Malwarebytes 4 Win10 Hangs on startup

[Marc_Foreman]

Hi Maurice - thank you for your help.

I've following your instructions, and on this occasion can report that following reinstallation and reboot, Windows did enter the desktop successfully (yay!).

I've checked the system settings and the only change I can see on this occasion is that Malwarebytes has automatically registered with the Windows Security Center, and therefore Windows Defender is disabled. In the previous installs, Windows Defender was still running and active.

I'll keep a close eye on the system over the next 24 hours and will let you know how it goes, but for now I would say tentatively, looking good. :-)

 

Much appreciated,

Marc

 

 

[Maurice Naggar]

Hi Marc.

You are very welcome.   Let me know if you need something else.

 

I would like to get a fresh report from Windows.   This does not make any changes.   It is just a status readout.

The command below will need to be done from an Elevated Command prompt window
Right click the windows logo lower left corner of your Taskbar > choose Command Prompt (Admin)

Copy  then Paste the whole line AS IS onto the command prompt   & then tap Enter-key

wmic /namespace:\\root\securitycenter2 path antivirusproduct get /value > status.txt

Please attach the file Status.txt  with your reply.

[Marc_Foreman]

Hi Maurice,

Please find the requested file attached to this message.

Best regards,

Marc

status.txt

[Maurice Naggar]

Marc,  Thank you so much.   

[Marc_Foreman]

Sorry Maurice - one last thing : In the course of picking up the file you asked for, I saw that in my Windows\system32 folder, there's a set of files with chinese characters and no file extension. Are these malware traces? I've attached a zip of the files in question. I've never seen anything like them before.

Best,

Marc

System32_chinesefiles.zip

[Maurice Naggar]

You should just delete those files.   They do not seem to be malware.  I've uploaded 3 of them to Virustotal  and they are not flagged as malware.

[Marc_Foreman]

Thanks Maurice - really appreciate it and so far I'm very much enjoying the new experience of Malwarebytes 4.

Best,

Marc

[Maurice Naggar]

You are most welcome.   Thanks for this note.

All the best to you.

[Marc_Foreman]

Maurice, good morning. But it's bad new I'm afraid.

On first and second boot this morning, Windows locks up in exactly the way it did beforehand. I was forced to boot into safe mode, use the removal tool to remove Malwarebytes, and then instead of reinstalling 4, I've reinstalled my old version 3 (some protection being better than none).

What's the next debugging step please?

Thanks,

Marc

[Maurice Naggar]

Let’s  please try to get and run a special  report  tool from Microsoft. 

It does not make changes. It will be just a report.

 

• Please download Sysinternals Autoruns from here and save it to your desktop.
   
• Note: you also need to do the following:
• Right-click on Autoruns.exe and select Properties
• Click on the Compatibility tab
• Under Privilege Level check the box next to Run this program as an administrator
• Click on Apply then click OK

Double-click Autoruns.exe to run it.
Once it starts, please press the Esc key on your keyboard.
Now that scanning is stopped, click on the Options button at the top of the program and select Filter Options...
 

In the Autoruns Filter Options dialogue, verify that the following are unchecked, if they are checked, uncheck them:
 

• Include empty locations
• Hide Microsoft entries
• Hide Windows entries

Verify that the following is checked, if it is unchecked, check it:
 

• Verify code signatures

Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
When it's finished and says Ready. on the lower left of the program window, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.

Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
Attach the Autoruns.zip folder you just created to your next reply

 

Thank you.

[Marc_Foreman]

Thank you Maurice, I can also confirm that I re-ran your instructions from yesterday, and I used the support tool to clean malwarebytes from my system, and on reboot reinstalled version 4. I then rebooted and confirmed the same problem persisted of locking up on start. I also discovered that by forcing the next reboot, the system launched successfully. It's from this newly launched session with MWB4 installed that the ARN file has been generated.

Secondly, I also observed a freeze in the windows taskbar of the same type when I first disabled, and then manually re-enabled the ransomware protection layer, in accordance with Ron Harr's suggestion. There was a delay of apprx 10 seconds whilst the taskbar and desktop were unresponsive, after which it cleared.

Thirdly, the Autoruns tool UI has been updated by Microsoft I believe, as your instructions seem to refer to a different incarnation of it. However, I think I've transposed what you asked for successfully but please let me know if you need me to re-run. Attached is the ARN file it created.

Best regards,

Marc

I7-6950X.zip

[Maurice Naggar]

Thank you for the report.

Kindly do not make any further changes on your own, without checking here first.

 

One of the things I very much recommend is making sure this Windows OS is fully up to date.

I would like to begin by insuring to get the latest Service Stack Update for it.   This OS is 64 bit Intel & currently on build 1803.

When you download the next items  be very sure to first SAVE them to the Downloads folder.

1 - Download the latest SSU   from Microsoft    https://www.catalog.update.microsoft.com/Search.aspx?q=KB452320

3   For your system it is the 4th  listed  line item.   Click the Download button on the right.    Save the file first

2 - Run the saved-download

Let me know after that is accomplished.

 

[Marc_Foreman]

Hi Maurice,

Sorry for shifting the goalposts on you.

Should I remove Malwarebytes 4 first using the malwarebytes support tool, prior to installing the windows ssu?

Best regards,

Marc

[Maurice Naggar]

No,  there is no need to remove Malwarebytes;  or doing anything for that.   Please proceed  and then advise when all done.

Cheers

[Marc_Foreman]

OK, this has installed. I haven't been prompted to reboot so am still in the same windows session.

 

[Maurice Naggar]

Ok   thanks.

Now the next part.

machine needs  Windows 10 build 1909.  You can manually get it thru Windows Update.

It may take repeated tries with Windows Update till your pc is able to see that Update.  

The suggestion I have is to go to the Start menu, click the Windows Settings icon. Select Update & Security.  Click on Windows Update.

The Windows Update ( eventually) will have a display when it shows up.

Note that the display will show the new build in a new way, in the middle of the display.  You will need to click on the blue line marked "Download and install now"  when ready.

 

 

Getting that Windows build update will put this pc in a optimal position for a more secure operating system.

[Marc_Foreman]

Maurice, I have grave misgivings about a feature update to the latest version of Windows when it's so fresh in the marketplace and hasn't been doled out to my PC yet. Can we not do this with a version of windows which has been around for long enough to be pronounced stable?

[Maurice Naggar]

It will do this pc a lot of good.   Please go forward.

I am running on it.   Lots of my colleagues ( Windows Insiders) have been running it, as well as what preceded it.

[Marc_Foreman]

So sorry Maurice, but the risk is too great, given my system is mission critical and stable in all other respects on malwarebytes v3. As a work-pc, I can't afford to take the risk, I'm sure you understand.

Would you be able to guide me to the most recent build of Malwarebytes 3, so that I can at least be as secure as possible until such time as Woody Leonard pronounces it safe (he's been a lifesaver during previous incarnations of windows 10 and I watch his MS Defcon tracking regularly at askwoody.com).

 

[Marc_Foreman]

OK, it's 0:47am here, so I'm calling it a night. Thank you for your patience and assistance in this. I'll leave a reminder for me to try Malwarebytes 4 once again when 1909 becomes a realistic feature update option for me.

I'll look forward to receiving your link for the most recent MWB3 in the morning.

Have a good evening yourself,

Marc

[Maurice Naggar]

I would like to point out some facts here as regards old builds of Windows 10.
Now, this is a fact:
Windows 10, version 1803 was first out    April 30, 2018      and has now reached its end of support life at Microsoft as of  November 12, 2019.

One should not keep staying on build 1803.   Otherwise one faces not getting support from Microsoft.
Microsoft Windows lifecycle fact sheet
https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet

I would again, honestly urge you to get the latest Build of Windows 10 from Microsoft.
This pc has somehow skipped 2 other released builds:  1809, then 1903.
One big reason to urge you to Update Windows is that it will help with  proper handling of early launch anti-malware services.

I know of Woody Leonhard from 2 decades ago. I had read a lot of his articles in the past. I just think he can be overly cautious  and carry view colored by long-ago, long gone episodes.
There is no factual basis for hesitating about getting the latest Windows 10 build.   imho, it is counter-productive.

.
IF the current Malwarebytes for Windows installed shows all 4 real-time protections are on, I would recommend you stick with it.

 

 

 

[Marc_Foreman]

Thanks Maurice,

At this moment, I am running Malwarebytes 3.3.1 and the system is stable with no lockups, and no interruptions (freezing) during use. All 4 security layers are activated and show as being "on", and the malware library has been updated to the latest available version.

Just to explain my reticence, we suffered a period of unwanted, unexpected and significant downtime when Windows 10 was upgraded to a new release (1703, at that time). The upgrade caused a repartitioning of our hard drives, and this had a detrimental effect on a range of licensed software we were using which then falsely triggered a lock on the license, due to the change in hard drive formatting. This cost a lot of time to resolve, and in the process we were delayed on a contract that the affected PC's were allocated to work on. It then became company policy to not trigger feature updates unless the update has been market-tested en masse for a minimum of 6 months. It was also around this time during the remediation process that I began following Woody Leonhard, and over the years have trusted his cautious and measured approach which weigh security risk with known threats in the wild and then balances this with the potential disruption a feature update may cause.

What I can do, is since Win10 1903 has been out for 7 months now, I would consider it safe to install. I can go ahead and upgrade to that and install 1909 when I have confidence in its stability.

Irrespective, since I'd like to continue using Malwarebytes due to my faith in your technology, I would at the very least like to download the latest version 3 build that you have prior to release of version 4. If you could share a link with me, perhaps by direct email if you're not comfortable doing so in the forum, then I would be very grateful.

When 1903 is installed, I can then repeat testing with MWB4 and see what happens. If the same problem occurs, I will still have MWB3 to then fall back on, prior to the big push to 1909.

I hope this makes sense, and I apologise if it sounds foolish. There is however good reason behind the decision.

I look forward to hearing from you.

Best,

Marc

 

[Maurice Naggar]

MB version 3.3.1  is very much out of date.   At the very minimum, the pc should have at least version 3.8.1.2965

 uninstall your existing Malwarebytes installation , using the standard Windows Control Panel uninstall.

Windows 10:
https://www.cnet.com/how-to/how-to-uninstall-an-app-or-program-in-windows-10/
 

 
 and use the  Malwarebytes installer linked below to install the  Malwarebytes version 3.8.3.2965  :from this link

After installation, open Settings -> Turn off the, "Automatically download and install..." setting.
Ensure all Real-Time Protection modules and Self-Protection are enabled. 

 

,

You describe a bad experience with Windows build 1703 , which was from 2017.  That is quite regrettable.   However, that is from  old history.

There have been a few builds since then.   Microsoft has made many refinements in their processes.   That has continued thru 2019 .

The builds are tested by thousands of external  Microsoft customers   ( not to mention their own internal tests)..

Look at this page link at Microsoft    https://www.microsoft.com/en-us/software-download/windows10

The top item is the Upgrade assistant.   You may consider using it.

Just before you do the Upgrade, do a backup of the whole system on external backup media and

do a Restart of the system for a fresh session prior to starting the Upgrade.

 

[Marc_Foreman]

Thanks Maurice - I have indeed taken everything you've said on board, and it's encouraging to know just how much more seriously Microsoft are soak-testing their products. I WILL be performing a feature update to 1903 in the very near future, and as soon as is prudent, will then follow on with 1909.

Thanks so much for the link to the most recent version of MWB3 to suit me in the interim, and I will certainly be back in touch. For now, I'll ensure that the MWB support ticket I also opened on this topic is linked with this conversation for internal reference, and if there's anything further I can do within the context of what is achievable given my current restrictions, please let me know and I'll be happy to generate new logging or debug info for you.

Best regards,

Marc

[Maurice Naggar]

Let me know when you have version 3.8.3.2965  in place.   Be sure all 4 real-time protections of MB are on.