Web Protection Not starting

[lyleg]

Hello,

As many others on this forum, my web protection is not starting. I attempt to turn it on and it goes back to off. 

Please note - I have downloaded your mb-clean and removed all components from previous install and rebooted.  I have reinstalled it more than once afterward and has not solved the problem. I have no other anti-virus programs running.

Please advise.

Log is as follows:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/25/17
Scan Time: 5:59 PM
Log File: 63c087fa-d24d-11e7-a59c-c45444909e91.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3346
License: Trial

-System Information-
OS: Windows 10 (Build 14393.1884)
CPU: x64
File System: NTFS
User: DESKTOP-B4I4K84\Stuar

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 352019
Threats Detected: 10
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 4 min, 0 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 1
PUP.Optional.Spigot, HKU\S-1-5-21-2038427194-1495602597-3476069763-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, No Action By User, [647], [293199],1.0.3346

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 9
PUP.Optional.Iminent, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [3115], [455248],1.0.3346
PUP.Optional.Astromenda, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [1940], [455058],1.0.3346
PUP.Optional.Iminent, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [3115], [455248],1.0.3346
PUP.Optional.Astromenda, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [1940], [455058],1.0.3346
PUP.Optional.Babylon, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [1773], [455059],1.0.3346
PUP.Optional.Iminent, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [3115], [455248],1.0.3346
PUP.Optional.Funmoods, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, [800], [455240],1.0.3346
PUP.Optional.ASK, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [526], [454827],1.0.3346
PUP.Optional.Astromenda, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [1940], [455058],1.0.3346

Physical Sector: 0
(No malicious items detected)

(end)

 

[Porthos]

30 minutes ago, lyleg said:

Please advise.

Quote

PUP.Optional.Iminent, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [3115], [455248],1.0.3346

Re-run MB this time with rootkit scanning enabled and be sure to quarantine everything it finds. 

After that.

Let's try and get some logs first so the team can review them and see if they can tell what may be causing your issues....

1. FIRST: Create and obtain Farbar Recovery Scan Tool (FRST) logs
2. Download FRST and save it to your desktop
   NOTE: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
3. Double-click to run FRST and when the tool opens click "Yes" to the disclaimer
4. Press the "Scan" button
5. This will product two files in the same location (directory) as FRST: FRST.txt and Addition.txt
   NOTE: These two files will be collected by the MB-Check Tool and added to the zip file for you
6. NEXT: Create and obtain an mb-check log
7. Download MB-Check and save to your desktop
8. Double-click to run MB-Check and within a few second the command window will open, then click "OK"
9. This will produce one log file on your desktop: mb-check-results.zip
10. Attach this file to your forum post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area

Edited November 26, 2017 by Porthos

[lyleg]

mb-check-results.zip

[Porthos]

@lyleg

Quote

C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe    REG_SZ        ~ RUNASADMIN

Go to the folder C:\Program Files\Malwarebytes\Anti-Malware\
Find the file mbam.exe and right click on it and choose Properties
In the window that pops up click on Compatibility Tab
Remove any changes there that don't match my picture below and click OK

I would also consider testing your hard drive.

Quote

Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Also please post the scan log from that last scan. 

[lyleg]

No differences. 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/25/17
Scan Time: 5:59 PM
Log File: 63c087fa-d24d-11e7-a59c-c45444909e91.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3346
License: Trial

-System Information-
OS: Windows 10 (Build 14393.1884)
CPU: x64
File System: NTFS
User: DESKTOP-B4I4K84\Stuar

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 352019
Threats Detected: 10
Threats Quarantined: 10
Time Elapsed: 4 min, 0 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 1
PUP.Optional.Spigot, HKU\S-1-5-21-2038427194-1495602597-3476069763-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [647], [293199],1.0.3346

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 9
PUP.Optional.Iminent, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [3115], [455248],1.0.3346
PUP.Optional.Astromenda, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [1940], [455058],1.0.3346
PUP.Optional.Iminent, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [3115], [455248],1.0.3346
PUP.Optional.Astromenda, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [1940], [455058],1.0.3346
PUP.Optional.Babylon, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [1773], [455059],1.0.3346
PUP.Optional.Iminent, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [3115], [455248],1.0.3346
PUP.Optional.Funmoods, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [800], [455240],1.0.3346
PUP.Optional.ASK, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [526], [454827],1.0.3346
PUP.Optional.Astromenda, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [1940], [455058],1.0.3346

Physical Sector: 0
(No malicious items detected)

(end)

[Porthos]

1 minute ago, lyleg said:

No differences

Quote

Rootkits: Disabled

Did you enable this?

[Porthos]

To fix this

Quote

PUP.Optional.Iminent, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [3115], [455248],1.0.3346
PUP.Optional.Astromenda, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [1940], [455058],1.0.3346
PUP.Optional.Iminent, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [3115], [455248],1.0.3346
PUP.Optional.Astromenda, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [1940], [455058],1.0.3346
PUP.Optional.Babylon, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [1773], [455059],1.0.3346
PUP.Optional.Iminent, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [3115], [455248],1.0.3346
PUP.Optional.Funmoods, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [800], [455240],1.0.3346
PUP.Optional.ASK, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [526], [454827],1.0.3346
PUP.Optional.Astromenda, C:\USERS\STUAR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [1940], [455058],1.0.3346

Physical Sector: 0

 

Follow the instructions in the thread below, it should help solve your issue.

https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

 

[lyleg]

I turned on rootkit and ran scan. Nothing detected. Followed 1st part of instructions of link.  

Upon reboot, I am not able to start Malwarebytes.  States "unable to connect to service" 

 

 

[Porthos]

 

Download the latest MB 3 installer from : https://downloads.malwarebytes.org/file/mb3
2. Run the installer on top of your existing product. (Note you don't have to uninstall anything, just run the installer again)

39 minutes ago, lyleg said:

"unable to connect to service" 

 

[lyleg]

Clean install.  Working again. Still no ability to turn on Web protection. No rootkits found. Tried link suggestions. No help. 

 

 

 

[Porthos]

3 minutes ago, lyleg said:

Tried link suggestions. No help. 

Get a new set of FRSTand mb check logs, please.

[lyleg]

mb-check-results.zip

[Porthos]

9 hours ago, lyleg said:

mb-check-results.zip

I am going to let staff look over these. @dcollins@nikhils @vbarytskyy

[dcollins]

@lyleg the log shows that you had some errors with Web Protection, but that everything was running at the time you ran mb-check. I think this is related to a known issue we have where the database update can cause issues with Web Protection not loading properly. The best solution at this time is to simply shutdown Malwarebytes and restart it. We should have this fixed in our next release.