Latest Update breaks the "Run as Admin" setting for shortcuts on Win 8.1

[ZeroSol]

I have been pulling my hair out chasing a Win 8.1 problem on 3 PCs for the last few days.  Whenever I try to run any shortcut with checkbox for Run As Admin checked.   I get an error saying that windows cannot access the file or I don't have correct permissions.  That goes for cmd.exe, powershell, and any batch files I have as desktop shortcuts. Everything worked fine on these PCs a week ago and I have looked at the permissions for them and they are identical to a PC that isn't having any problems.  I even tried creating a new Admin account and used that, but the same thing happens.  Creating new shortcuts does the same thing.  As long as I run the shortcut as a standard user, it works fine, but the minute I try to run as admin I get the error.

I have been trying to isolate the problem and today I found that installing the 4.2.295 latest update for Malwarebytes is what breaks this functionality.  I had a PC that I don't use very often and was working correctly and I went through and brought programs up to date very carefully and tested the Run as Admin functionality before and after updating.  The minute I installed MWB latest update, all my shortcuts and the Run As Admin functionality broke.  All 3 PCs that have the issue have been brought up to the latest Malwarebytes version.  Conversely, one PC that I don't have Malwarebytes running on is working fine.

I tried uninstalling MWB using the Control panel uninstall and that didn't fix anything.  

The attached file shows the error I get when I use the System shortcut to cmd.exe and try to run it as Admin. I also get this when I run the Win-X shorcuts for command prompt(admin) or Powershell ( admin).

I have run SFC and sometimes it will report errors and sometimes not.  It usually says it fixes them but the problem never goes away.  Ran DISM on some machines and it reports everything good, but problem still exists.

I hope someone can help me out here.  If you need me to submit any files or logs, please let me know.

 

 

[exile360]

Greetings,

Thank you for reporting this.  I suspect the installer for the latest build might be doing something to affect system wide permissions in Windows 8.1 which would explain the issue you're experiencing.  If you haven't tried it yet, I'd suggest attempting a System Restore to a time before installing the latest Malwarebytes to see if that gets things back to normal.  In the meantime I've noted your findings for the Product and QA teams for further investigation and providing the below logs may help them in attempting to replicate and diagnose the issue:

1. Download and run the Malwarebytes Support Tool
2. Accept the EULA and click Advanced tab on the left (not Start Repair)
3. Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply
   

I would also like to have you work with one of our top technicians on one of the systems to see if he can find a fix, especially if System Restore doesn't correct the issue.

@AdvancedSetup would you please take a look at this permissions issue which appears to be caused by the installation of the latest version of Malwarebytes?

Thanks

[AdvancedSetup]

If the program was successfully uninstalled then there should not be anything causing it to not function. We do not modify permissions like that.

But, please get me the logs and I'll review and see what I can find.

Thank you

 

[ZeroSol]

Hello,

I have attached logs from one of the PCs that still has MWB installed but is experiencing the problem.  I figured that might be more valuable than the one I where I uninstalled MWB.  

I'll try to do a restore tomorrow and see if that fixes the issue.  I do have a system image from last month that I could use if that doesn't work.

thanks

Jim

mbst-grab-results.zip

[AdvancedSetup]

Is there some reason you have a Firewall block in place for your Web browser?

FirewallRules: [TCP Query User{B3E900ED-35EA-4E26-A644-A6AA8E5CCA49}C:\users\vladimir\appdata\local\vivaldi\application\vivaldi.exe] => (Block) C:\users\vladimir\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [UDP Query User{67548380-B65A-4682-80D5-FCE4F73523B7}C:\users\vladimir\appdata\local\vivaldi\application\vivaldi.exe] => (Block) C:\users\vladimir\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)

These items for SuperAntiSpyware are ancient and of no real value to your computer. These are from 2011 and should be removed. If you feel you really want or need them then I'd highly suggest looking to update to the latest version.

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)

uBlock Origin and Malwarebytes Browser Guard are way ahead of this old technology for content blocking.

 

These entries may be valid but you'd probably need to research from Safe Mode or other means to verify if they're valid.

U4 nxdm; no ImagePath
U4 nxfs; no ImagePath
U4 nxpcap; no ImagePath
U4 nxsshd; no ImagePath
U4 nxtun; no ImagePath
U4 nxusbd; no ImagePath
U4 nxusbh; no ImagePath
U4 nxusbs; no ImagePath

 

 

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

NOTE-3: This fix will reset all network connections back to defaults. If you require a fixed network IP then you may want to write down the current settings and reset back after this fix.

The following directories are emptied:

• Windows Temp
• Users Temp folders
• Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
• Recently opened files cache
• Flash Player cache
• Java cache
• Steam HTML cache
• Explorer thumbnail and icon cache
• BITS transfer queue (qmgr*.dat files)
• Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

[ZeroSol]

Hello,

I have confirmed that removing the latest version of Malwarebytes fixes the Run As Admin issue.  I went to another PC that had been updated and had the problem and completely removed Malwarebytes.  At first, I thought it didn't fix anything, but after a restart Run As Admin worked fine.  I was too tired last night to restart and check again on the PC I was working on at the time. 

So far, that 2 PCs out of the three that were broken where uninstalling MWB has fixed the problem.  I'm going to uninstall MWB on the last one this afternoon.  Hopefully, you guys can find the problem and I can re-install MWB.  

As for the firewall rules, 

I only use Vivaldi for a few things and was trying to get it to stop checking for updates at startup.  For some reason, even if you tell it not to check for updates, it will report in at start-up and I don't like that.  I use SUMO to manually check for all updates and then decide when I want to update a program.

The Superantispyware stuff is old and I don't use it for anything other than a single use scanner that I run manually from time to time if I suspect a problem.  The app is up to date, but there are probably a few old files laying around that aren't used since I don't use it for real-time scanning. It has helped me in the past to find things MWB missed.

I don't see much value in running the FRST64 since confirming the source of the problem.  I ran SFC and DISM and have a script that empties out my temp files periodically.

Thanks for looking at the issue and I hope you can locate the problem.

Jim

[AdvancedSetup]

Sorry Jim

Really don't have an answer for you. I don't see anything in the logs specifically to account for this and I'm not seeing anyone else reporting it either.

You can try do a clean removal and reinstall and see if that corrects the issue

Uninstall and reinstall Malwarebytes using the Malwarebytes Support Tool

 

[ZeroSol]

Hello,

I just did a clean and re-install on the third PC.  As soon as the uninstall was done, I tested Run as Admin and it worked fine.  After the re-install it still worked.  Looks like ripping it out by the roots and re-installing took care of the problem.  

I hate stuff like this where you can isolate it but don't know exactly what caused it.  I'm sure you see plenty of that.  

I did find an old post from 2014 that talked about the same kind of problem and after lots of investigation they discovered it had to do with 3rd party context handlers, but they didn't bother to nail down which one.  They just cleared them all out and started over.

Just for grins I am going to take another win 8.1 PC that doesn't have MWB on it and install it and see how it behaves.  Now that you provided a solution I'd like to break it again and do a registry compare to see if I can spot the culprit.

Thanks

Jim

[AdvancedSetup]

Hello @ZeroSol

So are we all set here or did you need further assistance?

Thanks

 

[ZeroSol]

I did an install on a PC that hadn't had MWB on it before and noticed that the version had changed.  When installed, none of the problems with Run As Admin were there.  Looks like you found the problem.  Pretty fast work!

Thanks

 

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you