Jump to content

Recommended Posts

I drafted this report in this topic, but I think it deserves a topic of it's own for better visibility, especially as I discovered more issues.

1.It doesn't autostart after reboot to perform post-reboot cleanup despite being logged on as admin both before and after reboot and UAC being already set to defaults since the very beginning . I was able to manually start post reboot cleanup using Autoruns tool. There I saw MBST autostart entry is in a Run key under HKCU. I don't remember exactly when and where but I read somewhere that Windows refuses to autostart programs that have admin rights flag set, especially if they try to run from HKCU. This is the case for support tool. Both downloaded executable and unpacked executable to admin user temp folder have admin rights flag set. Still reproducible with release 1.7.0.

2. If I allow Support tool to install MBAM after cleanup, it installs the very old MBAM legacy 3.5.1 for XP. I saw this even with MBST 1.6.2 and now version 1.7.0. Screenshot attached.

3. MBST doesn't actually run FRST during logs collection, it just scrapes C:\FRST\Logs and grabs what's in there. If FRST never ran or its logs were deleted, logs would be incomplete. To have full logs you have to manually download and run FRST scan with default settings before running MBST. This is either a failure of MBST to grab and run FRST or UI is misleading about Run FRST step. Still reproducible with release 1.7.0.

4. Cleanup is incomplete. Still reproducible with release 1.7.0. This has been reported by other users in other topics. Mainly I spotted these locations not being deleted:

- These are created for every user account who opened Malwarebytes UI

%LOCAALAPPDATA%\mbam\
%Temp%\mbam\

- Created on admin account with which credentials Malwarebytes is uninstalled

%Temp%\MBAMInstallerService.exe

 

nbst-installs-mbam-legacy.png

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

If you are having technical issues with our Windows product, please do the following:

Malwarebytes Support Tool - Advanced Options

This feature is designed for the following reasons:

  • For use when you are on the forums and need to provide logs for assistance
  • For use when you don't need or want to create a ticket with Malwarebytes
  • For use when you want to perform local troubleshooting on your own

How to use the Advanced Options:

Spoiler
  1. Download Malwarebytes Support Tool
  2. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  3. Place a checkmark next to Accept License Agreement and click Next
  4. Navigate to the Advanced tab
  5. The Advanced menu page contains four categories:
    • Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand.
    • Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot.
    •  Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent.
    • Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program.
  6. To provide logs for review click the Gather Logs button
  7. Upon completion, click OK
  8. A file named mbst-grab-results.zip will be saved to your Desktop
  9. Please attach the file in your next reply.
  10. To uninstall all Malwarebytes Products, click the Clean button.
  11. Click the Yes button to proceed. 
  12. Save all your work and click OK when you are ready to reboot.
  13. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows.
  14. Select Yes to install Malwarebytes.
  15. Malwarebytes for Windows will open once the installation completes successfully.

Screenshots:

Spoiler
 
 
 
 
Spoiler

 

 

01.png

02.png

03.png

04.png

05.png

06.png

 

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: Find my premium license key

 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Share this post


Link to post
Share on other sites

Greetings,

I've never heard of the Support Tool displaying several of the issues you describe; I would like you to post in our malware removal section for more advanced diagnostics, not because I believe your system is infected, but because they are able to use more advanced methods and tools for diagnosing and fixing issues than those available to use in this part of the forums.  To do so, please follow the instructions in this topic then create a new topic in our malware removal area by clicking here and a malware removal specialist will guide you in checking and hopefully finding the cause of these issues and fixing it.

Share this post


Link to post
Share on other sites

Created topic per request: https://forums.malwarebytes.com/topic/262297-throughly-diagnose-malwarebytes-support-tool-issues/

Share this post


Link to post
Share on other sites

Excellent, thank you.  I will request that one of our top techs take a look.

@AdvancedSetup would you please aid in determining why the Malwarebytes Support Tool behaves so strangely on this system?  The MR thread is here.

Share this post


Link to post
Share on other sites
Posted (edited)
Quote

1.It doesn't autostart after reboot to perform post-reboot cleanup despite being logged on as admin both before and after reboot and UAC being already set to defaults since the very beginning . I was able to manually start post reboot cleanup using Autoruns tool. There I saw MBST autostart entry is in a Run key under HKCU. I don't remember exactly when and where but I read somewhere that Windows refuses to autostart programs that have admin rights flag set, especially if they try to run from HKCU. This is the case for support tool. Both downloaded executable and unpacked executable to admin user temp folder have admin rights flag set. Still reproducible with release 1.7.0.

The Support Tool only uses an HKCU\...\Run value as a backup. The default startup mechanism is a scheduled task. The Run value is created when the scheduled task creation fails. Are you performing a Clean/Repair in Safe Mode?
 

Quote

2. If I allow Support tool to install MBAM after cleanup, it installs the very old MBAM legacy 3.5.1 for XP. I saw this even with MBST 1.6.2 and now version 1.7.0. Screenshot attached.

Your OS version is being interpreted as Windows Vista or lower. We will look into this.
Are there any compatibility flags set on the downloaded mb-support-{version}.exe file (or the browser with which you downloaded the file)?
 

Quote

3. MBST doesn't actually run FRST during logs collection, it just scrapes C:\FRST\Logs and grabs what's in there. If FRST never ran or its logs were deleted, logs would be incomplete. To have full logs you have to manually download and run FRST scan with default settings before running MBST. This is either a failure of MBST to grab and run FRST or UI is misleading about Run FRST step. Still reproducible with release 1.7.0.

It does, but only if the FRST executable is successfully downloaded when the tool is first launched. In your case, the file is not being downloaded successfully due to a network issue so FRST is not run when you gather logs.
 

Quote

4. Cleanup is incomplete.

The %LOCAALAPPDATA%\mbam path is included as part of cleanup and in most cases is successfully cleaned up. We are however aware of a couple of issues and have defects filed, which we hope to address in a future update. The %Temp%\mbam and %Temp%\MBAMInstallerService.exe paths are intentionally not included as part of cleanup, so it's expected to see these paths remain.

Edited by LiquidTension

Share this post


Link to post
Share on other sites
20 hours ago, LiquidTension said:
Quote

1.It doesn't autostart after reboot to perform post-reboot cleanup despite being logged on as admin both before and after reboot and UAC being already set to defaults since the very beginning . I was able to manually start post reboot cleanup using Autoruns tool. There I saw MBST autostart entry is in a Run key under HKCU. I don't remember exactly when and where but I read somewhere that Windows refuses to autostart programs that have admin rights flag set, especially if they try to run from HKCU. This is the case for support tool. Both downloaded executable and unpacked executable to admin user temp folder have admin rights flag set. Still reproducible with release 1.7.0.

The Support Tool only uses an HKCU\...\Run value as a backup. The default startup mechanism is a scheduled task. The Run value is created when the scheduled task creation fails. Are you performing a Clean/Repair in Safe Mode?

No.

20 hours ago, LiquidTension said:
Quote

2. If I allow Support tool to install MBAM after cleanup, it installs the very old MBAM legacy 3.5.1 for XP. I saw this even with MBST 1.6.2 and now version 1.7.0. Screenshot attached.

Your OS version is being interpreted as Windows Vista or lower. We will look into this.
Are there any compatibility flags set on the downloaded mb-support-{version}.exe file (or the browser with which you downloaded the file)?

No. I checked with right click - Properties - Compatibility on both web browser shortcuts on Start and desktop respectively and on mb-support-1.7.0.827.exe. I even checked the unpacked mb-support.exe from %Temp%\mwb*.tmp\.

20 hours ago, LiquidTension said:
Quote

3. MBST doesn't actually run FRST during logs collection, it just scrapes C:\FRST\Logs and grabs what's in there. If FRST never ran or its logs were deleted, logs would be incomplete. To have full logs you have to manually download and run FRST scan with default settings before running MBST. This is either a failure of MBST to grab and run FRST or UI is misleading about Run FRST step. Still reproducible with release 1.7.0.

It does, but only if the FRST executable is successfully downloaded when the tool is first launched. In your case, the file is not being downloaded successfully due to a network issue so FRST is not run when you gather logs.

I wonder where it downloads FRST from. If I'd have the link I could test it with other DNS servers. Maybe a glitch with Cloudflare DNS.

20 hours ago, LiquidTension said:
Quote

4. Cleanup is incomplete.

The %LOCAALAPPDATA%\mbam path is included as part of cleanup and in most cases is successfully cleaned up. We are however aware of a couple of issues and have defects filed, which we hope to address in a future update. The %Temp%\mbam and %Temp%\MBAMInstallerService.exe paths are intentionally not included as part of cleanup, so it's expected to see these paths remain.

Thanks for clarifying that it's a known issue.

 

In the meantime the annex thread ended with no evidence that anything is obviously wrong at my end.

Share this post


Link to post
Share on other sites
2 hours ago, pal1000 said:

I checked with right click - Properties - Compatibility on both web browser shortcuts on Start and desktop respectively and on mb-support-1.7.0.827.exe.

Did you also check by clicking the Change settings for all users to ensure none of the boxes in that list were checked/enabled?  I ask because there are 2 places compatibility settings are stored; both under HKCU (which the items on the first/primary Compatibility tab apply to), as well as HKLM (which apply to all users under that menu).

Share this post


Link to post
Share on other sites
1 hour ago, exile360 said:

Did you also check by clicking the Change settings for all users to ensure none of the boxes in that list were checked/enabled?  I ask because there are 2 places compatibility settings are stored; both under HKCU (which the items on the first/primary Compatibility tab apply to), as well as HKLM (which apply to all users under that menu).

Nice try but no boxes are checked there either for any potential files I mentioned above.

Share this post


Link to post
Share on other sites
6 hours ago, pal1000 said:

In the meantime the annex thread ended with no evidence that anything is obviously wrong at my end.

It was ended but for clarification you run your setup vastly different than any computer I've seen anyone run before and obviously no one is going to attempt to set up their computer like that just for testing. As I said in the other topic, I have no proof those settings will cause an issue but neither you or I have the opposite proof that it does not cause an issue. I can almost guarantee you though if you formatted the drive and installed Windows 10 fresh and left everything the way it comes from a default install that Malwarebytes would run without an issue. I realize you're not going to do that but you also have to realize that we're not going to setup a computer like yours and spend dozens of hours trying to make our program work in a non-default setup. If there is something simple, obvious we find wrong okay we'll be more than happy to look at fixing it for everyone as in one of the issues that @LiquidTension already mentioned.

At this point further input would be needed by @LiquidTension as to what further information or tests he'd like to perform.

Thank you again

 

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.