Jump to content
RubbeR DuckY

IMPORTANT: Web Blocking / RAM Usage

Recommended Posts

2 hours ago, pbust said:

Good catch, I fixed it already.

Are you seeing the script delete the *.ref file successfully or is it failing in that step?

It does remove the *.ref file(s) but doesn't solve the problem. We are able now to run the command line client install “MBAM-Rules-2018-1-28.exe” via PSExec. That appears to be fixing things pretty well.

Share this post


Link to post

Glad to hear about the offline updater fixing it.

As for deleting *.ref(s), the machine will need a reboot to recover after that. Simply deleting it won't solve the problem in most cases.

Share this post


Link to post

I lost Saturday and Sunday of work due to this.  I thought that my 7.5-year-old desktop was toast.  I worked on my laptop all weekend most uncomfortably and inefficiently.  I spent a lot of time researching what I should next buy.   

First sign of oddity was a pop-up that MWB not running and it wouldn't respond to me clicking "run" and it was downhill from there.  windows key didn't work, ctrl-alt-delete didn't work, hard shutdowns and reboot didn't work.    Turned the computer on Sunday night and miraculously it works.  SO DO I NEED A NEW DESKTOP COMPUTER OR NOT?  It is 7.5 years old for goodness sake.  It has W7P, 16 GB RAM, and 1TB hard drive that's almost half full.     Today my "dead" desktop computer is working JUST FINE.    I think I will uninstall MWB, though.  I can't take another chance.  Or do I just remember to remove MWB at the first sign of another problem?   THIS WAS A HORRIBLE WEEKEND FOR ME BECAUSE OF MWB!!!!!

Share this post


Link to post
4 hours ago, SSA said:

I can tell you as an IT professional in a mom and pop shop who has sold upwards of 1,200 MBAM licenses we're barely able to tread water this morning. This is going to take us days to straighten out and is costing us a *fortune* in unbillable time and resources to rectify.

We're sticking with MBAM - great product and they truly took ownership of their mistake, but it's going to take quite a while for us to recover from their mistake.

A big concern is those residential users who got spooked and are dumping MBAM en masse and going to Norton or McAfee - they are the real ones who will pay in the long run with substandard AV protection.

In spite of the disaster, was this an advertisement for MBAM? ;)

Well, my suggestion would be G DATA. Comes from Germany and runs better than Norton and McAfee.

Share this post


Link to post
33 minutes ago, pbust said:

Glad to hear about the offline updater fixing it.

As for deleting *.ref(s), the machine will need a reboot to recover after that. Simply deleting it won't solve the problem in most cases.

What we found was running the script that removes the *.ref file(s) and rebooting, did not solve the problem. The offline updater is the only way to go from our experience. 

Share this post


Link to post

This is a nightmare. So far, I've lost hundreds of dollars in billable time. A Windows 7 computer lost activation as a result, which became an additional problem to fix. Another client we had to uninstall MalwareBytes just to get the computer to boot without freezing. Then we downloaded and reinstalled MalwareBytes and the customer lost their lifetime license. Its gone. So I paid for a new annual license for that customer. I'm losing time, I'm losing money and I'm spending money to regain customer confidence in the services I offer.

This is a bigger mess then MalwareBytes seems to recognize and MalwareBytes is expecting all of us who recommended their products to work for them for free fixing it.

Yes, the product is good. But the reaction from MalwareBytes is severely lacking. Why are we working for you for free? And how do we recover our reputations from our customers who trusted our recommendations? And how do we explain to other unrelated customers why we are taking so long to help them because we are dealing with an unrelated issue on a massive scale with previous customers that we were not expecting?

I'm trying to mitigate the damage to my business, trying to salvage my reputation and trying to give people reasons why they shouldn't take their business somewhere else.

Here is a quote from an audience member of one of my presentations "You recommended a product to us in your presentation. I've purchased it based on your recommendation. Now my computer doesn't work and you want to charge me to fix it? What kind of scam is this?"

So, what choice do I have but  to fix it for free, and have my paying customers with appointments wait?

And what about my business clients who were working Saturday who lost all the work they were doing when their computers froze unexpectedly and had to reset the machine?

And what about my other business clients who came to work Monday morning to discover all the computers were frozen and no employees could work until I fixed each machine. This had to be done on-site, since remote access is not possible on a frozen machine. Even after reboots, the computers were sluggish at first and then froze again.

Thank you, Marcin.

Edited by Carey934

Share this post


Link to post

Geez, I lost the entire weekend due to this.  A horrendous weekend of hardly any work getting done and researching a new computer.  I am so disgusted.

Share this post


Link to post

I am one individual with a 7.5-year-old W7 Pro desktop computer, 16 MB of RAM, 1 TB hard drive which is half full.   Saturday and Sunday were devoted to work.  i canceled fun plans due to all the work I had to do catching up.   Saturday late morning I started.  Noticed right away a warning that MWB not running but it did not respond to my click to turn it on.  Before long the freezing, slowness, computer not responding to CTRL-ALT-DEL, start button not responding.   Did two hard shutdowns and both times computer seemed okay on reboot but not for long.    

I got "no memory" windows when trying to open a Word file.   Computer was useless.    I noticed that the clock was an hour or so off.  Was somehow able to shut it down normally and worked on my laptop Sat and Sunday, totally an undesirable alternative but my only choice.   

I turned on the machine Sunday night and it booted fine with the correct clock time.   I did the windows memory diagnostic, which finished with no summary, just closed.  MWB did respond to my "turn on" command.  And computer is working fine now. 

The point of all this is that I needed no tech support to get to where I'm at now:  a fully functioning computer.   Nothing was ruined or needs attention.  I'm aggravated and disgusted.   And am considering whether to turn off or remove MWB or just keep it running but remember to remove it next time i have any kind of a problem.

Share this post


Link to post

I would assume that MB would be cautious as to what to communicate with regards to this event. Although it is not the "right" thing to do, in the litigation enhanced world we live in, I would bet legal advice would have them proceed carefully. I would also expect to see a new and improved user agreement for each demographic of their clientele base or one that covers all; including themselves. This is reality. Yes, mistakes are made in every walk of technology and this is part of being human. The other side of the coin is what this has put all of their affected clients through. Buffering clients from the effects of this should have already been part of the testing process and MB knows this is possible. Publicly speaking, we may never see or hear the end result of this for MB. After reading this forum in its entirety and experiencing this from a MB client perspective, I do believe the following to be true:

1. This caused problems for all affected clients that were/are time consuming and, in some cases expensive. In other cases reputations have been damaged.

2. There should have been a better communicative process already in place by MB for such an event that would reach their clients, however, when your product is capable of incapacitating the only means of communicating with a client (for many this was the case), alternative (redundant) means of communication must also be in place.

3. MB did find a remedy in a relatively short amount of time, however, communicating this could have been part of a communicative process already in place for such an event.

4. MB website and this forum does provide for a communication venue for such an event, as well as, a "pacification button" for those who would otherwise have very few emotional outlet choices in the aftermath of this type of occurrence; especially when considering the level at which this could and would piss someone off!

I have been a MB customer for some years and will continue to be. If I were MB I would definitely be thinking about how to prevent this type of error from reaching clients in the future.

Share this post


Link to post

We are another MalwareBytes for Business customer, with a few hundred users.

The subnets on our LANs are 172.16.x.x - right in the range that was excluded by this bad update.

Our DNS servers are local - on the 172.16.x.x LANs.

What we finally figured out to remedy the situation for PCs that were in the hands of non-admin or remote users was:

Our MBAM policy stated that after 4 hours of not being able to get updates from the MBAM update server on the LAN, the PCs are to try to get a definition update from the Internet. With local unreachable DNS servers, the PCs could not get on to the Internet, of course, and therefore could not complete the policy directions.

We updated all of our DHCP servers to dole out a DNS list that included an external DNS entry along with our internal ones. With the new external DNS entry, we found that PCs started to get MBAM updates - almost exactly 4 hours after being restarted.  Of course, after that they regained LAN access.

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

I was informed by one of my techs of 'a problem' on Saturday, 10:00 AM CST. We chased network problems for about 4 hours - that is what this problem looked like originally.

Looking for answers, I finally got around to uninstalling MBAM Client on my PC. Immediately I was able to access our LAN, and browse the Internet. (Our DNS servers were local, and although we could ping 8.8.8.8 - for example - on Saturday, we could not access www.google.ca, rendering browsing useless.) Manually uninstalled MBAM was an acceptable but laborious process to do for local PCs that we could physically access and login with admin credentials. However we support many devices in remote offices,  (that use 172.16.x.x subnets), and home offices too.

I was not aware of what the bad MBAM update was actually doing until this morning. I received an email from a MBAM tech in Europe that stated IP addresses in the 128.0.0.0 to 191.255.255.255 range were being blocked by the bad MBAM update.

Had we known the actual cause earlier, we MAY have set the DHCP DNS list and restarted the PCs on Saturday evening, or Sunday. Then, someone in the remote offices could have restarted the PCs on the weekend, with the assurance that on Monday (or within 4 hours) their PCs would be working correctly again.

 

 

Share this post


Link to post
12 minutes ago, AustinK said:

is the web protector still not turning on for everyone still?

Let us get a clean install of the current version. 3.3.1 This has the updated database.

 

We have another tool called MB-Clean which will automate the whole process for you.

 

The clean removal tool will backup your license information and then re-enter the license to the new install.

  Tool can be found at https://downloads.malwarebytes.com/file/mb_clean

 

1. After downloading the tool run the tool.

2. The tool will automatically clean up the older possibly damaged installation and will ask you for a restart.

3. Restart your system and then the MB-Clean tool will prompt you to re-install the latest product.

4. Click on "Yes" to reinstall MB 3.×.

5. Now you will have the latest product installed.

 If it does not offer the new install after the reboot you can download and install from here. 

https://downloads.malwarebytes.org/file/mb3  

Share this post


Link to post
4 hours ago, ewallace said:

We are another MalwareBytes for Business customer, with a few hundred users.

The subnets on our LANs are 172.16.x.x - right in the range that was excluded by this bad update.

Our DNS servers are local - on the 172.16.x.x LANs.

What we finally figured out to remedy the situation for PCs that were in the hands of non-admin or remote users was:

Our MBAM policy stated that after 4 hours of not being able to get updates from the MBAM update server on the LAN, the PCs are to try to get a definition update from the Internet. With local unreachable DNS servers, the PCs could not get on to the Internet, of course, and therefore could not complete the policy directions.

We updated all of our DHCP servers to dole out a DNS list that included an external DNS entry along with our internal ones. With the new external DNS entry, we found that PCs started to get MBAM updates - almost exactly 4 hours after being restarted.  Of course, after that they regained LAN access.

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

I was informed by one of my techs of 'a problem' on Saturday, 10:00 AM CST. We chased network problems for about 4 hours - that is what this problem looked like originally.

Looking for answers, I finally got around to uninstalling MBAM Client on my PC. Immediately I was able to access our LAN, and browse the Internet. (Our DNS servers were local, and although we could ping 8.8.8.8 - for example - on Saturday, we could not access www.google.ca, rendering browsing useless.) Manually uninstalled MBAM was an acceptable but laborious process to do for local PCs that we could physically access and login with admin credentials. However we support many devices in remote offices,  (that use 172.16.x.x subnets), and home offices too.

I was not aware of what the bad MBAM update was actually doing until this morning. I received an email from a MBAM tech in Europe that stated IP addresses in the 128.0.0.0 to 191.255.255.255 range were being blocked by the bad MBAM update.

Had we known the actual cause earlier, we MAY have set the DHCP DNS list and restarted the PCs on Saturday evening, or Sunday. Then, someone in the remote offices could have restarted the PCs on the weekend, with the assurance that on Monday (or within 4 hours) their PCs would be working correctly again.

 

 

I should add - once the LAN based PCs received the external DNS entry via DHCP, we were able to access them via our web based remote access support tool (GoToAssist), elevate the credentials to local admin, and remove MalwareBytes Client. This allowed for immediate access to the LAN, as opposed to waiting for four hours for the MBAM Update.

 

Share this post


Link to post
14 hours ago, Porthos said:

Let us get a clean install of the current version. 3.3.1 This has the updated database.

 

We have another tool called MB-Clean which will automate the whole process for you.

 

 

 

The clean removal tool will backup your license information and then re-enter the license to the new install.

  Tool can be found at https://downloads.malwarebytes.com/file/mb_clean

 

1. After downloading the tool run the tool.

2. The tool will automatically clean up the older possibly damaged installation and will ask you for a restart.

3. Restart your system and then the MB-Clean tool will prompt you to re-install the latest product.

4. Click on "Yes" to reinstall MB 3.×.

5. Now you will have the latest product installed.

 If it does not offer the new install after the reboot you can download and install from here. 

https://downloads.malwarebytes.org/file/mb3  

First thing I tried, two good days ago. It doesn't solve the problem at all.

Share this post


Link to post
1 hour ago, Shendue said:

First thing I tried, two good days ago. It doesn't solve the problem at all.

I have responded in your other topic.:)

Share this post


Link to post

Somehow, this flaw has trashed my hard-drive.  It is less than one year old, and everything worked great through Friday evening.  Yesterday morning Computer eventually booted up into a black screen.  Did some research and found out about Malwarebytes flaw.  I managed to get to MB-clean and remove malwarebytes.  Still could not use computer.

Called in my tech. He ran a program called HD Sentinal and found my hard drive was no longer any good.

So I spent money on a new Hard Drive, and the tech copied over all data, but still profile is corrupt, etc., so tech is working on getting everything up today.

So far this has cost me a full day of work, cost for a new hard drive, cost for the tech.  Literally thousands of dollars of time.

Inexcusable quality control.

Malwarebytes may pay the piper on this one..... if I were it, I would not bank on the license agreement protecting it from what was obviously gross negligence on its part.  And imagine if One Hundred Thousand customers individually sued it for damages in their local small claim courts?  It would not be pretty.

Share this post


Link to post

Well, what a learning lesson for MalwareBytes!  One thing for sure, many more people know of this forum and have joined, I'm one of them!

I agree with the posts that acknowledge how everyone makes mistakes, and the most important thing to to is to own up to them, apologize, and make amends.

I'm a retiree, technically savvy, and have MB installed on 3 home computers.  It was scary around 11 am on Saturday (EST) when my PC suddenly started rebooting.  I feared I got infected with something.  I checked MB and saw web protection was off and I couldn't turn it on.  So I immediately pulled the network cable off my PC, shut it down, and started browsing from my phone for a newly reported MB server issue.  I quickly found this forum, got familiar with the issue, rebooted the PC with the network reconnected and went to "check for updates".  The fix was already there, so before my PC memory was entirely allocated by the bug, the software was updated and a reboot returned me to normal.  My wife's laptop, which was on and displaying the issue managed to go update itself!  When I got around to checking for updates, it had already downloaded and fixed itself.

I'm an engineer who's designed and built critical up-time systems in my 45 year career.  Never have only one system, and try to interconnect redundant systems as little as possible.  In my case, my smart phone was my alternative means of searching the internet for a solution.  The phone shares nothing, not even internet access, with my desktop PC.

Anyone who fails to regularly backup their computers, clean them of extraneous files, and has but one means of accessing this interconnected world, is a participant in their demise in situations like this.

Share this post


Link to post

Reading, I think I understand how my Hard drive was trashed.  Malwarebytes automatically installed its malware on Saturday, and the computer kept running all weekend with constant and continuous rewrites to the hard drive...which apparently damaged some sectors of the drive and causing corruption of essential files.

I have never had an issue with security since I started using Kaspersky Internet protection.  Unfortunately, I made the mistake of adding Malwarebytes as complimentary protection, but that was where I was at fault.  I didn't need Malwarebytes...should have recognized when its flawed 3.0 was introduced, that it was simply not big on quality control.

And those of you who continually are blaming the customer, I suppose that is par for the course in our country.  Nobody accepts blame and accountability for their own actions.  Always blame the other guy.

 

 

 

Edited by Davidtoo

Share this post


Link to post

Why did MWB not send out an email to every user informing them of the problem and what to do?   As soon as they released the patch or update, whatever we call it, that email should have gone out.  It would have reclaimed the lost weekend of work for me. 

My first inkling was when I called Micro Center tech support on Monday to get advice on what would have been my next desktop computer, thinking that my current machine had died on Saturday.  It's 7.5 years old, so who knows when it'll go.  I told the tech guy, Josh, about my dead desktop that I was replacing and was about to ask him what he recommends security-wise.  I said that I've been very happy with MSE and MWB and he jumped in to say, "Oh, you have MWB? That's why you had the problem."  I said, "Yeah?  So why is it working now?"  "Because they issued a patch."  

So, again, WHY DID MWB NOT SEND OUT AN EMAIL TO ALL USERS ON SATURDAY?????

Share this post


Link to post

Yes, an email absolutely should have been sent because I'm sure that the vast majority of users don't visit the forum.  

Share this post


Link to post
19 minutes ago, marge201 said:

Why did MWB not send out an email to every user informing them of the problem and what to do?   As soon as they released the patch or update, whatever we call it, that email should have gone out.  It would have reclaimed the lost weekend of work for me. 

My first inkling was when I called Micro Center tech support on Monday to get advice on what would have been my next desktop computer, thinking that my current machine had died on Saturday.  It's 7.5 years old, so who knows when it'll go.  I told the tech guy, Josh, about my dead desktop that I was replacing and was about to ask him what he recommends security-wise.  I said that I've been very happy with MSE and MWB and he jumped in to say, "Oh, you have MWB? That's why you had the problem."  I said, "Yeah?  So why is it working now?"  "Because they issued a patch."  

So, again, WHY DID MWB NOT SEND OUT AN EMAIL TO ALL USERS ON SATURDAY?????

Not to be flip about this as it affected me as well, although not to the extent as some, but how would the affected customers even get the email if their PC's were borked? Many don't have redundant systems or check email on other devices. Plus, MWB would only know the IP gateways for the affected users, how would they know who to send the email to?

 

And think of what would happen if they did send out a mass email ... many scared consumers and possibly business would turn off their protection and expose themselves to the real bad guys ... who would love to have even a few hours of unprotected access to millions of systems.

Share this post


Link to post
4 minutes ago, jmh2002 said:

Yes, an email absolutely should have been sent because I'm sure that the vast majority of users don't visit the forum.  

It didn't occur to me for a nanosecond that it could have been a MWB problem.  My tech guys weren't available over the weekend.  The problem was fixed and I had no idea.   If not for my neighbor Mike who came in Sunday night to advise me on what computer I should buy on Monday, I'd have bought a completely unnecessary new computer yesterday.  He said to me Sunday night, "Let me see your dead computer."  So I turned it on and all was FINE.  What????!!!!!   A fluke?  Still a broken computer that seems fine but a week from now will REALLY die?  All this uncertainty and MAJOR AGITA due to MWB not informing its users via email.    

To change the subject a tad, I'm curious to know why I seem to have completely recovered 100 percent by virtue of the MWB update and others have not, even having hard drives ruined.  It's just me and my desktop computer at home.  I got completely hit by the problem and completely cured by the update.  Why is this not everybody's story?

 

Share this post


Link to post
11 minutes ago, Lunatic59 said:

Not to be flip about this as it affected me as well, although not to the extent as some, but how would the affected customers even get the email if their PC's were borked? Many don't have redundant systems or check email on other devices. Plus, MWB would only know the IP gateways for the affected users, how would they know who to send the email to?

 

And think of what would happen if they did send out a mass email ... many scared consumers and possibly business would turn off their protection and expose themselves to the real bad guys ... who would love to have even a few hours of unprotected access to millions of systems.

I used my laptop for the weekend, using my wireless that worked fine.  No MWB on that computer.  That's one way I would have gotten the email.  The second way I could have received that email is my phone.    So laptop with no MWB and the phone, TONS of people are in that same situation and would have benefited greatly on Saturday from it.   The email should have briefly outlined the problem and said the fix is complete, you can all turn on your computers and see that it's fixed, something like that.

Edited by marge201

Share this post


Link to post

All of this is good and well for most. I still have a problem, however. Saturday morning both my wife's computer and mine were going bonkers as described by the commenters here. I was able (on my own amazingly enough) to determine Malwarebytes was causing our issues and frantically uninstalled it using the standard Windows 7 program uninstall method on all of our computers. My computer now seems fine. My wife's computer still refuses to connect to the internet. The network panel says the computer is connected and has internet access but no programs are able to access the internet. Doesn't matter if it's via ethernet or wireless. I can ping 8.8.8.8 but not anything else if that means anything. Have also done the winsock reset to no avail either.

I have not reinstalled MWB on any computer, relying solely on Bitdefender at the moment. I am not particularly tech savy so I am at a complete loss as to how to get my wife's computer to connect to the internet again. Any suggestions from folks here? Obviously, I can't download anything to her machine so a reinstall is not an option unless I can do it from a thumb drive for example.

I could really use some advice...

Share this post


Link to post

Random thoughts:

First, I just noticed these 2 "new" locked, pinned, and featured topics under News forum.

How to recover for home users
https://forums.malwarebytes.com/topic/220528-web-blocking-ram-usage-how-to-recover-home-users/

How to recover for  corporate users
https://forums.malwarebytes.com/topic/220408-web-blocking-ram-usage-how-to-recover-corporate-users/

Second, I'm curious about why there were 31 pages in this forum then it went to 29 where it's stayed for the last couple days. I don't understand why or how with a continually growing number of posts the pages aren't growing in number respectively.

Third, I freaked out when I saw and absent-mindedly by habit clicked on a notice to download a "new" "free" version of MWB. I tried to stop it by closing down the service and waiting but when I reopened MWB it auto-started the download. I'm configured to auto-update sig files but not versions. Not too smart to invoke the version update but stuff happens and it appears to have gone okay.

MbUpdate20180130.PNG.c4fb3af993c57c7f0e2d8e5541f766c8.PNG

Third and last -- any thoughts? Anybody? 

Please be nice.

 

Share this post


Link to post
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.