Jump to content

Ransomeware Protection unstable computer


Recommended Posts

I am seeing the same issue - I was about to rebuild my machine from a clean os install until I tried uninstalling MalwareBytes and the machine came back to normal (I just recently switched to MWB from using Symantec Small Business Endpoint Protection that Broadcom seems to have abandoned).  I then found this ticket and reinstalled but disabled the ransomware checks and the machine is usable again.  In my case half of my reboot attempts would fail to finish the login sequence with everything failing to find a network adapter (checks for updates failing, not able to do remote desktops to other machines, symptoms like that). With the ransomware enabled just getting past the login screen would take over 5 minutes (about 20 seconds without it) and then it would be significantly longer before the icons would show up on the desktop or the application bar would show the pinned applications (if they ever showed up at all).

I guess I will run with ransomware protection turned off for a while until I see an update from MWB.

Link to post
Share on other sites

4 minutes ago, johnruck68 said:

I guess I will run with ransomware protection turned off for a while until I see an update from MWB.

We need to get information from this machine in order to have the proper detail to help you forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

    Download Malwarebytes Support Tool
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support xxx.xx.exe to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"

    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.

Link to post
Share on other sites

Well, here is the file after rebooting with ransomware protection turned back on - note that the first time I ran the support tool  it crashed during the FRST step (stopped spinning then the window disappeared a few minutes later).  After that I shutdown all of the apps that start on bootup and it was able to run the second time so I have attached the zip file.  Note that this boot was fairly peaceful so I am not sure how much this log will help, but then again on the problematic boot ups I probably wont even be able to run the support tool so this might be the best we can get.

mbst-grab-results.zip

Link to post
Share on other sites

One other note, even with the Ransomware Protection disabled I was still on occasion after a reboot having the network disappear.  Disabling the Exploit Protection as well as the Ransomware Protection seems to have a resolved that (6 reboots so far an no networking issues).

Link to post
Share on other sites

Also, I have this morning noticed that I need to have the web protection turned off for most networking to work right - yahoo.com was taking minutes to open up and the Gems Of War game was unable to connect to its servers - on my phone (which is using the wifi to my main network) these were instantaneous and having no issues connecting even though they are on wifi and the computer with MWB installed is on a gigabit ethernet connection which should be faster and more instantaneous than the wifi.

Link to post
Share on other sites

  • Root Admin

Hello @johnruck68

More than likely this will not change or correct the issue, but it will ensure that your installation is good and no corrupt or any old files that did not get updated.

 

Please try the following STEPS

 

STEP 1
Please do the following Uninstall and reinstall Malwarebytes using the Malwarebytes Support Tool

Please have lots of patience with the tool.  The first phase is a cleanup and does require a Windows Restart.
After the Restart, it may take 2 - 3 - 4 minutes till the Support tool screen shows up.   Please be patient and have faith.  Wait for it, whatever it takes.
The 2nd phase is where it offers to do a new Install.

 Let us know if that clears up the issue or not.

 

If STEP 1 did not help then please restart the computer and  proceed to STEP 2 so that we can get logs to help us determine the cause


STEP 2
When the issue occurs, do you have a VPN or any other network filtering software enabled (besides Malwarebytes)?
Does this issue consistently present itself when Web Protection is enabled?
Does the issue occur when you are not using Bittorent, qBittorrent, or any other P2P torrent software?

We're in need of additional information to help narrow down the cause of this issue.
Part of this process will involve manually triggering a crash to obtain a memory dump, which will hopefully show what the Web Protection driver is doing to cause this issue. You can read more about this process here.


Once you've reproduced the issue and are actively experiencing it, force a crash by pressing the following keys at the same time: Left Ctrl+Left Alt+U+U.

After the machine has rebooted, you should find a memory dump named MEMORY.dmp in C:\Windows. Please zip this up and provide it to us.

Please follow the directions from the following topic:  Upload Malwarebytes Support Tool logs offline and upload that new log as well on your next reply
 

Thank you

 

Link to post
Share on other sites

Well, bad news is I have already started rebuilding this machine with a clean os install.  Good news is I think I have identified the networking issue I was seeing - it appears that Malwarebytes occasionally goes crazy if VMWare Workstation is installed (I am guessing this is due to the extra networks that it adds).  I had no issues for 24 hours on the machine until I finally got around to installing VMware workstation and on the next reboot the networking issue reappeared - I wasnt even able to uninstall vmware on that bootup - it hung on trying to remove its changes to the firewall setup - I had to do a reboot and the next time it was happy enough to allow me to uninstall.  I guess at this point I may need to setup another machine to act as a vmware vm server since it appears that I cant leave it on this machine anymore.  Not sure if it matters, but the VMWare workstation was the latest - 15.5.2. (I had been on that version before I installed MWB, so I dont know if anything changed on their end).

One thing I did see that I would like some clarification.  I am doing the clean install to a new SSD with the idea of keeping the old SSD around for reference until I got everything transferred off (I was connecting the old SSD via usb so that I could pull files onto the new one).  I rebooted one time with the old SSD still connected via usb and since that reboot when I tried to switch back to using that SSD (by replacing the current "C Drive" ssd with the old one) the machine no longer recognizes that disk as bootable (it goes into the network bios boot logic even after explicitly selecting that SSD as the boot drive).  Is this something that Windows did or was this a rootkit/malware protection change that MalwareBytes did to make the drive no longer bootable?

Link to post
Share on other sites

  • Root Admin

Hello @johnruck68

It may have just been a fluke with something else going on. I run VMware Workstation 15.5.2 on my Windows 10 Pro x64 without any issues.

If you've uninstalled VMware now and have rebooted. Please go ahead and run FRST for me and post back the logs and I'll review

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.