Jump to content

Recommended Posts

Hi,

A few days ago, I shut down my laptop because I storm was coming. I shut it down and pulled the plug out from the wall in case of a power surge. Then after the storm passed I went to boot it up again and all I saw was a black screen but I could see my mouse cursor when I moved the mouse around. Restarting doesn't seem to be an issue, just whenever I boot up from shutdown, it goes to a black screen, so I press and hold the power button to force it to shut down, then I try to power on again. Sometimes, it takes a couple of tries. Not sure if it's hardware or software. Any help would be appreciated. Thanks.

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

If you are having technical issues with our Windows product, please do the following:

Malwarebytes Support Tool - Advanced Options

This feature is designed for the following reasons:

  • For use when you are on the forums and need to provide logs for assistance
  • For use when you don't need or want to create a ticket with Malwarebytes
  • For use when you want to perform local troubleshooting on your own

How to use the Advanced Options:

Spoiler
  1. Download Malwarebytes Support Tool
  2. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  3. Place a checkmark next to Accept License Agreement and click Next
  4. Navigate to the Advanced tab
  5. The Advanced menu page contains four categories:
    • Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand.
    • Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot.
    •  Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent.
    • Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program.
  6. To provide logs for review click the Gather Logs button
  7. Upon completion, click OK
  8. A file named mbst-grab-results.zip will be saved to your Desktop
  9. Please attach the file in your next reply.
  10. To uninstall all Malwarebytes Products, click the Clean button.
  11. Click the Yes button to proceed. 
  12. Save all your work and click OK when you are ready to reboot.
  13. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows.
  14. Select Yes to install Malwarebytes.
  15. Malwarebytes for Windows will open once the installation completes successfully.

Screenshots:

Spoiler
 
 
 
 
Spoiler

 

 

01.png

02.png

03.png

04.png

05.png

06.png

 

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: Find my premium license key

 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

Greetings,

Please see if fast startup is enabled, and if so, disable it then restart your system and see if shutting down and starting up still causes problems.  Instructions on doing so may be found here as well as here.

Once that is done, if the system is still having trouble or you still can't run the support tool, please follow the instructions in this topic then create a new topic in our malware removal area by clicking here and a malware removal specialist will guide you in checking and cleaning your system of any threats and if the cause of the issues is not an infection, they will have a good chance of finding and fixing it.

Link to post
Share on other sites

I disabled fast startup and restarted the system, then shut down the system, then powered on again and it went to the desktop alright.

However, I tried to run Malwarebytes Support Tools and it goes all the way through but after I click "OK", the log files still don't show up on the desktop. I went to the topic link and downloaded and ran Farbar, but I was just wondering, should I do that in Administrator account or is guest account OK?

Link to post
Share on other sites

15 minutes ago, Porthos said:

Always use an administrator account when providing logs or using the support tool.

Ok I switched to admin account and found the mbst-grab-results.zip file on the desktop so I guess everything is fine for now. I just have one more question. This might be a bit confusing to follow, sorry in advance.

A few days ago, I wanted to change my one and only windows 10 account from admin to guest, because I read that being in admin could pose a security risk. When I tried to do that it said you need to create another account first and make it admin, so there's a least one admin account or something to that effect. So, I created a second account, made that admin and went back to my first account (the one I've been using for years) and changed that from admin to guest.

Now, my question is, in the future when I need to create log files, should I just switch over to the admin account and do it from there or should I change the guest account (where I do most of my work) to admin and generate the log files there?

Link to post
Share on other sites

Changing the guest to admin would be better since most threats install under the local/current user account these days, and honestly I don't ascribe to the theory that using a limited account is better than using an admin account in modern Windows as long as you configure UAC properly.  The entire point of UAC is to restrict the capabilities of executables launched without user approval which attempt to leverage administrative privileges and it works quite well (in fact, UAC is the very reason most modern threats install under the local user account because they want to bypass any UAC prompts, meaning they have just as much power under your limited user account to infect your system).

Link to post
Share on other sites

4 minutes ago, exile360 said:

Changing the guest to admin would be better since most threats install under the local/current user account these days, and honestly I don't ascribe to the theory that using a limited account is better than using an admin account in modern Windows as long as you configure UAC properly.  The entire point of UAC is to restrict the capabilities of executables launched without user approval which attempt to leverage administrative privileges and it works quite well (in fact, UAC is the very reason most modern threats install under the local user account because they want to bypass any UAC prompts, meaning they have just as much power under your limited user account to infect your system).

So if I switch to the guest account (that's now been converted to admin account), in order to generate log files, is that ok or will some diagnostic info be missing in the log files since that admin account isn't the one I normally use?

Link to post
Share on other sites

Info may be missing, it depends on which tool is being used.  For example, Sysinternals Autoruns can only load a single registry hive/user profile at a time, and it cannot read entries under other user accounts if run from a limited user account.  I don't know how all of the tools work, but I know that.  I also know that, while Malwarebytes will scan all user accounts/registry hives to check for threats, there are very likely some limitations when run under a limited user account, however the use of system level services and drivers may overcome this limitation, which I believe is how they have implemented it (a very good thing, but it also means that to install, upgrade, or uninstall it, you must be in and admin account).

Link to post
Share on other sites

A long time ago, back when I was the Product Manager for Malwarebytes' Anti-Malware, we were having a discussion regarding exploits and modern threats and how to deal with them.  The thinking from the Devs was that we needed a solution that just dealt with the main system files and registry hives (the HKLM hive) because they believed that the infections were running with admin or system privileges and bypassing User Account Control.  I explained that based on the threats I'd seen, they were actually installing locally under the current user account, even if it was a limited account because they were deliberately avoiding anything that required admin permissions, thus avoiding any UAC prompts altogether.  It turned out I was right, and so they implemented the scan engine to check offline registry hives (the registry for the other, offline user accounts).  This is still true of most threats today.  It is true that some will still use admin/system level drivers and services for their infections, however most do not because most users use a single user account and don't know that they can easily switch user accounts in order to avoid the infection from loading.  It is a fact that the bad guys rely on, and it works.  This cripples the effectiveness of a limited user account, leaving it vulnerable to most threats in the wild, which in my opinion leaves it as nothing more than an inconvenience.

That said, I do believe that any user who really wants to secure their system should crank up UAC to its maximum setting so that it behaves like Windows Vista did, rather than the more lax Windows 7 style approach of only prompting when an application, not the user, attempts to make system-wide changes.

Link to post
Share on other sites

19 minutes ago, exile360 said:

A long time ago, back when I was the Product Manager for Malwarebytes' Anti-Malware, we were having a discussion regarding exploits and modern threats and how to deal with them.  The thinking from the Devs was that we needed a solution that just dealt with the main system files and registry hives (the HKLM hive) because they believed that the infections were running with admin or system privileges and bypassing User Account Control.  I explained that based on the threats I'd seen, they were actually installing locally under the current user account, even if it was a limited account because they were deliberately avoiding anything that required admin permissions, thus avoiding any UAC prompts altogether.  It turned out I was right, and so they implemented the scan engine to check offline registry hives (the registry for the other, offline user accounts).  This is still true of most threats today.  It is true that some will still use admin/system level drivers and services for their infections, however most do not because most users use a single user account and don't know that they can easily switch user accounts in order to avoid the infection from loading.  It is a fact that the bad guys rely on, and it works.  This cripples the effectiveness of a limited user account, leaving it vulnerable to most threats in the wild, which in my opinion leaves it as nothing more than an inconvenience.

That said, I do believe that any user who really wants to secure their system should crank up UAC to its maximum setting so that it behaves like Windows Vista did, rather than the more lax Windows 7 style approach of only prompting when an application, not the user, attempts to make system-wide changes.

Alright, I went to UAC and it was already to its max setting, I must have read somewhere before to set it to the max. Is that the only configuration that you would recommend for the UAC? Also, for the user account that I mainly use, do you recommend keeping it as guest or changing it to admin? Can other user accounts be a liability if you don't use them, in other words can they be infected if you're not logged into them?

Link to post
Share on other sites

You could use the default instead and you'd get fewer UAC prompts (like when you try to access any setting that requires admin privileges to change), and while that would still defend against most threats that try to do anything admin permissions are required for, however if you can tolerate the annoyance of slightly more frequent UAC prompts, it's worth it for the added security, at least in my opinion.

You can do whatever you like with your account's permissions, however with UAC maxed out, running as admin should be fine as long as you pay attention to the UAC prompts to ensure that you don't authorize anything malicious, however as long as you are the one initiating the action triggering the UAC prompt you should be OK.  You still need to be wary of what applications you choose to install, though that is more of a PUP (Potentially Unwanted Program) prevention measure than anything else these days, however the same would apply when using a limited account, as UAC is still the barrier that secures your limited account by prompting for admin authorization when performing any higher privileged action.

For the most part, other accounts should not be a liability when they are not in use, however I would also recommend ensuring that remote access/remote desktop is disabled as well, since that is a potential way for an attacker to exploit other user accounts on the system.  Details on remote desktop and configuring it can be found here.

With all of that said, this is precisely the reason that Malwarebytes scans offline registry hives for other user accounts on the system, because it is designed to look for all malware on the system, regardless of which account it might be active/installed under.

I hope that this helps, and if there is anything else we may assist with please let us know.

Thanks

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.