Jump to content

Recommended Posts

Hello,

I run Malwarebytes 3.2.2 Premium on a few XP computers. 3.1 worked fine, but there have been a few glitches with 3.2 (the first, which caused browsers to immediately crash, has apparently been corrected.)

The current bug is intermittent, but seems to affect programs in the Protected Applications list. If the glitch occurs, those programs won't open (but they will appear in Task Manager, using ~3,000 KB of memory). Exiting Malwarebytes, manually killing MBAMService.exe and then restarting Malwarebytes corrects the problem, at least until it randomly reappears. This glitch has effected two separate Windows XP (service pack 3) computers.

One more thing... I tried to go into the Protected Applications list on one of the systems and turn the slider to "Off." Malwarebytes locked up entirely at that point and I had to exit the program.

Thanks for any insight!

Share this post


Link to post
Share on other sites

Which logs? Report Scans? Here's my last one:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/10/17
Scan Time: 12:37 PM
Log File: 2012f8db-adea-11e7-9e41-406186eb6025.json
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2988
License: Premium

-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393896
Threats Detected: 3
Threats Quarantined: 2
Time Elapsed: 58 min, 36 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 3
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, Replaced, [15720], [293294],1.0.2988
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, Replaced, [15720], [293295],1.0.2988
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, No Action By User, [15720], [293296],1.0.2988

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

Share this post


Link to post
Share on other sites
34 minutes ago, TechnoGuy said:

Which logs?

·  Create and obtain Farbar Recovery Scan Tool (FRST) logs

  1. Download FRST and save it to your desktop
    Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
  2. Double-click to run FRST and when the tool opens click "Yes" to the disclaimer
  3. Press the "Scan" button
  4. This will produce two files in the same location (directory) as FRST: FRST.txt and Addition.txt
    • Leave the log files in the current location, they will be automatically collected by mb-check once you complete the next set of instructions

·  Create and obtain an mb-check log

  1. Download MB-Check and save to your desktop
  2. Double-click to run MB-Check and within a few second the command window will open, press "Enter" to accept the EULA then click "OK" 
  3. This will produce one log file on your desktop: mb-check-results.zip
    • This file will include the FRST logs generated from the previous set of instructions
    • Attach this file to your forum post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area

 

Share this post


Link to post
Share on other sites

Trouble is that MBAMService.exe doesn't always stay killed - sometimes not even for a minute.

Share this post


Link to post
Share on other sites
5 minutes ago, alisp said:

MBAMService.exe

Is a required service, especially in the Premium paid version.....

If you disable Self Protection, does the issue still happen?

Share this post


Link to post
Share on other sites

I thought it did.  I've cleared the whole thing off the computer at the moment, along with the antivirus.

Share this post


Link to post
Share on other sites

 

2 hours ago, alisp said:

Trouble is that MBAMService.exe doesn't always stay killed - sometimes not even for a minute.

It doesn't matter. You have to right-click on Malwarebytes first and Quit the program, THEN kill MBAMService.exe. It stays off if Malwarebytes is closed.

Share this post


Link to post
Share on other sites

Oh, thanks.  (I do wish the admins would enable the "thanks" feature on here - it would save a lot of not-too-necessary posts clogging up the place)

Edited by alisp

Share this post


Link to post
Share on other sites
40 minutes ago, TechnoGuy said:

 

It doesn't matter. You have to right-click on Malwarebytes first and Quit the program, THEN kill MBAMService.exe. It stays off if Malwarebytes is closed.

Just FYI, if you quit Malwarebytes via the right-click tray icon function, it should terminate MBAMService.exe on its own, it just takes a little while while it unloads all of its memory and modules.  If you just quit and then force-kill MBAMService.exe via Task Manager etc., you run the risk of ending up with corrupted data files which were being written to at the time the service was exiting as well as potentially leaving other components in memory such as the DLLs and drivers it controls for our various protection components and other background functions.

Because of this, if it is at all possible, I'd highly recommend just waiting for MBAMService.exe to terminate on its own after quitting Malwarebytes, otherwise the system's and product's behavior could end up being quite unstable, especially during the current Windows session since those other components I mentioned may remain loaded/active because the service was terminated too soon.

Share this post


Link to post
Share on other sites
4 hours ago, exile360 said:

Just FYI, if you quit Malwarebytes via the right-click tray icon function, it should terminate MBAMService.exe on its own, it just takes a little while while it unloads all of its memory and modules.  If you just quit and then force-kill MBAMService.exe via Task Manager etc., you run the risk of ending up with corrupted data files which were being written to at the time the service was exiting as well as potentially leaving other components in memory such as the DLLs and drivers it controls for our various protection components and other background functions.

Because of this, if it is at all possible, I'd highly recommend just waiting for MBAMService.exe to terminate on its own after quitting Malwarebytes, otherwise the system's and product's behavior could end up being quite unstable, especially during the current Windows session since those other components I mentioned may remain loaded/active because the service was terminated too soon.

That's good to know, but when this glitch occurs, MBAMService.exe never terminates on its own. (I gave it a few minutes, anyway... normally it will self terminiate in under 15 seconds.) It seems to be as locked up as the other executables.

There's a third XP system that's now being affected, too. I expect I'm going to have to roll them all back to 3.1 until this problem is resolved.

Oh yeah, I also tried turning off the self-protection module while everything wasn't working. It didn't make a difference. Unless it needs to be off before it happens? I will leave it off for now and test.

Edited by TechnoGuy

Share this post


Link to post
Share on other sites

Yes, please try leaving it disabled to test if you don't mind.  In fact, if you could further isolate it by disabling self-protection and then rebooting the system, then checking to see if it resolves the problem that could prove helpful as well as it would eliminate the self-protection driver from the equation.

Share this post


Link to post
Share on other sites
2 hours ago, exile360 said:

Yes, please try leaving it disabled to test if you don't mind.  In fact, if you could further isolate it by disabling self-protection and then rebooting the system, then checking to see if it resolves the problem that could prove helpful as well as it would eliminate the self-protection driver from the equation.

Will do. A little further information before I reboot tonight:

- This is only affected applications listed in Protected Applications. Other programs continue to open normally.

- I tried letting MBAMService.exe terminate on its own while the problem was occurring, but 10 minutes later, it was still running. (Its used RAM dropped slightly, though).
 

Share this post


Link to post
Share on other sites

I have another thing for you to try which I believe will also work to allow your programs to run.  Try disabling Exploit Protection prior to running any of the programs having issues (those listed in the shielded applications list).  I do believe this is a bug in our anti-exploit component which our Developers have been working on, but I just want to make certain I'm correct so please let me know how the other attempts went with self-protection disabled then you may re-enable it and try running with exploit protection disabled to see if that changes things.

Share this post


Link to post
Share on other sites

I'll try that next if this fails. So far, it's been running well on my computer since I disabled the self protection. I disabled it on the other two computers on my license, too, to see if they have the same result.

EDIT: Or, you want me to re-enable self protection and disable exploit protection instead? I can give that a go. Probably tomorrow... I need to do some work tonight and I'd rather not deal with glitches if possible.

Edited by TechnoGuy

Share this post


Link to post
Share on other sites

Yes, just to test to see if that resolves it for the purpose of helping us to further isolate it.

I'm glad disabling self-protection seems to have done the trick.  If it holds, that would be the safest workaround until we get this resolved in a future release that way you aren't sacrificing any of Malwarebytes' detection capabilities or other malware blocking components.

Share this post


Link to post
Share on other sites

Okay, I finally got to testing this. Will let you know how it goes. I'm a little loath to turn off exploit protection... it's one of the main reasons I bought the premium version.

Edited by TechnoGuy

Share this post


Link to post
Share on other sites

No worries, I don't want you to leave it disabled permanently, this is just for testing purposes to learn more about the issue.  Once you report your findings you may re-enable it and disable self-protection once more.

Share this post


Link to post
Share on other sites

One of the other computers I'm testing that had self protection turned off (but Exploit Protection on) glitched out today. The trick from earlier still worked, but apparently self protection wasn't the culprit... or maybe not the only culprit.

Share this post


Link to post
Share on other sites

Okay, so had exploit protection turned off all week, no problems. The computers with self protection off but exploit protection on DID crash. So it appears the problem is definitely in the exploit protection part.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.