JustJackAtlanta Posted December 8, 2021 ID:1492179 Share Posted December 8, 2021 User Sally reported this problem on 11/5/21 under the title of "I can run Word because RTP detection" (I am assuming she meant "can't"). I am having the same issue. The thread was closed without resolution. The log is shown below. It is also attached. My eye is drawn to the 8192 after the splwow64.exe. Is that the port number? Does that even make sense? Also attached is the mb support tool output. I'm in the same boat and not sure what to do. Thank you. Jack PS, a snivey about the support tool. It says that the file mbst-grab-results.zip is on my desktop. It is not. It is in the folder C:\Users\Public\Desktop. Please modify the tool so that it provides the complete path or at least change the verbiage. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 12/8/2021 Protection Event Time: 4:32 PM Log File: 43e9a42e-586e-11ec-8d6f-28d24431946b.json -Software Information- Version: 4.4.10.144 Components Version: 1.0.1499 Update Package Version: 1.0.48326 License: Premium -System Information- OS: Windows 11 (Build 22000.348) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent - Exploit payload process blocked, C:\Windows\splwow64.exe C:\Windows\splwow64.exe 8192, Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: Microsoft Office Word Protection Layer: Application Behavior Protection Protection Technique: Exploit payload process blocked File Name: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 8192 URL: (end) exploit.txt mbst-grab-results.zip Link to post Share on other sites More sharing options...
Porthos Posted December 8, 2021 ID:1492181 Share Posted December 8, 2021 1 minute ago, JustJackAtlanta said: -Software Information- Version: 4.4.10.144 Please do the following and DO NOT change any of the defaults once installed. Uninstall and reinstall using the Malwarebytes Support Tool Please close all browsers and programs before running the tool. Right click and quit MB from the system tray also. Link to post Share on other sites More sharing options...
JustJackAtlanta Posted December 8, 2021 Author ID:1492182 Share Posted December 8, 2021 Should any of the system repairs be done as well? Or will that create more issues? Link to post Share on other sites More sharing options...
Solution Porthos Posted December 8, 2021 Solution ID:1492183 Share Posted December 8, 2021 (edited) 3 minutes ago, JustJackAtlanta said: Should any of the system repairs be done as well? Or will that create more issues? NO, Just do the clean install using the tool. Do not change any settings other than adding your exclusions. Your exclusions are as follows. Quote Exclusion Info: ======================================== Malware Exclusions: C:\Program Files (x86)\Auslogics\Disk Defrag [folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics [folder] C:\ProgramData\Auslogics [folder] C:\Windows\System32\ndefrg.exe [file] C:\Windows\splwow64.exe [file] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_IS1|DISPLAYNAME [regval] Ransomware Exclusions: C:\Program Files (x86)\Auslogics\Disk Defrag [folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics [folder] C:\ProgramData\Auslogics [folder] C:\Windows\System32\ndefrg.exe [file] C:\Windows\splwow64.exe [file] Edited December 8, 2021 by Porthos Link to post Share on other sites More sharing options...
JustJackAtlanta Posted December 8, 2021 Author ID:1492190 Share Posted December 8, 2021 Perfect. Thank you. It is working fine now. If only all problems could be solved so easily. The Malwarebytes was uninstalled and reinstalled through the standard download previously. A security issue had occurred where the license had been hijacked to another e-mail. Malwarebytes support cancelled the subscription and created a new subscription. The software that I was using was downloaded from the subscription e-mail link, but what was not done was the "Clean" removal of the previous version. I usually suspect registry keys in this type of situation. The support tool "clean" option does a good job of removing possible problems. Thank you for your expeditious help! Link to post Share on other sites More sharing options...
Porthos Posted December 8, 2021 ID:1492191 Share Posted December 8, 2021 (edited) 4 minutes ago, JustJackAtlanta said: The support tool "clean" option does a good job of removing possible problems. The issue actually was that some non default settings were enabled that should not have been. Since you were out of date, I killed 2 birds with one stone and had you do a proper clean install. If a feature is off by default leave it that way or it leads to false positives. Edited December 8, 2021 by Porthos Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now