wyvern1 Posted October 14, 2017 ID:1172560 Share Posted October 14, 2017 Hello, The other day after I'd finished running a scan and closed Malwarebytes, I got a popup saying something along the lines of "Windows detected that this program did not run properly. To try and fix this problem, Windows has applied compatibility settings for this program. Windows will use these settings the next time you run this program." I did some research and I guess mbam is not supposed to be run in compatibility mode? I manually checked the mbam.exe program in the Malwarebytes folder and found the box for compatibility mode unticked, I even checked the registry and no keys for mbam were made in the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\AppCompatFlags\Layers directory. However, I noticed the program is still running differently. I no longer get a dialog box asking me if I want Malwarebytes to make changes to my computer which it used to do whenever it was started. I should also add this was after my Premium Trial expired and I reverted back to the free version. Is this "normal"? And are there any other places I should check? Thanks Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 14, 2017 Root Admin ID:1172580 Share Posted October 14, 2017 Hello @wyvern1 and Our program should not be run in any type of compatibility mode. Unfortunately Windows is a very complex beast under the covers and things happen that can cause inaccurate data that Windows monitors to try to help fix issues automatically. In theory the idea is good and can help in some cases with old or poorly written programs, but often it's simply wrong and then puts in a compatibility setting that is not needed for all types of software. I would recommend you probably start by doing a clean removal and reinstall of Malwarebytes and see if that corrects the issue. Make sure you remove the compatibility settings in the registry for our program. Please follow this advice and run MB-Clean and reinstall and let me know. Thanks Ron Link to post Share on other sites More sharing options...
wyvern1 Posted October 14, 2017 Author ID:1172683 Share Posted October 14, 2017 Hello Ron and Thanks! Will this effect quarantined objects? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 15, 2017 Root Admin ID:1172960 Share Posted October 15, 2017 It will remove all quarantined objects. There will be nothing left of the previous installation. It removes all logs, files, quarantine, etc. Link to post Share on other sites More sharing options...
wyvern1 Posted October 17, 2017 Author ID:1173550 Share Posted October 17, 2017 Alright thank you. I ran the tool and an additional scan and so far no strange popups. I even checked the registry again and no specific entries for Malwarebytes were found in the aforementioned directory. Although I noticed I'm no longer getting the "do you want this program to make changes to your computer" message I used to get prior to this, so I'm not sure if this indicates something has changed or if it's normal. Should also add I'm on Windows 7 SP1 x64. A log file was produced and has been attached. Is there anything out of the ordinary? mb-clean-results.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 18, 2017 Root Admin ID:1173729 Share Posted October 18, 2017 Let me get a set of FRST logs please. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Thank you Ron Link to post Share on other sites More sharing options...
wyvern1 Posted October 21, 2017 Author ID:1174785 Share Posted October 21, 2017 My apologies for the delay in response. I tried to run the tool but Norton kept detecting and removing it. Is there any other tool I could run or should I try to add an exception? This is not the first time Norton has done this. Link to post Share on other sites More sharing options...
Porthos Posted October 21, 2017 ID:1174789 Share Posted October 21, 2017 21 minutes ago, wyvern1 said: Is there any other tool I could run or should I try to add an exception? This is not the first time Norton has done this. Disable Norton for the time it takes for FRST it is safe. Link to post Share on other sites More sharing options...
wyvern1 Posted October 27, 2017 Author ID:1176673 Share Posted October 27, 2017 (edited) Alright I'm back, and I finally got it to work. Here are the attached logs. Is there anything I should be worried about? Apologies once again for the delay. FRST.txt Addition.txt Edited October 27, 2017 by wyvern1 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 27, 2017 Root Admin ID:1176675 Share Posted October 27, 2017 Let me have you run the following please. Please run the following steps and post back the logs as an attachment when ready.STEP 01 If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. If you don't have Malwarebytes 3 installed yet please download it from here and install it. Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know on your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan. When finished, please click Clean. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Copy its content into your next reply. RESTART THE COMPUTER before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here. Please attach the Additions.txt log to your reply as well. Thanks Ron Link to post Share on other sites More sharing options...
wyvern1 Posted November 2, 2017 Author ID:1178458 Share Posted November 2, 2017 Alright, I've followed the steps without issue. Hope everything looks good. Here are the logs: # AdwCleaner 7.0.4.0 - Logfile created on Thu Nov 02 11:45:42 2017 # Updated on 2017/27/10 by Malwarebytes # Database: 11-02-2017.1 # Running on Windows 7 Home Premium (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* C:/AdwCleaner/AdwCleaner[C0].txt - [13471 B] - [2017/8/22 21:5:57] C:/AdwCleaner/AdwCleaner[C1].txt - [3635 B] - [2017/8/24 3:43:58] C:/AdwCleaner/AdwCleaner[S0].txt - [15081 B] - [2017/8/22 20:38:5] C:/AdwCleaner/AdwCleaner[S1].txt - [3775 B] - [2017/8/24 2:53:39] C:/AdwCleaner/AdwCleaner[S2].txt - [1222 B] - [2017/9/26 12:50:16] ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt ########## mbam summary 2.txt FRST.txt Addition.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 2, 2017 Root Admin ID:1178609 Share Posted November 2, 2017 The logs show you did not ask Malwarebytes to remove this entry. PUP.Optional.ASK, C:\USERS\RICHARD\DOWNLOADS\MANYCAM.EXE, No Action By User, [527], [383618],1.0.3157 If you wish to keep that and not have it show in further scan logs you can add it to the exclusions list. The logs show you're using a proxy server entry for Firefox. Nothing wrong with it as long as you're aware of it and malware did not add it. FF Homepage: Mozilla\Firefox\Profiles\jjj4u52q.default -> hxxp://www.genomeweb.com/ FF NetworkProxy: Mozilla\Firefox\Profiles\jjj4u52q.default -> backup.ftp", "122.88.210.120" FF NetworkProxy: Mozilla\Firefox\Profiles\jjj4u52q.default -> backup.ftp_port", 9415 FF NetworkProxy: Mozilla\Firefox\Profiles\jjj4u52q.default -> backup.gopher", "122.88.210.120" FF NetworkProxy: Mozilla\Firefox\Profiles\jjj4u52q.default -> backup.gopher_port", 9415 FF NetworkProxy: Mozilla\Firefox\Profiles\jjj4u52q.default -> backup.socks", "122.88.210.120" FF NetworkProxy: Mozilla\Firefox\Profiles\jjj4u52q.default -> backup.socks_port", 9415 FF NetworkProxy: Mozilla\Firefox\Profiles\jjj4u52q.default -> backup.ssl", "122.88.210.120" FF NetworkProxy: Mozilla\Firefox\Profiles\jjj4u52q.default -> backup.ssl_port", 9415 FF NetworkProxy: Mozilla\Firefox\Profiles\jjj4u52q.default -> ftp", "54.183.92.156" FF NetworkProxy: Mozilla\Firefox\Profiles\jjj4u52q.default -> ftp_port", 8083 FF NetworkProxy: Mozilla\Firefox\Profiles\jjj4u52q.default -> share_proxy_settings", true FF NetworkProxy: Mozilla\Firefox\Profiles\jjj4u52q.default -> socks", "54.183.92.156" FF NetworkProxy: Mozilla\Firefox\Profiles\jjj4u52q.default -> socks_port", 8083 FF NetworkProxy: Mozilla\Firefox\Profiles\jjj4u52q.default -> ssl", "54.183.92.156" FF NetworkProxy: Mozilla\Firefox\Profiles\jjj4u52q.default -> ssl_port", 8083 Aside from that just some minor stuff in the logs. How is the computer running now? Are there still any signs of an infection? Link to post Share on other sites More sharing options...
wyvern1 Posted November 4, 2017 Author ID:1178972 Share Posted November 4, 2017 (edited) Ok I will add that to my exclusions, it's a genuine program so I don't know why it's suddenly being detected. Huh that's strange, I'm not currently using a proxy server but I have used proxies in the past. Could those just be older, archived entries? On 11/2/2017 at 6:17 PM, AdvancedSetup said: Aside from that just some minor stuff in the logs. How is the computer running now? Are there still any signs of an infection? The computer seems to be running good, I haven't noticed any strange activity. Other than malwarebytes no longer asking me if I want to make changes to this computer when it starts which is probably normal. What other stuff was found? Edited November 4, 2017 by wyvern1 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 6, 2017 Root Admin ID:1179287 Share Posted November 6, 2017 No, those are live setting in Firefox it seems. Just go in and make sure they're off or removed. I'm going on vacation so if you need further help, please open a new topic and someone will assist you further. Cheers Ron Link to post Share on other sites More sharing options...
Recommended Posts