Jump to content

BSoD - ransomware protection


Go to solution Solved by tetonbob,

Recommended Posts

1 minute ago, Rimmsi said:

I have similar problems, but with farflt.sys ransomware drv.

Can you please collect and upload as an attachment the diagnostic data using our MBST?

  • Download and run the Malwarebytes Support Tool
  • Accept the EULA and click Advanced tab on the left (not Start Repair)
  • Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply
Link to post
Share on other sites
1 minute ago, Porthos said:

Can you please collect and upload as an attachment the diagnostic data using our MBST?

  • Download and run the Malwarebytes Support Tool
  • Accept the EULA and click Advanced tab on the left (not Start Repair)
  • Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply

Yes boss .... I know .. ;)  Here ...

 

mbst-grab-results.zip

Link to post
Share on other sites
13 minutes ago, Rimmsi said:

Yes boss .... I know .. ;)  Here ...

The logs were missing the FRST portion of the logs. Defender might have blocked it from running.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

Link to post
Share on other sites
15 minutes ago, Porthos said:

The logs were missing the FRST portion of the logs. Defender might have blocked it from running.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

Interesting .... "Code Integrity determined that a process (\Device\HarddiskVolume3\Users\Rimmsi\AppData\Local\Programs\Opera GX\72.0.3815.465\opera.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements."

I use MB webbrowser guard in Opera .. i suspected it but no change after uninstall .. already tryed befor make this log. I dont thing there is problem with any software conflict .. maybe after MB update .... hmm hmmm tricky...

 

Addition.txt FRST.txt

Link to post
Share on other sites
1 minute ago, Rimmsi said:

Interesting .... "Code Integrity determined that a process (\Device\HarddiskVolume3\Users\Rimmsi\AppData\Local\Programs\Opera GX\72.0.3815.465\opera.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements."

I use MB webbrowser guard in Opera .. i suspected it but no change after uninstall .. already tryed befor make this log. I dont thing there is problem with any software conflict .. maybe after MB update .... hmm hmmm tricky...

 

Addition.txt 70.36 kB · 0 downloads FRST.txt 38.9 kB · 0 downloads

"Defender might have blocked it from running." I tryed turn off .. logs are same :) 

Link to post
Share on other sites
1 minute ago, Porthos said:

I see you are using a RAMDISK, Malwarebytes has issues with those.

 

Yes ... i use MB year with ramdisk and no problems ... as i say... problem come with last update of MB .... i have identical problem on Notebook without ramdisk ... ramdisk is only browser cache and user TMP .. BSOD coms in 99% with open Opera browser ... So i try edge .... BSOD too.....  no Windows updates or software updates meantime .... ther is something "updated" in farflt ... i have another PC with indentical software - ramdisk, opera ... but thers non-updated MB... PC runs fine .. so i turn off MB updates ..... 

Link to post
Share on other sites
2 minutes ago, Porthos said:

Have you tried the current BETA released today?

 

Yes ... beta on ..  still BSOD with ransomware protect on 😕 i read all topic here .... try all tips .. nothing help....

Link to post
Share on other sites

So... its definietly OPERA GX conflict with MB... when i enable ransomware protect and runs OPERA = instant crash (with last beta update its instant BSOD when run OPERA... befor update, BSOD come later in OPERA not instant).... i try change CACHE dir of opera from ramdisk to HDD... = still crashing..... then i try chrome CHACHE redirect to ramdisk and thers no problem ... same in EDGE ... so ramdisk is not a problem i hope... interesting thing .. EDGE, OPERA, CHROME... all runs on chromium...

Link to post
Share on other sites
  • tetonbob changed the title to BSoD - ransomware protection
7 hours ago, nikhils said:

Hello @Rimmsi

Thank you for providing the logs and also we apologize you are running into this issue.

Can you please send us the following log file: c:\Windows\Memory.dmp

 

Hello ... I upload AS SOON AS POSSIBLE... Log size almost 1GB  ... Thanks for reply both of you ... No need to apologize i like solving this challange 😊

Link to post
Share on other sites

BSOD back ... i investigate when ransomware ON - then run OPERA = crash .... when i disable ransomware and run opera (no crash) then turn ransomware on = all working ... but if i run new instance of opera instant BSOD here .... so ransomware enable + initial start of OPERA = farflt.sys BSOD.....

log from 2nd machine - https://drive.google.com/file/d/1Tic1mGrsp2FxXFyp6ul0YY0sg1OqlU9h/view?usp=sharing

 

Link to post
Share on other sites

Hi @tetonbob 

Installed on both machines... Looks stable now :) ...  Opera runs with ransomware protect enable - no instant BSOD when start .... 

I'll test update for few hours than I report feedback...

So ... thank you very much alls for quick solving ... Great work, im glad for this interest from all whos make or help fix issue. :) Best regards Rimmsi...

  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.