Jump to content

Recommended Posts

This morning, I started my Windows 7 Prof. desktop computer running the most recent version of Malwarebytes. Everything seemed fine, but Malwarebytes didn't start and ask me to scan. When I tried to see whether it was perhaps hidden in the system tray box for excess programs, I could get no response from my computer.Indeed, the computer was frozen. I couldn't even use the Start button to restart. I forced a shutdown and tried again. Same story. I tried a third time, and this time Malwarebytes did appear on my screen and ask for a scan, but it also indicated that Rootkit Protection was turned off. I was unable to start that protection. I nonetheless ran a scan, and I was told that no problems were detected. But since Rootkit Protection was still turned off, I decided to follow Malwarebytes procedure to report a problem.  I've run the support tool and have attached mbst-grab-results.zip. 

mbst-grab-results.zip

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab
    Repair menu_arrows.png
     
  7. Click the Gather Logs button
    Advanced_arrows.png
     
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    Advanced Gather Logs_arrows.png
     
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Advanced Gather Logs completed_arrows.png
     
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

Hello,

Thanks for reporting the issue.

The system freeze you originally experienced was likely caused by the mrcbt.sys driver belonging to your installed Macrium Reflect product (specifically related to the "Changed Block Tracking" feature). We've had a few reports from other users experiencing similar freezes and analysis of dump files obtained from the users revealed the source to be operations performed by Macrium Reflect's mrcbt.sys driver.

I suspect the subsequent issues you encountered with the Anti-Rookit module not starting are related to the machine's forced/ungraceful shut down.

I recommend starting by addressing the system freeze. From your logs, I can see that the Changed Block Tracking feature is enabled in Macrium Reflect. Macrium have provided an updated version of their mrcbt.sys driver file that is intended to help address the issue. It can be downloaded from here: https://updates.macrium.com/mrcbt/64/mrcbt.sys

Replace the mrcbts.sys file in C:\Windows\System32\drivers with the updated version from the download link above and then reboot your computer (this is important).

Afterwards, please let us know if you encounter any further issues with system freezes and or Rootkit scanning within Malwarebytes.

Edited by LiquidTension
Link to post
Share on other sites

Thanks very much, LiquidTension, for your helpful response.  I'm embarrassed to admit that the message I sent this morning had a major error in it. For some reason, I wrote "Rootkit Protection" when I meant "Ransomware Protection"! 🙄  It's only when I came back to the Forum to read your response that I recognized my stupid mistake. However, I read what you had to say about the freeze issue and found that I did have the Changed Block Tracking feature enabled in Macrium. Since I do Full rather than Incremental backups, I decided to simply uncheck that feature and see what difference that made. After unchecking it, I rebooted, and I found that not only did the computer not freeze, the Ransomware Protection feature was now on rather than off. Since I don't do Incremental backups,  the computer is no longer frozen, and Ransomware Protection is again working, do I need to download and install the updated version of Macrium's mrcbt.sys driver file? 

Link to post
Share on other sites

That's not a problem. Thanks for the update.

As you don't intend on using the Changed Block Tracking feature, there's no need to use the updated mrcbt.sys driver file. For completeness, you might want to uninstall that feature from Macrium Reflect as the driver is still loaded at boot even with the option unchecked. To do so: Open Programs and Features -> Right-click Macrium Reflect and click Change -> Click Next followed by Modify -> Uncheck Install CBT and click Next -> Click Install -> Reboot the computer.

We haven't seen any issues specifically between Macrium Reflect and the Ransomware Protection component, so it's possible it was the reboot that solved the issue (following on from the earlier unexpected shut down).

Please continue to monitor the computer and let us know if you encounter any further issues.

Edited by LiquidTension
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.