Jump to content
OzBoz

Continuous behaviour warnings

Recommended Posts

The last couple of days I've been getting a Malwarebytes pop up dialogue telling me it has detected and stopped an exploit of abnormal behaviour.  (Every few minutes)

If I select the report, it tells me that the culprit is C:\Program Files (x86)\PCPitstop\PC Matic\cmd \c echo x86  I do not have any processes or services running concerning PC Matic.  I can only assume that this is yet another shot in the civil war against PC Matic and any other that sets up in competition with Malwarebytes.  That is not a good business plan.   Unless you can identify for me, the exact exploit threat, I will be uninstalling Malwarebytes, and using PC Matic exclusively, which I consider a far superior product with it's white listing ability

Attached, screenshot of the warning, and a copy of the associated report.

OzBoz

 

Snipped.JPG

Report.txt

Edited by AdvancedSetup
Removed ID

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column
    0. UI.png
  7. Click the Gather Logs button
    17. Advanced.png
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    19. System Repair Progress.png
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

Share this post


Link to post
Share on other sites

Hello @OzBoz

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Share this post


Link to post
Share on other sites

Thank you for the logs @OzBoz

I'm not seeing an obvious reason for the block. Can you please try a reboot and also check for any updates from PCMatic

If that does not help then I'll need to get some logs to provide to our Dev Team.

 

Please download mbae_debugging.zip using the link below.

https://malwarebytes.box.com/shared/static/qemghbd9e5794dc7pdhvnq2xpku6wo5z.zip

Open your Downloads folder.
Right-click  mbae_debugging.zip and click Extract All.... Ensure Show extracted files when complete is checked and click Extract.
Double-click start_debugging.bat
Note: If you are prompted by Windows SmartScreen, click More info followed by Run anyway. If you are prompted by User Account Control, click Yes.
A blue console window will appear. Please be patient.
When prompted to reproduce your issue, please perform the action(s) that trigger the exploit block/issue with your installed Malwarebytes product.
If you are successful, press Y on your keyboard.
Upon completion, a file named mbae-logs.zip will be saved to your Desktop. Please attach the file in your next reply.

 

Thank you

Ron

 

 

Share this post


Link to post
Share on other sites

Actually, a colleague noticed the following in your logs.

CHR Extension: (PC Matic) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\okmhneofinpilciglijihehjpaegledb [2019-09-06]

So the PC Matic extension was added on 09/06/2019 to Chrome. Can you try removing that extension and see if that stops the blocking alerts

 

Share this post


Link to post
Share on other sites

Hello Ron,

On checking Chrome's extensions, there is nothing there referencing PC Matic.  Following the link to the extension you provided, I deleted the extension, but immediately afterward threat message came up again.  There is a whole list of extensions in the same folder (Profile 1) I do not use profiles as I'm the only user on this home based PC so I deleted the whole folder.  It made no difference as the message has appeared since the deletion. 

On running the mbae-debugging app, I obviously was not able to reproduce the problem as it is a random event beyond my control, but I entered Y at the question anyway.

mbae-logs.zip

Share this post


Link to post
Share on other sites

Thank you very much. It is now past end of the work day. I have sent your file to our Dev Team but I don't expect to probably here back from them until Monday or Tuesday. If needed you can disable the Exploit Protection from the Task Tray icon until we get an answer back for you.

Have a good weekend

Ron

 

Edited by AdvancedSetup
updated information

Share this post


Link to post
Share on other sites

Hello @OzBoz

We have a test build of the standalone MBAE that you can use. This should stop the blocking alert. You will need to disable the current Exploit protection module in Malwarebytes and then install and run this standalone Consumer version.

NOTE: This is a test, beta build and should not be used long term. Once it has been fully tested it will be updated in the main Malwarebytes product as well.

https://malwarebytes.box.com/s/hvlkhgbzltvkxwgydwufc8k0ng0t2n2k

If you have any questions please let me know. Otherwise, I hope this corrects the issue you're reporting and I await your reply.

Thank you again

Ron

 

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.