Malwarebytes found an exploit now what?

[baker_eliz]

I am having the same problem as in the topic referenced above, beginning on 2/2/23 and still continuing. Notification below. Is there any way to stop this? Thanks. --elizabeth

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 2/6/23
Protection Event Time: 9:11 AM
Log File: 35f06c14-a641-11ed-bf6d-ccf9e4675876.json

-Software Information-
Version: 4.5.20.230
Components Version: 1.0.1868
Update Package Version: 1.0.65370
License: Premium

-System Information-
OS: Windows 11 (Build 22621.1194)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Exploit.PayloadProcessBlock, C:\WINDOWS\sysnative\cmd.exe C:\WINDOWS\sysnative\cmd.exe \c C:\WINDOWS\System32\REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography \v MachineGuid, Blocked, 0, 392684, 0.0.0, ,

-Exploit Data-
Affected Application: cmd
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\WINDOWS\sysnative\cmd.exe C:\WINDOWS\sysnative\cmd.exe \c C:\WINDOWS\System32\REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography \v MachineGuid
URL:

 

(end)

[Porthos]

19 minutes ago, baker_eliz said:

Notification below. Is there any way to stop this? Thanks.

Do you have this enabled in advanced exploit settings? If so turn it off and leave it off.

 

[baker_eliz]

Hi, Porthos. No, I do not have it enabled. Thanks. --elizabeth

[Porthos]

What excatly were you doing when this block happens?

[baker_eliz]

I wasn't doing anything special, or even doing anything at all at the particular moment the notification popped up. I *think* it is coming up after Malwarebytes runs on opening the browser. I'll pay more attention next time.

[baker_eliz]

Hi, Porthos. I went to MILs home for dinner and left browser open while I was gone. Came home, closed three tabs on my browser (Firefox) and exploit blocked message came up again.

 

[Porthos]

Please do the following so that we may take a closer look at your installation for troubleshooting:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

 

• Download the Malwarebytes Support Tool
• In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
• In the User Account Control pop-up window, click Yes to continue the installation
• Run the MBST Support Tool
• In the left navigation pane of the Malwarebytes Support Tool, click Advanced
• In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
• A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply

Thanks

 

[baker_eliz]

Thanks. Porthos. Here's the file.

mbst-grab-results.zip

[Porthos]

8 hours ago, baker_eliz said:

Here's the file.

Lets use the same support tool and do a clean uninstall and reinstall. Report if you have further issues.

Please leave all settings at default this time including update frequency.

Please close all browsers and programs before running the tool. Right click and quit MB from the system tray also.

Once done it will attempt to reinstall both Malwarebytes and Privacy VPN.

Please say no and close the X button on the top right for Privacy.

[baker_eliz]

Done. There was a scary moment when I restarted and received messages about setting up my computer, but all was well. I am attaching the cleanup log in case you want it.

mbst-clean-results.txt

[Porthos]

Not saying it was the cause but you had updates set to update every 300 days. Malwarebytes updates several times each day.

I suggest you do not change ANY default settings.

The one setting that I suggest is to re-enable Windows security by turning off this setting.

[baker_eliz]

Odd, I don't know how that got set to 300 days. Certainly doesn't sound like something I would do intentionally! So, I gather I am to reinstall now?

[Porthos]

Just now, baker_eliz said:

I gather I am to reinstall now?

You already did the reinstall. Just follow the suggestions about the settings in the future. The 300 days was listed in your old log, I was just pointing it out.

[baker_eliz]

I did? Your instructions said: Please say no and close the X button on the top right for Privacy.  I interpreted this to mean no to reinstalling. The last entry in the clean-up log says I clicked no. Was it reinstalled anyway?

[Porthos]

1 minute ago, baker_eliz said:

Please say no and close the X button on the top right for Privacy.

Privacy is a separate program. It is the second prompt for install.

It appears you also did not install Malwarebytes.

1. Download the offline installer from : https://downloads.malwarebytes.com/file/mb4_offline

2. Run the installer

  Can you please let me  know if that worked ?

 

 

[baker_eliz]

Having trouble with internet right now--painfully slow. We are at the end of a rural internet connection and it drops out and/or slows down a lot. Got the exe downloaded but will not run it at the moment. Will try again in a little while.

[baker_eliz]

Okay, reinstalled successfully.

 

 

[baker_eliz]

I assume we are finished here. Thank you so much for all your help, Porthos.

[Porthos]

1 minute ago, baker_eliz said:

assume we are finished here.

If you have no further alerts then yes, we are done.

[baker_eliz]

No new alerts! Great! Thanks, again.