Jump to content

Malwarebytes is blocking all my MS Word 2013


Go to solution Solved by AdvancedSetup,

Recommended Posts

I have an issue very similar to 

I attempted the suggested solutions but none is working for me. My macros that I've used in word for years are not working.

I don't recall exactly when I last used Word 2013 (part of office 2013 pro) but this after noon I attempted to create a new word document and noticed that my modified word template (normal.dotm) was NOT being used. I restored the template using a file dated 06/14/20 and now I get the Exploited blocked message. It does not matter if I attempt to open the new document or one that I previously created, nor can I open the Normal.dotm file.

I can open Word in safe mode.

I'm currently using Malwarebytes Premium 4.4.5 

I just replaced the normal.dotm file with one dated 08/11/18 and word still fails to open and I see the exploit blocked.

I just right-clicked on the Malwarebytes icon in the Systray and turned off  "Exploit Protection" and now I can successfully open Word.

Do you have a dummies version explanation for a solution?

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

If you are having technical issues with our Windows product, please do the following:

Malwarebytes Support Tool - Advanced Options

This feature is designed for the following reasons:

  • For use when you are on the forums and need to provide logs for assistance
  • For use when you don't need or want to create a ticket with Malwarebytes
  • For use when you want to perform local troubleshooting on your own

How to use the Advanced Options:

Spoiler
  1. Download Malwarebytes Support Tool
  2. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  3. Place a checkmark next to Accept License Agreement and click Next
  4. Navigate to the Advanced tab
  5. The Advanced menu page contains four categories:
    • Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand.
    • Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot.
    •  Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent.
    • Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program.
  6. To provide logs for review click the Gather Logs button
  7. Upon completion, click OK
  8. A file named mbst-grab-results.zip will be saved to your Desktop
  9. Please attach the file in your next reply.
  10. To uninstall all Malwarebytes Products, click the Clean button.
  11. Click the Yes button to proceed. 
  12. Save all your work and click OK when you are ready to reboot.
  13. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows.
  14. Select Yes to install Malwarebytes.
  15. Malwarebytes for Windows will open once the installation completes successfully.

Screenshots:

Spoiler
 
 
 
 
Spoiler

 

 

01.png

02.png

03.png

04.png

05.png

06.png

 

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: Find my premium license key

 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

  • Root Admin

Please open the Settings, then the Security tab, and scroll to the bottom.

Then click the Advanced Settings and then click Restore Defaults

Enable Exploit Protection and let us know if that corrects it.

 

If it does not correct it then get us some logs, please.

To begin, please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained are safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply

Thank you

 

Link to post
Share on other sites

Quote

 

Please open the Settings, then the Security tab, and scroll to the bottom.

Then click the Advanced Settings and then click Restore Defaults

Enable Exploit Protection and let us know if that corrects it.

 

This actimbst-grab-results.zipon breaks word 2013 for me.

I've attached the support tool results.

I greatly appreciate your help!!!

Link to post
Share on other sites

  • Root Admin

Please go to Control Panel, Programs, Programs and Features and uninstall the following @jgt1942

Bonjour
 

 

Your Acronis Backup software appears to be having an issue with one of its scheduled tasks you should look into correcting.

 

Application errors:
==================
Error: (08/26/2021 10:55:00 PM) (Source: Acronis Scheduler) (EventID: 1) (User: NT AUTHORITY)
Description: Scheduler failed to run the task with GUID '4CF2AA42-064C-4C6F-AFFF-615F303A6D80' because of error 2 (Failed to find the file (folder) or the key (value) in the registry.).

 

Your DISK 8 appears to possibly have a bad block that is causing issues. You should run a full disk check on that drive and run a Hard Drive Diagnostic tool to verify if the drive is possibly failing

System errors:
=============
Error: (08/26/2021 10:56:21 PM) (Source: disk) (EventID: 154) (User: )
Description: The IO operation at logical block address 0x0 for Disk 8 (PDO name: \Device\0000003d) failed due to a hardware error.

 

Advanced SystemCare might not be the best software but the choice is yours

You have a huge amount of scheduled tasks. You may want to double-check that you want, need all of them or not.

 

 

Let me have you do a Clean Removal and Reinstall of Malwarebytes

Can you please do the following?

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click the CLEAN button and follow the onscreen instructions to reinstall Malwarebytes
  • NOTE: Please have patience as it can take a while to remove and reinstall. The computer will restart to complete

After the restart please do the following

  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply

Thank you

 

Link to post
Share on other sites

I uninstalled Bonjour and then attempted to open Word 2013, it failed with the same error.

I'm attempting to determine if I have problems with Acronis and have posted in the Acronis community forum.

Quote

Your DISK 8 appears to possibly have a bad block that is causing issues. You should run a full disk check on that drive and run a Hard Drive Diagnostic tool to verify if the drive is possibly failing

Yes DISK 8 has issues. Recently it failed completely and the OS could not see it. I removed it from the PC, installed a new 14TB drive, restored all of my data from backups to the new drive. Two days ago I reinstalled the failed drive, when I installed the drive much to my surprise I could see and use the drive. I then decided to perform test using Hard Disk Sentinel. First I ran a READ test where HDS test all sectors of the drive in read mode. It did report that there was a bad sector. I then ran the REPAIR test, it is still running after 21 hours. This test will read/write the data and perform a repair on bad sectors. The current test has been running for 20 hours because it has encountered a bad sector and is having problems repairing the sector(s). I can pause the test and resume later but for now I want to let it run. Depending on the final results of the test (there are other test I can run but they destroy the data which is not a real issue for me since I have it backed up) and feedback from the developer of HDS, I will determine if I want to trust the drive and use it.

Quote

Advanced SystemCare might not be the best software but the choice is yours

I was using it because it seemed to fix a lot of issues for me. However, it could be a "feel good" application and I don't have the skill to verify otherwise. Thanks for the feedback.

Quote

You have a huge amount of scheduled tasks. You may want to double-check that you want, need all of them or not.

Yes I do! The bulk are daily backups but I do need to review all of the task and ensure I do need them. Some will be obvious and others will require a bit of research on my part (bummer, more to learn).

Quote

Let me have you do a Clean Removal and Reinstall of Malwarebytes

OK it is HIGH on my list. I currently have family visiting and need to spend time with them but later today I will start down this path. 

Thanks again for your help.

Link to post
Share on other sites

  • Root Admin

You're quite welcome. No rush, keep me posted with the results of the Clean Removal and reinstall.

As for the disk bad sector, again your choice. If you can afford it I'd personally verify all desired data is backed up and then wipe, discard the drive and replace. I just had a 16TB drive failure and I have a new one on order as I never like to have just one backup on hand.
At worst, if you really need the drive use it as a scratch drive that you know full well has the potential to die any day.

You appear to be doing quite well with regards to backups compared to the majority of users whom most don't seem to have any back ups.

 

Backup Software
https://forums.malwarebytes.org/index.php?/topic/136226-backup-software


Macrium Reflect discussion
https://forums.malwarebytes.com/topic/264011-backup-files-software-which-one-to-choose-2020/?tab=comments#comment-1408188

 

 

Link to post
Share on other sites

I looked into this a bit more. The reason for the failure is due to the fact that an Acronis script file is missing.

I'm confused as to why Acronis is scheduled to run this script if it does not exist. I have not changed my Acronis settings in a long time. I estimate it has been over a year since the last change. 

I see that the time of failure was between 10:20:00 and 10:55:00 PM. Normally I have my backup run in the very early hours of the day. My current Acronis schedule is set to run at 0249 hours and is reporting success.

I'm trying to find the "why" and working with Acronis support.

  • Like 1
Link to post
Share on other sites

Quote

You're quite welcome. No rush, keep me posted with the results of the Clean Removal and reinstall.

Will do, I want to resolve the issue.

Quote

As for the disk bad sector, again your choice. If you can afford it I'd personally verify all desired data is backed up and then wipe, discard the drive and replace. I just had a 16TB drive failure and I have a new one on order as I never like to have just one backup on hand.
At worst, if you really need the drive use it as a scratch drive that you know full well has the potential to die any day.

For years I have used Hard Disk Sentinel, it has a feature that reports the health of the hard drives and estimated life of the drive. Normally when a drive falls below 25% health I will pull the trigger and replace the drive. The current failure, e.g. disk 8, is a weird one and I'm working with the developer of HDS, that's why I'm running the current test. The developer lives in Hungry and we're trying to avoid sending the drive to him. I'm about ready to bite the bullet and send him the drive. He has considerable more knowledge in this area than I ever will have. It will be interesting to see what he discovers and possibly why HDS did not raise a red flag. It may be one of those weird things that just happen and near impossible to detect.

Quote

 

You appear to be doing quite well with regards to backups compared to the majority of users whom most don't seem to have any back ups.


 

I'm paranoid about backups!!! I run nightly incremental backups of  my OS drive and every 7 days create a full BU and keep 5 generations of BUs. I've been burned too many times and once got burned because I only had three generations. Recently I had some weird issue on my PC and recovered using the oldest BU generation I had.

For my data I keep two different mirror copies which run nightly as well.

As a result of all my BUs I have considerable space devoted to them, in total I have 70+ TB of HD space. I've not made the jump to store all the BUs in the cloud but now that I have a very fast internet connection I may give it a try.

My weak link in my BUs is everything is local on one PC. This is pushing me to consider the cloud or a NAS. I looked into the NAS in the past but did not make the move. Even with fast internet access the Cloud is still slower than local or a NAS attached to my network.

One of the reason I have not gone to the Cloud is because of my son. He is a financial advisor and per his compliance he cannot store any data in the cloud. I want him to have a BU method very similar to mine. For him I implemented Acronis using two USB drives where one drive is off site for a week and then he swaps. Because he is only backing up his laptop this is an easy inexpensive solution. 

Another area of risk for me is the fact that I don't have a security ring to protect the BU drives. This is lack of knowledge on my part.

Quote

 

Backup Software
https://forums.malwarebytes.org/index.php?/topic/136226-backup-software
Macrium Reflect discussion

 

 

 

Thanks for the links, while reading your suggested link I followed another link in the post (https://blog.macrium.com/cloud-vs-nas-vs-external-storage-for-backup-how-do-they-compare-80bf83bdff42Cloud vs. NAS vs. external storage for backup: how do they compare? 

 

Link to post
Share on other sites

  • Root Admin

In the Enterprise we had our own local Cloud (if you will) with near unlimited storage and 10GB speed between nodes so backups or restores were very fast. But software licensing and hardware costs over $100K that's well beyond the scope for small business and home users.

I've looked at and attempted doing partial online backups (There is no way I will put TB of data into the Cloud and expect I can download it fast enough for my needs, taking days to download that much data is not feasible)

What I found at the time, last year, was that no one appeared to have cost effective granular backup software. BackBlaze was one of the cheapest and well known but they basically decide for you what gets backed up, again that's not a valid backup to me if I have no choice in what gets backed up. They would not allow uploads of imaged OS backups into the Cloud either. You can get reasonably priced Cloud storage but proper backup software does not appear to be available unless that has recently changed.

Using a mixture of internal hard drive backups and external USB drives and partial Cloud backup would seem to be the best one can do at this point and still afford it.

We can discuss more offline in Private Messenger if you like

Cheers

 

Link to post
Share on other sites

OK it looks like the reinstall resolved the issue but I had problems with the process.

  1. I clicked the Clean option and the Malwarebytes Premium was uninstalled.
  2. When prompted to install I proceeded but somewhere it failed. I tried the entire procedure a 2nd time and again it failed with the same error ("Malwarebytes for Windows installation has been canceled.")
  3. I closed the tool, rebooted my PC, GEE it took a LONG time (333 seconds). I'll recheck the reboot again tomorrow, It is late and I need to get to bed.
  4. After the PC rebooted I downloaded the latest from the website, actually what I downloaded was and EXE that would download the latest and start the install. I would have preferred to actually download the code so I could put the copy in my Code library.
  5. The install was successful without any issues.
  6. I ran the Support tool, and created the logs. They are attached. I noticed that the ZIP file is MUCH smaller than the previous file I created.
  7. As scan is scheduled for 0200 hours but I kicked it off because MB in the systray had a notice that a scan had not been run.
  8. Still I cannot open Word 2013 files without issues. Initially after reinstalling I was able to open word files but now I cannot.
  9. I turned Real-time protection off, now I can open word files.
  10. I ran a scan

Clean Function Error 2021 0830.png

mbst-grab-results.zip Scan results 2021 0830.txt

Edited by jgt1942
correct spelling
Link to post
Share on other sites

  • Root Admin

Thank you for the logs @jgt1942

 

Please follow the directions from the following topic to clean up the issues with Google Chrome. Once Google Chrome is cleaned up you should get a clean scan report from Malwarebytes.

 

 

 

Please enable enhanced logging so that we can review the MS Office issue with the Exploit protection module.

Click on the small gear icon, then the General tab, then scroll down a bit and enable the slider for Enhanced logging, then restart the computer.

image.png
 

After the computer restarts go ahead and run MS Office and see if it freezes or has issues again.

Once the above has been completed then please run the MBST tool again and gather new logs and post back.

Thank you again

 

 

Link to post
Share on other sites

  • Root Admin

For future reference you can use either method to download the Malwarebytes installer.

Note that the Online version will contain the latest rules and program updates. The full installer at times can be behind on version, and/or the rules and may require an update once installed.

MB4 Online Installer
https://downloads.malwarebytes.com/file/mb-windows

MB4 Offline Installer
https://downloads.malwarebytes.com/file/mb4_offline

 

Link to post
Share on other sites

Quote

Please follow the directions from the following topic to clean up the issues with Google Chrome. Once Google Chrome is cleaned up you should get a clean scan report from Malwarebytes.

I followed the steps and after running the scan no issues were found. I then turned Sync back on in Chrome.

Darn! I still have the issue with word 2013. I think I did everything you suggested.

Again I ran a MB scan and nothing was found, I'm now running the support tool and getting the logs.

The logs are attached, I'm going to bed, zzzzzzzzz

mbst-grab-results.zip

Link to post
Share on other sites

  • Root Admin

Thanks @jgt1942

The clean up for Google Chrome was to ensure the scan comes back clean. It is not related to your issue with the Anti-Exploit Protection entry.

I'll post your logs to the team and see what they can find.

For now, if needed disable the Exploit Protection module at least while running MS Office. Hopefully the team comes up with an answer by tomorrow.

Cheers and have a good night

 

Link to post
Share on other sites

Thanks!!! I'm not in a rush, especially since I have a work around.

BTW in the past I did a lot of beta software testing. If the development team needs a tester please add me to the bata teater list.

Link to post
Share on other sites

  • Root Admin
  • Solution

Good day @jgt1942  - I believe the following should correct the blocking and alert issue for you.

 

It looks like you're trying to run a Word macro that that attempts to do a reg export command. We block the process creation from macros.

You can remove that block by doing the following.

  1. Go turn off the Enhanced Event log data logging that we had you enable. We no longer need that enabled.
  2. Open Malwarebytes and go to Settings, Security tab, scroll down to the bottom
  3. Click on the Advanced setting button
  4. Click on the Application behavior protection tab
  5. Under the MS Office column uncheck the Office VBA7 abuse prevention and click Apply
  6. Retest Word and let us know if that stops the block and alert

 

image.png

image.png

 

As for beta testing, we now do that in public. You can enable Beta from within the program and read about changes in the following forum area

https://forums.malwarebytes.com/topic/274373-malwarebytes-44-beta/

 

image.png

 

Thank you

 

  • Thanks 1
Link to post
Share on other sites

Quote

It looks like you're trying to run a Word macro that that attempts to do a reg export command. We block the process creation from macros.

That is correct several years ago I frequently lost the list of PINNED documents in Word, e.g. the files you regularly used at pinned to the top of the list when you click File > Open. It was so annoying I created a macro to save the list every time I opened word. Thus when I notice it was not the full list I could easily recover the last time it was good. I assume this is a new feature in MB because it has been at least 4 years since I created the macro.

Turning off "Office VBA7 abuse prevention" resolved the issue.

Suggestion: This seems to be a good feature it would be nice if I could create an exception list and then I could still have the safety advantages of the function.

Suggestion: When I open the settings window in MB or similar windows, my simple mind does not see any logical order to the list. If there is no logical order why not just have them in alphabetical order thus making them easier to find?

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites

  • Root Admin

If it were a single file that you were opening we could potentially setup a hash exclusion but in your case it appears you have it set to be available or run when you run Word so an exclusion would be the same at that level and not block.

Let me know if there is anything else I can do for you

Hope you have a great day @jgt1942 - looking to be another hot one here for me 😝

 

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.