Jump to content

Recommended Posts

Same problem here. Any results?
----------------------------------------------------

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 3/27/18
Protection Event Time: 8:21 AM
Log File: 06c7bc0a-3187-11e8-8fa3-40b03415914b.json
Administrator: Yes

-Software Information-
Version: 3.4.4.2398
Components Version: 1.0.322
Update Package Version: 1.0.4490
License: Premium

-System Information-
OS: Windows 10 (Build 15063.966)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0

-Exploit Data-
Affected Application: Internet Explorer (and add-ons)
Protection Layer: Application Hardening
Protection Technique: Attempt to execute VBScript blocked
File Name: C:\WINDOWS\system32\VBScript.dll
URL: 

(end)

 

Already tried  --> FRST64, AdwCleaner, Sophos Virus Removal Tool  with no results, zie logfiles att.
Disabled all add-ons in IE with no results

Is there an solution for this?

Regards,
AvL

 

 

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello and Welcome

Lets get a clean re-install of the latest version so that we are working with all default settings.

Let's try this first.... (Malwarebytes clean removal tool will backup your license information and then re-enter the license to the new install)

  1. Please follow the steps in this pinned topic to un-install your current version of MBAM and reinstall the latest build - Malwarebytes mb-clean tool (NOTE: After un-installing with the mb-clean tool you will be asked to reboot. Once you reboot it will ask you if you want to re-install Malwarebytes, you can select YES (it will download the latest version) If you are not prompted to install the latest version, you can download the latest version manually (currently v3.4.5.2467 CU 1.0.342) to re-install from HERE)
  2. If that does not correct the issue, then please read the following and attach to your next reply the requested logs - Diagnostic Logs (after you run all the tools requested, all the logs will be combined into one log file named: mb-check-results.zip located on your Desktop (which will include the FRST logs inside the zip file))
  3. NOTE: More info about the latest Malwarebytes 3.4.5 HERE; MB 3 User Guide ONLINE; MB 3 User Guide PDF; MB 3 FAQ: Malwarebytes 3.0 - Frequently Asked Questions


Please let us know how it goes.


Thank You,

Firefox

Link to post
Share on other sites

I have experienced this myself in the past.  What happens is, for some unknown reason Internet Explorer will suddenly start attempting to load VBScript.dll, something it isn't supposed to do since VBScript is considered obsolete and dangerous even by Microsoft.  And since Malwarebytes 3 is by default configured to stop IE from loading/executing VBScript, when it sees it attempt to load that DLL, it stops it and you get the detection you're seeing.

When it happened to me I just lived with it for a time and it eventually went away.  I've seen other cases here on the forums that were similar, where the issue cropped up for a while and then eventually stopped.  The exact cause is still as of yet unknown as far as I've been able to determine, however if it does persist there are probably more extreme measures one could take such as unregistering VBScript.dll so that IE can't load it, but I'll leave it to the others to determine what's best and what actions to take to try to find the cause and fix it.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.