Jump to content
JoesCat

On Windows XP, an Explorer window to the MBEP folder opens upon logon

Recommended Posts

I've installed 2 MalwareBytes Endpoint Protection on Windows XP Pro endpoints.  On each, now everytime someone logs on, a File Explorer window opens to the Program Files folder for MalwareBytes. That's going to confuse the population of users (and entice experimentation). 

I've yet to figure out what's causing it!  It's not in the Startup folder in the Start menu, nor did a registry search give me an obvious clue why it's happening. I found the entry to start the task tray icon, and that's working.

Please help, I'd like to get rid of this annoyance.

Share this post


Link to post
Share on other sites

Hi @JoesCat, run this tool on one of the machines -

Frst Log
Please follow the steps below to run frst.

1.) Download frst and frst64 from the link below and save it to your desktop:

FRST 32-bit version: https://downloads.malwarebytes.com/file/FRST
FRST 64-bit version: https://downloads.malwarebytes.com/file/FRST64

Note: You need to download the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your computer; that will be the right version. Some traditional Anti-Viruses may false positive the download or running frst, I can assure you it is safe. If this happens, please temporarily disable the AV.

2.) Double-click the purple frst or frst64 icon to run the program. Click Yes when the disclaimer appears.
3.) Click the Scan button
4.) When the scan has finished, it will make 2 log files in the same directory the tool is located, frst.txt and Addition.txt.

Please attach frst.txt and Addition.txt in your reply.

 

Share this post


Link to post
Share on other sites
38 minutes ago, JoesCat said:

And only WinXP endpoints.  Win7 does not exhibit this behaviour.

Correct.

 

For awhile I also couldn't get the tray icon to appear on Windows XP but after doing an unrelated repair/install on the Windows XP machine it appeared.

Share this post


Link to post
Share on other sites

Hi @JoesCat, each of your user accounts has a double start entry. There is a concerning GUID which is indicative of infection behavior. These are your two entries, the normal one is on top the concerning own is below, all user accounts that I could see have this...

HKU\S-1-5-21-128000122-1685152614-964376902-1267\...\Run: [Endpoint Agent Tray] => C:\Program Files\Malwarebytes Endpoint Agent\UserAgent\Endpoint Agent Tray.exe [546248 2017-11-28] (Malwarebytes)
HKU\S-1-5-21-128000122-1685152614-964376902-1267-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11282017005408544\...\Run: [Endpoint Agent Tray] => C:\Program Files\Malwarebytes Endpoint Agent\UserAgent\Endpoint Agent Tray.exe [546248 2017-11-28] (Malwarebytes)

 

Download your Malwarebytes Breach Remediation tool from your Cloud portal in Endpoints \ Add \ Malwarebytes Breach Remediation. You'll need your key that is part of your subscription in order to activate, update and scan with this tool, it can be found on your MyAccount portal, let me know if you need that.

Place the MBBR.exe somewhere, the desktop is convenient.

Open and admin elevated CMD prompt and CD to MBBR.exe's location.

Use the following commands:

mbbr register -key:[paste your key here]
mbbr update
mbbr scan -full -ark -remove -noreboot

Upload you scan log results, it'll be in the same directory that MBBR runs from.

Share this post


Link to post
Share on other sites

Thanks Dyllon!

I'm finally getting back around to this . . .

I have not located my license key. In the portal, under my name (upper right corner), there is a "My Account" selection.  None of the "tabs" on the left, including License Information, show the key. There is only a listing showing the license for Malwarebytes Endpoint Protection, Subscription, and the expiration date (late this year).

Update, I just looked and found our "Product Key" in my original purchasing email, in the form of XXXXX-XXXXX-XXXXX-XXXXX-XXXXX . That must be it.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.