Malaware 4.1 codename "Train Wreck"

[edwoods]

I only added the description to the filename to remember which pc it came from. Yes it is a windows 10 pro pc which is seeing the bug checks and dns issue as well. It as well had these problems with the 4.1.0.56. 

[AdvancedSetup]

I don't see a reason for a bug check crash. There were some reports a while back but most of those have been resolved.

Please use our MBST tool and uninstall Malwarebytes on that system. Then run the computer for a few days without Malwarebytes and then let me know if all bug check and DNS issues go away or not.

Then after a few days open the Reliability Monitor and see if there are before and after setting report that can lead to a possible solution

Microsoft Windows Reliability Monitor
https://www.dell.com/support/article/en-us/sln307012/how-to-use-windows-reliability-monitor-to-identify-software-issues?lang=en

 

 

[edwoods]

You may not see why but on mv fileserver I re-enabled the web protection last night and there were two bug checks triggered one around 1am and the other around 620am which also show mwb active just before in my event logs. I have not had the bug checks since I had disabled the web protect, but like I said 2 last nights after re-enabling it yesterday around 7 PM. Your last response you did not really indicate if you had read the mv fileserver log or not and seemed like you may have discounted the possibility of the bug check on this version. So I have included a new bug check from today after the 2 bug checks.

 

mbst-grab-results mv fileserver 4302020 2 bug checks.zip

[AdvancedSetup]

I'm not discounting but with your reluctance to follow almost any advice leads me to not put a lot of effort into reading logs if someone is not going to at least try my suggestions.

At a minimum, not doing anything else you should do a Clean Removal and reinstall to see if that alone makes any difference.

Uninstall and reinstall Malwarebytes using the Malwarebytes Support Tool

If that does not help then there really are only a few choices.

• Let me try to see if we can fix it by general clean up or removal of potential software that might conflict
• Wait for Development to do general fixes until such a time that maybe it does fix your system
• Disable the Web Protection if doing so prevents the crash and/or other issues

Again, I'm not trying to be difficult but so far you've been rather reluctant to try suggestions. No one says they will fix the issue, we are simply trying to fix the computer up so that it does run better (with or without MB) and if none of the fixes work then we can start looking at or creating crash dump files if needed. I see the current system log shows crash dumps but again we would want to first clean up and do things that "might" be causing it and then if none of our fixes work we can document what we've done and ask our QA and Development team to step in and review.

Thank you again

 

[edwoods]

Advancedsetup,

This is not true at all. To the point of starting this thread I have been trying to troubleshoot this issue on 40+ machines. I have been able to pin point it to MWB, So after finding a thread regarding the release of 4.1.0.56. So I updated all of these machines and turned off web protection on the systems that were having the bug checks issues. The mv fileserver I had disabled all of the protections and they all stopped having the bug check issue. Then I started this thread. The next morning before your post, my mv fileserver rig showed the dns I posted about. Then you posted and so i uploaded the log file form the mv fileserver logs, and later on the logs for the wq which is my personal rig. 

At the moment with web protection off the bug check went away, but the dns issue appeared on the wq machine with all of the malaware protections off but still installed. The next day my rig had the dns issue. All the other machines with the web protect still off have been working normal. After your posted asking me to download the beta versions and posting my about screens on these machines I went to do so. However the version I had updated to a couple of days agao was the 4.1.0.56 which I had posted that in my earlier posts. None of these machines were opted in to the beta feature and I could not find any specific download are for a beta train. So I asked for this info. All long you still did not make mention about the first log from the MV fileserver.

When you asked if I had tried the other suggestions yet I had responded no for good reason. First I wanted to get clarification as to where and if there was a beta version that you referred to me or not. Because as far as I know, I am on an actual release version. Secondly I had acknowledge improvement with this version but at this point in time I either still had web protection off or in the wq fileserver all protections off. So I re-enabled them all on the wq fileserver and my rig last night. All the other computers still have web protection off. The WQ Fileserver bug checked 2x in the am. My rig did not.

So it may seem like a lot of trouble for you to check the other log file and to verify if there is a beta version before I start going on a which hunt on systems that have been running these configurations for years and start uninstalling other programs. In particular Acronis which runs my nightly backups on each of these 40 computers. In particular the Ransomware portion which specifically protects these backups actively where malawarebytes does not.

So I have disabled the web protect on the WQ Fileserver, and would appreciate it if you can look at the log and see if you see anything. Can you confirm if the version on the system is a release or the beta you were referring to . When I hear back from you and what you have to share, I would be willing to re-install MWB if this is the most recent release available. 

 

Thanks

 

Ed

 

 

 

 

 

[exile360]

The latest release version (which previously was a beta until a couple days ago) is 4.1.0.56, component package version 1.0.889 (you need to verify the second number as well, because it may change while the primary build version remains the same with some patches/updates).

[AdvancedSetup]

The issue is not having the latest, it's doing a Clean Removal and reinstall using our MBST tool.

 

Please do the following Uninstall and reinstall Malwarebytes using the Malwarebytes Support Tool

Please have lots of patience with the tool.  The first phase is a cleanup and does require a Windows Restart.
After the Restart, it may take 2 - 3 - 4 minutes till the Support tool screen shows up.   Please be patient and have faith.  Wait for it, whatever it takes.
The 2nd phase is where it offers to do a new Install.

Then ensure you restart the computer 2 times and retest. If you're still having an issue please run MBST tool again and gather new fresh logs and post those back and I will review them again.

Thank you

 

 

[edwoods]

I have used the mbst tool to uninstall and reinstall mwb on the mv fileserver. Everything is enabled to we shall see what happens.

 

[AdvancedSetup]

Sounds good @edwoods

If it is still having an issue please use the MBST tool and get me the new logs. It's probably  best that you do a fresh restart if  you're going to get new logs

 

[LiquidTension]

Hi @edwoods,

Please let us know how you get on.

If you find the BSODs persist, please provide us with the following:

• Zipped up C:\Windows\MEMORY.dmp.
• Fresh mbst-grab-results.zip from Malwarebytes Support Tool.
• More details on the activities taking place when the BSOD occurs.
  • Are you running any network filtering or heavy network usage programs at the time of the issue (e.g. torrenting software, Plex, VPN software, etc)?
  • Is there any correlation between the actions that lead up to each BSOD? Or is it random?

[edwoods]

Bug Check again at around 2am on the mv fileserver. Clean install of MWB. Here are my logs. I could not include the memory dmp file since it was 1.3gig. It exceeded the file size limitations.

 

 

mbst-grab-results mv fileserver 5 1 2020.zip

[Porthos]

17 minutes ago, edwoods said:

I could not include the memory dmp file since it was 1.3gig. It exceeded the file size limitations.

Please upload it to WeTransfer and select the option to send the file as a link from the options menu available by clicking on the circular ... button on the page and provide us with the link to the file

[edwoods]

Here is the link for the memory dump

https://we.tl/t-wRp7xaTqeu

 

[AdvancedSetup]

Thank you @edwoods

I believe @LiquidTension is now offline officially until Monday but as soon as he's back I'm sure he will grab the file.

Thank you

 

[edwoods]

Thanks for letting me know.

I disabled the web protection on the mv fileserver and it has not bug checked since. 

[edwoods]

Still no word or update? This is still an issue.

 

[Porthos]

7 minutes ago, edwoods said:

Still no word or update? This is still an issue.

 

They still have not isolated the issue. The logs that you posted are helpful. This issue has been an issue for a while now.

When a fix is found, It will be announced in the forums.

Until then either keep web protection off or revert to a version that is not affected. Post #3 in this topic has details on reverting.

 

[edwoods]

I am still experiencing the same issues. Just wondering if there is any headway?

 

[Porthos]

9 minutes ago, edwoods said:

I am still experiencing the same issues. Just wondering if there is any headway?

 

I am sorry to say in all of my years of using and selling Malwarebytes (since the beginning), this seems to be an issue that continues to elude the developers.

It is not as a widespread issue as some make it out to be. It has also not manifested on the research computers set up by the company.

I personally have only 2 affected clients out of 400+.

I currently have them setup on the older version that is not affected.