nithre Posted May 7 ID:1634931 Share Posted May 7 (edited) How did you encountered the issue and any steps to reproduce it When Malwarebytes is downloaded and installed, I am unable to login to validate the license I purchased. This can be reproduced by attempting to login via the Malwarebytes application and when attempting to activate my device on my.malwarebytes.com Do you get the same result more than once if you follow the same steps? Yes, also after reboot If the system crashed (aka blue screen of death or BSOD), please include the error message N/A system did not crash Edited May 7 by AdvancedSetup Corrected font issue Link to post Share on other sites More sharing options...
Staff Malwarebytes Posted May 7 Staff ID:1634932 Share Posted May 7 ***This is an automated reply*** Hi, Thanks for posting in the Malwarebytes for Windows Help forum. If you are having technical issues with our Windows product, please do the following: Malwarebytes Support Tool - Advanced Options This feature is designed for the following reasons: For use when you are on the forums and need to provide logs for assistance For use when you don't need or want to create a ticket with Malwarebytes For use when you want to perform local troubleshooting on your own How to use the Advanced Options: Spoiler Download Malwarebytes Support Tool Double-click mb-support-X.X.X.XXXX.exe to run the program You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent. Place a checkmark next to Accept License Agreement and click Next Navigate to the Advanced tab The Advanced menu page contains four categories: Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand. Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot. Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent. Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program. To provide logs for review click the Gather Logs button Upon completion, click OK A file named mbst-grab-results.zip will be saved to your Desktop Please attach the file in your next reply. To uninstall all Malwarebytes Products, click the Clean button. Click the Yes button to proceed. Save all your work and click OK when you are ready to reboot. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows. Select Yes to install Malwarebytes. Malwarebytes for Windows will open once the installation completes successfully. Screenshots: Spoiler Spoiler If you are having licensing issues, please do the following: Spoiler For any of these issues: Renewals Refunds (including double billing) Cancellations Update Billing Info Multiple Transactions Consumer Purchases Transaction Receipt Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help If you need help looking up your license details, please head here: Find my premium license key Thanks in advance for your patience. -The Malwarebytes Forum Team Link to post Share on other sites More sharing options...
nithre Posted May 7 Author ID:1634933 Share Posted May 7 mbst-grab-results.zip Link to post Share on other sites More sharing options...
Porthos Posted May 7 ID:1634937 Share Posted May 7 12 minutes ago, nithre said: When Malwarebytes is downloaded and installed, I am unable to login to validate the license I purchased. It appears you need to deactivate the license in your account. https://support.malwarebytes.com/hc/en-us/articles/360038522574-Deactivate-device-from-your-subscription Link to post Share on other sites More sharing options...
nithre Posted May 7 Author ID:1634938 Share Posted May 7 I receive the following error when attempting to activate Link to post Share on other sites More sharing options...
Porthos Posted May 7 ID:1634939 Share Posted May 7 1 minute ago, nithre said: receive the following error when attempting to activate Again, you need to deactivate the active device in your online account. Link to post Share on other sites More sharing options...
nithre Posted May 7 Author ID:1634941 Share Posted May 7 Please see the video of my attempt to activate 2024-05-07_12-26-31.mp4 Link to post Share on other sites More sharing options...
Porthos Posted May 7 ID:1634942 Share Posted May 7 Also, fix your DNS. 127.0.0.1 should not be there. Quote DNS Servers: 127.0.0.1 - 9.9.9.9 Link to post Share on other sites More sharing options...
nithre Posted May 7 Author ID:1634943 Share Posted May 7 I'm running dnscrypt-proxy, is that incompatible with Malwarebytes? Link to post Share on other sites More sharing options...
Porthos Posted May 7 ID:1634945 Share Posted May 7 1 minute ago, nithre said: I'm running dnscrypt-proxy, is that incompatible with Malwarebytes? Possibly, I cannot say for sure. Try a different one. See if that helps. Please consider changing your default DNS Server settings. Please choose one provider only DNS is what lets users connect to websites using domain names instead of IP addresses Google Public DNS: IPv4 8.8.8.8 and 8.8.4.4 IPv6 2001:4860:4860::8888 and 2001:4860:4860::8844 Cloudflare: IPv4 1.1.1.1 and 1.0.0.1 IPv6 2606:4700:4700::1111 and 2606:4700:4700::1001 OpenDNS: IPv4 208.67.222.222 and 208.67.220.220 IPv6 2620:119:35::35 and 2620:119:53::53 DNSWATCH: IPv4 84.200.69.80 and 84.200.70.40 IPv6 2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b Link to post Share on other sites More sharing options...
nithre Posted May 7 Author ID:1634947 Share Posted May 7 I set my DNS settings to Obtain DNS server address automatically. I uninstalled the dnscrypt-proxy service, flushed the DNS cache, performed 'ipconfig /renew' and rebooted my computer. Unfortunately, the issue is still persisting. Link to post Share on other sites More sharing options...
Porthos Posted May 7 ID:1634948 Share Posted May 7 Use the key in the software instead of activating in the my account. Link to post Share on other sites More sharing options...
nithre Posted May 7 Author ID:1634949 Share Posted May 7 Please see the attached screen recording keyerror.mp4 Link to post Share on other sites More sharing options...
Porthos Posted May 7 ID:1634950 Share Posted May 7 Do you have the mullivad VPN on? Link to post Share on other sites More sharing options...
nithre Posted May 7 Author ID:1634951 Share Posted May 7 Mullvad is not on Link to post Share on other sites More sharing options...
Porthos Posted May 7 ID:1634952 Share Posted May 7 Have you at least run the free version and scanned the system? Link to post Share on other sites More sharing options...
nithre Posted May 7 Author ID:1634953 Share Posted May 7 Yes. They are all false positives related to Monero GUI. Link to post Share on other sites More sharing options...
Porthos Posted May 7 ID:1634955 Share Posted May 7 There is something going on with your networking. Grab a new set of logs from the support tool and I will have someone take a closer look. Link to post Share on other sites More sharing options...
nithre Posted May 7 Author ID:1634966 Share Posted May 7 Attached mbst-grab-results.zip Link to post Share on other sites More sharing options...
Root Admin Solution AdvancedSetup Posted May 7 Root Admin Solution ID:1634978 Share Posted May 7 (edited) Please follow the steps below You can see here in the Windows Defender Event Log that it too is unable to update updates due to networking issues Windows Defender: ================ Event[0]: Date: 2024-05-07 12:56:06 Description: Microsoft Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.409.314.0 Update Source: Microsoft Malware Protection Center Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.24030.4 Error code: 0x80072ee7 Error description: The server name or address could not be resolved First, please create a NEW System Restore Point Next --- [ 1 ] Please go to Control Panel, Programs, Programs and Features, Uninstall a program Then right-click and uninstall the following Bonjour (rarely needed on Windows but often causes networking issues) CCleaner (computer experts no longer recommend this program) Java(TM) SE Development Kit 21.0.1 (64-bit) (Java is now on v22x - if you're not actually programming with Java you don't need this version either) Tweaking.com (personally if this has been used for malware removal I would fully reinstall Windows using a CLEAN INSTALL. This is a great tool but for malware removal use it alters permissions that cannot be reset to proper valid permissions. Remove and never use except in a last ditch effort) These networking errors are from Bonjour Error: (05/07/2024 12:20:06 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 25 1.56.168.192.in-addr.arpa. PTR DESKTOP-QEC75HE-2.local. Error: (05/07/2024 12:20:06 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.56.1:5353 23 1.56.168.192.in-addr.arpa. PTR DESKTOP-QEC75HE.local. Error: (05/07/2024 12:20:06 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Local Hostname DESKTOP-QEC75HE.local already in use; will try DESKTOP-QEC75HE-2.local instead Error: (05/07/2024 12:20:06 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 DESKTOP-QEC75HE.local. Addr 10.0.0.223 Error: (05/07/2024 12:20:06 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 10.0.0.223:5353 16 DESKTOP-QEC75HE.local. AAAA 2601:0447:CF83:8500:0000:0000:0000:24F4 Error: (05/07/2024 12:20:06 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 DESKTOP-QEC75HE.local. AAAA FE80:0000:0000:0000:124A:02BB:7A42:A53C [ 2 ] Your DNS Servers: 75.75.75.75 - 75.75.76.76 Please consider changing your default DNS server settings. Please choose one provider only DNS is what lets users connect to websites using domain names instead of IP addresses Pick just one of these 5 providers. And be aware that you need to modify 1 time for IPv4 & a 2nd pass for IPv6 Quad 9 Public DNS IPv4 9.9.9.9 and 149.112.112.112 IPv6 2620:fe::fe and 2620:fe::9 (one of the best for most users) Google Public DNS: IPv4 8.8.8.8 and 8.8.4.4 IPv6 2001:4860:4860::8888 and 2001:4860:4860::8844 Cloudflare: IPv4 1.1.1.1 and 1.0.0.1 IPv6 2606:4700:4700::1111 and 2606:4700:4700::1001 OpenDNS: IPv4 208.67.222.222 and 208.67.220.220 IPv6 2620:119:35::35 and 2620:119:53::53 DNSWATCH: IPv4 84.200.69.80 and 84.200.70.40 IPv6 2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b The Ultimate Guide to Changing Your DNS Server https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/ Here is a YouTube video on Changing DNS settings if needed [ 3 ] Unless you really need it I'd recommend turning off Internet Connection Sharing https://answers.syr.edu/display/ITHELP/Disable+Internet+Connection+Sharing+in+Windows+10+and+11 [ 4 ] Quite similar to Bonjour in that it injects into the network stack you're running Proxifier Please disable Proxifier Winsock: Catalog5 08 C:\WINDOWS\SysWOW64\PrxerNsp.dll [56424 2012-04-02] (Initex -> ) Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.) Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\PrxerDrv.dll [70248 2012-04-02] (Initex -> Initex) Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\PrxerDrv.dll [70248 2012-04-02] (Initex -> Initex) Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\PrxerDrv.dll [70248 2012-04-02] (Initex -> Initex) Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\PrxerDrv.dll [70248 2012-04-02] (Initex -> Initex) Winsock: Catalog9 19 C:\WINDOWS\SysWOW64\PrxerDrv.dll [70248 2012-04-02] (Initex -> Initex) Winsock: Catalog5-x64 08 C:\Windows\system32\PrxerNsp.dll [56936 2012-04-02] (Initex -> ) Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.) Winsock: Catalog9-x64 01 C:\Windows\system32\PrxerDrv.dll [76392 2012-04-02] (Initex -> Initex) Winsock: Catalog9-x64 02 C:\Windows\system32\PrxerDrv.dll [76392 2012-04-02] (Initex -> Initex) Winsock: Catalog9-x64 03 C:\Windows\system32\PrxerDrv.dll [76392 2012-04-02] (Initex -> Initex) Winsock: Catalog9-x64 04 C:\Windows\system32\PrxerDrv.dll [76392 2012-04-02] (Initex -> Initex) Winsock: Catalog9-x64 19 C:\Windows\system32\PrxerDrv.dll [76392 2012-04-02] (Initex -> Initex) [ 5 ] Are you sure you want this enabled or allowed? Push Notifications on your browser appear to be enabled. CHR Notifications: Default -> hxxps://theresanaiforthat.com; hxxps://voice.google.com; hxxps://www.facebook.com; hxxps://www.pinterest.com; hxxps://www.tiktok.com; hxxps://xtoys.app https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/ Turn notifications on or off - Google Chrome Web Push notifications in Firefox [ 6 ] You're also running the following VPN software in the network stack which as long as the UI is off should not affect it but sometimes it does. If the above items don't help you may need to either disable from loading or temporarily uninstall ExpressVPN Mullvad VPN [ 7 ] Please run the following fix NOTE: Please read all of the information below before running this fix. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply Farbar program: FRSTEnglish.exe Save the attached file: FIXLIST.TXT to this folder C:\Users\Polar\Downloads\ NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work. Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it. Run the Farbar program with Admin rights and press the Fix button just once and wait. The fix may possibly take up to 60 minutes to complete If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply. NOTE: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed. Also, make sure you know the passwords for all websites as cookies may possibly be removed in some cases, but not all cases. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Discord cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. fixlist.txt Thanks Edited May 7 by AdvancedSetup Updated information Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now