Jump to content

Malwarebytes is blocking VBSCRIPT in internet explorer


Recommended Posts

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malware Removal for Windows Help forum. Being infected is not fun and can be very frustrating to resolve, but don't worry because we have a team of experts here help you!!

Note: Please be patient. When the site is busy it can take up to 48 hours before a malware removal helper can assist you. If no one has replied to your new topic after 48 hours please contact an Administrator to let them know.

First, if you haven't done so, please run a Threat Scan with the latest version of Malwarebytes. This may resolve your malware infection issue without the need for additional support. Click "Reveal Hidden Contents" below for details:

Spoiler

Malwarebytes can detect and remove most malware with no further actions required for free.

If you do not have Malwarebytes, please download it here and install. Be sure to post back the log as shown below.

  1. Open Malwarebytes for Windows
  2. To the left, click Scan > Scan Types.

    auto-reply-scan-types2.jpg.86e24e955a95d
     
  3. Select Threat Scan. Threat Scan is the most thorough and recommended scan method available.

    auto-reply-scan-types1.jpg.f4eee0e0c9375
     
  4. Click Start Scan
     

Next, if you're still experiencing issues after running Malwarebytes, then technical logs will be required to assist you. Click "Reveal Hidden Contents" below and follow the instructions to run the Farbar Recovery Scan Tool:

Spoiler

Don't use any temporary file cleaners unless requested - this can cause data loss and make a recovery difficult.

Please download the Farbar Recovery Scan Tool here and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  1. Double-click to run it. When the tool opens click Yes to the disclaimer.
  2. Press the Scan button.

    _frst_scan.jpg.d79beccbb6e66628e557f6c28
     
  3. It will make a log (FRST.txt) in the same directory the tool is run. Please attach or copy and paste it to your reply.
  4. The first time the tool is run, it also makes another log (Addition.txt). If you've run it before it may not and you may need to select it manually.
     

Finally, attach the Malwarebytes Threat Scan, FRST.txt and Additional.txt logs to your reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:   notify me.jpeg
 

Click "Reveal Hidden Contents" below for details on how to add attachments to your post.
Note: If you are unable to attach files, please copy and past the contents of the requested files in your Reply instead. 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

Please Note the Following:

  • One of our expert helpers will give you one-on-one assistance when one becomes available.
  • Refrain from making any further changes to your computer (such as Install/Uninstall programs, using special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.
  • Do not 'bump' or add a reply to your topic once it is started. Topics which appear to have replies are considered to have a helper assisting them and may be overlooked, resulting in a longer waiting period for help
  • If you're using Peer 2 Peer software such as uTorrent or similar, please completely disable it from running while being assisted here.

Troubleshooting Tips

 

 

Link to post
Share on other sites

Greetings,

This is part of the application hardening in the Anti-Exploit component of Malwarebytes.  To enable VBScript in IE you must open Malwarebytes and go to Settings>Protection and beneath Real-Time Protection click the Advanced Settings button below the Exploit Protection section.  Within the Anti-Exploit Settings window that opens, uncheck the box next to Disable Internet Explorer VB Scripting under Browsers in the Application Hardening tab (the first tab).

Edited by exile360
Link to post
Share on other sites

  • 8 months later...

That's odd, you should be able to uncheck the following two options then click Apply as illustrated below, though it's possible that the module is remaining loaded into the IE process so you might also need to exit/restart Internet Explorer or even quit/restart Malwarebytes for it to fully take effect:

VB1.png.04a3ac85bcf8c4e56256fdcb43fb07bb.png

VB2.png.0198b4d7d0badfb0e5534785bdcf1f41.png

If it still doesn't work, try restarting the system to see if it works with Exploit Protection active and those two options disabled and please let us know if it does not.

Thanks

Link to post
Share on other sites

 

Thanks for responding.

> If it still doesn't work, try restarting the system to see if it works with Exploit Protection active and those two options disabled and please let us know if it does not.

 

I restarted the system (Windows 7), then attempted to open IE. Malwarebytes blocked it (IE).

 

I then opened Malwarebytes and confirmed that both boxes were unchecked. They were.

 

If this is the only unwanted blockage I encounter I'm not inclined to worry about it. On the rare occasions when I must use IE, I can shut off exploit protection for the duration and turn it back on afterward.

 

Link to post
Share on other sites

OK, thanks for the additional info.  I don't want to be a bother, but I really would like to gather some info for the Devs so that they may investigate and hopefully fix this issue in the future if you wouldn't mind and if you have the time.

If you're up to it, please open Malwarebytes and navigate to Settings>Application and under Event Log Data toggle the setting to On, then restart your system and then replicate the issue with Malwarebytes blocking IE again with the two settings still disabled and with Exploit Protection enabled then do the following:

  1. Download and run the Malwarebytes Support Tool
  2. Accept the EULA and click Advanced tab on the left (not Start Repair)
  3. Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply

If you decide to assist, please provide the ZIP file then you may (and should, so it doesn't continue creating large logs on your system) disable the Event Log Data setting in Malwarebytes again.

Thanks

Link to post
Share on other sites

Thanks, there are actually a large number of recent detections in your logs from Malwarebytes.  This makes me suspect that perhaps the blocks might actually be related to that which would explain why disabling those settings didn't help.

Please run ADWCleaner and have it remove anything it finds then restart if prompted to complete the removal process.

Once that's done, try launching IE again with Exploit Protection enabled to see if there is any difference.  If not, then I would recommend that you follow the directions in this topic and create a new topic in the malware removal area including the requested logs and info by clicking here and one of our malware removal specialists will assist you as soon as one becomes available to help you check and clean any remaining threats, and hopefully they will be able to eliminate or fix whatever it is causing this issue.

You don't have to do this of course, but I would definitely recommend it just to be safe as I wouldn't want your system to be infected or have some remaining PUPs (Potentially Unwanted Programs) onboard without you knowing.

Link to post
Share on other sites

Thank you for your attention.

I ran ADWCleaner at least twice.  It found and removed threats on the first run; found nothing on a later run.

I attempted to launch IE; Malwarebytes again blocked it.

I downloaded and ran FRST, and forwarded the results to a new topic per your suggestion.

This particular machine has been running just fine. I have no reason to believe I have an infection or any other problem (except as described in the above mentioned thread). After installing Malwarebytes I have been unable to load Internet Explorer without disabling exploit protection in Dashboard.

 

Link to post
Share on other sites

Yes, my theory is that it's probably just some trace left behind from the PUPs you removed with Malwarebytes and ADWCleaner.  It is likely some kind of browser add-on or something and the scanners are just missing a small part of it like one or two files and/or registry entries and that may be what's causing all of this.  Either way it doesn't hurt to check so I'm glad you decided to go ahead and post in the malware removal area.  At the very least you'll have peace of mind knowing that nothing is left of those PUPs that were detected/removed before and that nothing else is present on the system.

I will go ahead and inform the Devs about this issue anyway though, just in case it is a bug with those settings in Malwarebytes so that they can investigate it.

Thanks again for the logs and info.

Link to post
Share on other sites

Quote

Malwarebytes Version Information
==================================
Controllers Version:     1.0.0
Database Version:        2019.03.14.07
Update Pkg Version:      1.0.9690
Installer Version:       3.7.1

 

I would run the repair tool or just install MB over itself. Your install is corrupt.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.