoft is shooting itself in the foot. I don't know why VSS suddenly failed to make backups with Macrium V6. The restore point failure probably has something to do with not having access to the hidden Windows Apps folder and an OfficeHub (whatever that is!!??) folder under it. It seems that they don't bother to test things adequately after the marketing department figures out some new whoopity-do gizno that they want to push.

I don't really agree with you about reverting to Windows 7. I don't think that's going to be very secure in the future. I'm thinking about switching to Linux myself. It seems to be working pretty well for the NYSE.

The big banks are still running COBOL on blue mainframes of course. I keep remembering that I started up a new VS/VM 3.1 OS on a Pan Am / IBM 3090-200 in March of 1982 and it had logged exactly 17 seconds of down time when we shut it down after the bankruptcy in 1991. That machine did all of our international weather and world wide flight plans, including the nasty weight and balance calculations for every flight. You try putting 400 people, 150,000 pounds of freight, and 240,000 pounds of fuel into an aircraft parked on a ramp in Bangkok while you're doing all the calculations in New Jersey.

Paul

Link to post
Share on other sites

  • Root Admin

If your backups are 100% solid it does not matter what OS you're running. You can always recover. The issue with the Windows 10 is that it has a permissions issue, but if you're using a bit level backup routine that does not know of pay attention to the file system on it then the restore will work fine every time.

As for Linux, having a history with it you might be okay with it, but if you fear security of Windows 7 then you might not be as secure as you think on Linux. It too is under attack often and if you leave it be and don't take care of it and don't have your data backed up well, you might wake up some day in trouble. I was certified in Linux about 20 years ago but at that time Windows was paying so much better so I never continued with Linux once I started working to support Windows. In retrospect I wish I'd kept up on Linux too.

Mainframes are a completely different animal for dedicated purposes and they do very well. Almost 20 years ago we went to move ours and our biggest fear was that the mechanical drives might seize up while it was off and not start back up. Took a day to move the servers, but they came right back up when we power them up. They had been on for I believe it was 7 years at the time. I left there 12 years ago and they were still running and as far as I know from talking with old friends they're still running.

Back to your issue. I've replied to your PM. Regardless of what you have, or run for an OS you need good solid backups you can depend on. I keep my data backed up separately from my OS so that I never have to worry about that potential mess. If push comes to shove I can always reinstall the OS and copy my data back from backup.

Backup Software

A How-to Guide on Preparation of Bootable Media and Images

Best Free Drive Backup programs for Windows


Keep me posted on your status

Ron

 

Edited by AdvancedSetup
Link to post
Share on other sites

You're right, you can always recover the OS. I've been backing stuff up religiously for years using weekly Macrium Free for images and robocopy batch files to do daily file copies. I try to keep all my data on a separate internal drive with J: and K: partitions. The only exception is Outlook 2013. I never did figure out how to tell it to find the .pst file on drive J:, so it uses the one at C:\Outlook\.

But, thanks to microsoft, the images and file copies are not enough. I've got a bunch of ancient compilers on here, Visual Studio which includes C, C++, VB, FoxProWin, and, get this, COBOL! I no longer have the installation media or the activation codes for these things so if I can't restore this image somehow I'll lose the compilers. I also have Office 2013 but that can be replaced easily enough.

This is a case where a belt and suspenders are not good enough. I really can't switch to Linux. I'm a retired engineer and I write and donate programs for charities, mostly special database applications. I really need those compilers.

Paul

Link to post
Share on other sites

  • 1 month later...

Hi Ron,

I never have been able to get Macrium to restore the image from April and then reboot repeatedly. The problem seems to be that windows update had downloaded a big update to the hdd just before I created the image. When I restore the image the machine immediately begins an update routine for an hour or so. I believe that it is that update which breaks the boot process.

I do not have earlier images from Macrium because I had been using other backup software, specifically the WD/Acronis freebie. I switched to Macrium when prior windows updates broke the WD/Acronis image backup software.

Last week my laptop ran a windows update and was unable to reboot after the update. I was able to restore it using a Macrium image. Then my cable isp connected me to a recently established microsoft tech support group in India. They took remote control of the laptop, downloaded an ISO of windows 10, and used it to rebuild windows on the laptop without destroying any of my programs or data. I believe this is a new ability. Windows could previously not rebuild itself without destroying programs and data. It seems to have worked perfectly on the laptop.

I am going to use their help in rebuilding windows on the desktop machine next. I'll let you know how it goes.

Paul

Link to post
Share on other sites

  • Root Admin

Hi Paul,

 

I'm certainly leery of any technical support group claiming to be from Microsoft or associated with Microsoft as they don't promote themselves or offer that type of direct support.

Glad to hear you were able to get at least one of your system rebuilt. Yes, one could always do an over the top "repair install" and it would not lose things, but it would keep all the old bad settings from the registry, etc. So, if you had something that was causing you issues, those issues would typically still be there.

In any case, glad things are better on at least one system. Check, and double-check things are good with it and multiple reboots without an issue. Then look at imaging at that level so you can always return back to at least that point in time. BUT, I would highly recommend you run some scans on that system with me to make sure it's not running something it should not be running from this "support group from India"

Let me know how it goes on the next one.

Ron

 

Link to post
Share on other sites

Hi Ron,

It's really microsoft. Cablevision, my isp, provides cable TV, internet service and VOIP telephone service to about 25 million subscribers in the NYC metro area. They would not hook me up with scammers.

Today microsoft did a remote again and built a bootable Win 10 installation DVD on my now almost functioning laptop. They will call me back tomorrow to take remote control of the desktop and rebuild windows on it using the ISO on the DVD. It sounds like they have been screwing up updates so much that they had to do something to fix things.

When we're done we can run whatever scans you would like.

The laptop is still misbehaving. It did four updates yesterday after rebuilding windows and rebooted after each update. When it reboots it stalls at the Gateway splash screen before loading windows. The first time it did it the microsoft tech told me to kill the power, wait a few seconds, turn it on, then continuously tap the F8 key repeatedly. The splash screen came up and after about 20 taps of the F8 key the microsoft water wheel thingy appeared and it booted. Apparently there is something hinky in the BIOS startup in the laptop. It is a Gateway NV76R.

I'll get back to you when this is done after tomorrow.

Paul

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.