Jump to content

Malwarebytes will not run


Recommended Posts

Hi,    :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.

Let me know what first name you prefer to go by.

 

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me.

If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible.

 

Please only just attach   all report files, etc  that I ask for as we go along.

I regret to read of this trouble.

 

I would like to have you run a report tool known as FRST. This has no personal information. It is a well-known & widely used & safe.
FRST will help provide me with a list of installed programs and other information about your computer that will help me see if there are any other problems that are not being detected. Please follow the steps below to run FRST.


1: Please download FRST from the link below and save it to your desktop:

"Download link for 32-Bit version Windows"



"Download link for 64-Bit Version Windows"



Please wait and look toward the top or bottom of your browser for the option to Run or Save.
Click Save to save the file version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Run report with FRST

Right-click on FRST icon and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run.
 

_Windows 8 or 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen._

Click YES when prompted by Windows U A C prompt to allow it to run.
Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway.


Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. 

Click Yes when the* disclaimer* appears in FRST.
The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use.

Make sure that Addition options is *checked* - the configuration should look exactly like on the screen below (do not mark additional things unless asked).
Press Scan button and wait.

 

image.png.186a858c4e7904852f8f84936528fdc0.png






The tool will produce 2  logfiles on your desktop: FRST.txt , Addition.txt 
Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files.

Please attach these 2 files to your next reply.

Thank you.

Link to post
Share on other sites

Here are the files.

malwarebytes is working now. Between my first post and your reply I restarted my pc, installed the .NET framework 3.5 and 4.8 cumulative update for 2-2020. When I tried to run Malwarebytes after restart it started to scan and then quit. MB restarted and I checked for an update which it needed so I did that. I was able to run a scan after the update. No detections. I typically have daily scans but my last one was 2/18/20.

FRST.txt Addition.txt

Link to post
Share on other sites

Thanks for the info & FRST reports.   I am happy to read that Malwarebytes ran.

I notice that Malwarebytes version 4.1.0.56   is what is installed.

May I ask you to get for me, a copy of the last Scan report.

locate the Scan run report;  export out a copy;  & then attach in with your  reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

also, Let me know if you need other help.

Cheers.

Link to post
Share on other sites

As far as the loigin problem to this forum, I will ask   @AdvancedSetup    to elicit his advice.

 

The Malwarebytes scan run of March 4, 2020  is perfect.   No malware, no P U P   The program version is the very latest version 4.1.0.56    & the scan was a manual one.

The other report is from February 18 & reported no malware & no P U P.  The scan was run by the scheduler.   The program version was the older 4.0.4.49

I would suggest you take a look on the program & see about the scheduled time

Start Malwarebytes.  Just click on the center pane marked Scanner.    Then click on Scan Scheduler.

Look at the line Threat Scan.   Double click it to review it's settings.   Look at the time setting.

Look to see that the Repeat setting shows Daily.    Look to see that the selection is on  ( blue background, with button to the right) for "If missed, scan at next opportunity".

 

 

Edited by Maurice Naggar
Link to post
Share on other sites

  • Root Admin

Hello @dugrn

Please try the following to correct login issues in Google Chrome. It is a browser setting issue only.

Change your cookie settings
  1. On your computer, open Chrome.
  2. At the top right, click Settings.
  3. At the bottom, click Advanced.
  4. Under 'Privacy and security', click Site settings. Cookies.
  5. Turn Allow sites to save and read cookie data on

 

image.png

 

image.png

 

image.png

 

image.png

 

 

 

 

Link to post
Share on other sites

Hi Maurice

 

ny scan settings as as they were before all this happened.

 

Threat scan—date/time—Repeats everyday—-scan at next opportunity.

MB ran as scheduled today.  As for my login in issue, the advice from AdvancedSetup did not work. 

Link to post
Share on other sites

I am glad to know that the Malwarebytes Premium scheduled scan worked.   I believe that brings us to the end of the "not run" issue.

I am not an expert on issues with forum logins.   I can ping @AdvancedSetup    

But if you use Chrome, drill thru the Settings,  and in the saved passwords section, find any for forums.malwarebytes.com

& then if there, delete it   & then be real careful when typing in your user-login and password

 

To remove the FRST64 tool & its work files, do this.  Go to your DESKTOP.  Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.

Then run that ( double click on it)  to begin the cleanup process.

Link to post
Share on other sites

What is being blocked is a outbound attempt to connect to ipv4.login.msa.akadns6.net

The block is in effect because our researchers had deteremined that that link does phishing

The Block notices from Malwarebytes web protection do mean that Malwarebytes is keeping your pc safe from potential harm.

A block notice is an advisory of the "block".

For Your Information:

The website  Block message indicates that a potential risk was blocked by the malicious website protection. 

The Malwarebytes web protection, by default, will always show each IP block occurrence.

The Malwarebytes Webs protection feature will advise customers when a known or suspected malicious IP is attempted to be reached (outgoing) or is trying access your PC.

 

See our info page https://www.malwarebytes.com/lp/ip-blocking/?ipblock=true

 

Incoming block notice can be ignored, our software is blocking the threat and there is nothing more that can be done.

On Outbound blocks, any attempted connection was stopped.

 

No action is required unless you’re also experiencing malware symptoms or there are multiple (different) IPs (ex;123.23.34 and 4.44.56).

.

Run a scan with Malwarebytes.
Start Malwarebytes from the Windows  Start menu.

Click Settings ( gear icon)   at the top right of Malwarebytes window.   We want to see the SETTINGS window.

Then click the SECURITY  tab.
Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON
Click it to get it ON  if it does not show a blue-color

Now click the small X  to get back to the main menu window.


Click the SCAN button.
Select a Threat Scan ( which should be the default).

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

Then click on Quarantine selected.

 

Be sure all items were removed. (  if any item is flagged )

 

Link to post
Share on other sites

So I reviewed the malicious sites blocked reports.  There are multiple from the same IP address And from the same file location over about 45min. 7 hours later on the same day theee were 3 outbound attempts with a different IP address but same file location. The final one of those 3 had the same IP but a different t file location. All of these showed up on detection history with event “RTP detection”. I have uploaded the reports below as well as the scan log I performed based on your instructions 

scanreport 3-6.txt RTP detection 2-10 1251pm.txt RTP detection 2-10 1158am.txt RTP detection 2-10 721pm.txt RTP detection 2-10 720pm.txt malicioussiteblock.txt

Link to post
Share on other sites

Hi @dugrn

Thanks for the Malwarebytes scan report of March 6.   That is perfectly fine.

The detection reports from February 10 we need to discard.   What counts more, is,  whether there were any block events today March 6.

Ron mentioned just above  

Quote

 FYI that the OneDrive blocks were a False Positive that was fixed

 

Edited by Maurice Naggar
Link to post
Share on other sites

Actually one of those reports I sent shows it did not come from onedrive. It came c:\windows\system32\svchost.exe and had a different up address. It was actually the last outbound I had.  
there have been no block events since 2/10

Link to post
Share on other sites

I guess I’m confused. The last outbound attempt was from a different IP and file (not one drive) on 2/10. In a previous post you said

 

“No action is required unless you’re also experiencing malware symptoms or there are multiple (different) IPs (ex;123.23.34 and 4.44.56).“

2/18 was the last daily scan and MB quit running until 3/4 which is what prompted this whole thing.

Link to post
Share on other sites

The scheduled scans are running now, right ?   I mean since yesterday ?

The old reports with the old block events from February do not matter now.   You have mentioned here 

Quote

there have been no block events since 2/10

 

So after Feb 10, there have been no block notices.   That is great.  Also, as AdvancedSetup noted  ( and I mentioned that too) there had been a false positive before on OneDrive which was addressed and adjusted for by the Malwarebytes protection team  ( thru updates).

Your system has had that update on or about  the Feb 11.    We have to remember that the OneDrive false positive was corrected on Feb 10.

The block notices were courtesy ones & do not mean that they derived from any actual "infection" nor threat.   Lets put that to rest.

 

Questions:  Is it not true rhat Malwarebytes program runs ?   It has been running for since at least last Wednesday night, per your prior note-reply of Wednesday.

The issue of the scheduled scans for this week can be looked at closer.   There is no infection on this machine as far as I can determine.

 

I would like you to run the Malwarebytes Support tool so that I can review the history of Malwarebytes on this pc.

Do have patience while the report tool runs.  It may take several minutes.  Just let it run & take its time.  You may want to close your other open windows so that there is a clear field of view.

Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.5.4.760.exe  to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

 

 

Link to post
Share on other sites

Hello, Doug.

Thank you for the ZIP from the support tool.   This helps a lot, to see the full history, including Block events.

All the block events are from February 10.   The current calendar is way past that, obviously.  There were NO block events after the 10th of February.

The blocks were about "ipv4.login.msa.akadns6.net"

As mentioned before, that was a False Positive  that was corrected by the web protection team on FEB 10.

I regret that your machine got caught by the false positive by the web protection of Malwarebytes.

The Malwarebytes protection team was quick in addressing it.

.

I notice that for the past 3 days, the Schedules scan has run.  That is for the 5th, 6th, & 7th of March.

This pc currently has Malwarebytes version 4.1.0.56    & that is shown  as having been installed on 4th of March.

There is no other install history besides that one.

The prior version on this machine was version 4.0.4.49

The program was running all along in February & into March.  Though it seems the program ran into communication failures reaching the Malwarebytes server on the 20th & 21st.

 

The program is currently up to date.   The scheduled scan is ON, for daily.   The program is the latest release & has all protections on.

Is there anything else that you need ?

 

 

Link to post
Share on other sites

Hi.  I believe we can wrap up this case.

You may delete the filde I had you download named mb-support-1.5.4.760.exe

To remove the FRST64 tool & its work files, do this.  Go to your DESKTOP.  Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.

Then run that ( double click on it)  to begin the cleanup process.

You may delete other files I had you download.

.

The first best practice of computer safety is to have backups of the system.  Make regular periodic backups to offline removable media.

Backup is your best friend.

 

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

 

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".

Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).


Free games & free programs are like "candy". We do not accept them from "strangers".


Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

 

 

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.

 
Do a Windows Update.

Make certain that Automatic Updates is enabled.
https://support.microsoft.com/en-us/help/12373/windows-update-faq




Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"

.

Best wishes to you.

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.