Jump to content

[ RESOLVED ] Two computers, one common issue. One seperate issue.

Grutzar
 Share

Recommended Posts

Grutzar

Grutzar

Posted
Posted

Greetings,

I am using MB5 on both Laptop and Desktop.

Shared issue: Browser Guard

Laptop details:
Windows 10 Pro 22H2
Build 19045.4355
Windows Feature Experience Pack 1000.19056.1000.0

On both Laptop and Desktop I have the issue that Browser Guard keeps "reinstalling / showing me the tutorial". After which I click support, update and it updates to the latest version. If I restart the browser, I have to repeat the steps. ( See attachment ).
I think this has something to do with a setting in Edge, more so than a virus.

Possible infection (Laptop):
It might have to do with the "Block penetration tests"-feature,
I turned this function after I downloaded files provided by a friend, turned out to be viruses. Friend has no AV...I did however scan the files beforehand.
I am 90% sure I succesfully removed the virus.

However, a second exploit popped up in a relative short time now:
Exploit.T1059Execution, C:\reg:32, Blocked, 522, 392684, 0.0.0, , 

-Exploit-Details-
C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
APT Behavior Protection
T1059 - Execution
C:\reg:32

I attached FRST logs and Browserguard Logs from my Laptop for now. Desktop is of less concern atm.
 

Browser Guard 2.jpg

Browser Guard.jpg

BG-Logs_v2.6.25_2024-05-10_10405.txt Malwarebytes Rapport van geblokkeerd exploit 2024-03-21 230221.txt Malwarebytes Rapport van geblokkeerd exploit 2024-05-10 081340.txt mbst-grab-results.zip

Link to post
Share on other sites
  • Staff
Malwarebytes

Malwarebytes

Posted
  • Staff
Posted

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

If you are having technical issues with our Windows product, please do the following:

Malwarebytes Support Tool - Advanced Options

This feature is designed for the following reasons:

  • For use when you are on the forums and need to provide logs for assistance
  • For use when you don't need or want to create a ticket with Malwarebytes
  • For use when you want to perform local troubleshooting on your own

How to use the Advanced Options:

Spoiler
  1. Download Malwarebytes Support Tool
  2. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  3. Place a checkmark next to Accept License Agreement and click Next
  4. Navigate to the Advanced tab
  5. The Advanced menu page contains four categories:
    • Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand.
    • Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot.
    •  Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent.
    • Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program.
  6. To provide logs for review click the Gather Logs button
  7. Upon completion, click OK
  8. A file named mbst-grab-results.zip will be saved to your Desktop
  9. Please attach the file in your next reply.
  10. To uninstall all Malwarebytes Products, click the Clean button.
  11. Click the Yes button to proceed. 
  12. Save all your work and click OK when you are ready to reboot.
  13. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows.
  14. Select Yes to install Malwarebytes.
  15. Malwarebytes for Windows will open once the installation completes successfully.

Screenshots:

Spoiler
 
 
 
 
Spoiler

 

 

01.png

02.png

03.png

04.png

05.png

06.png

 

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: Find my premium license key

 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
4 minutes ago, Grutzar said:

-Exploit-Details-
C:\WINDOWS\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
APT Behavior Protection
T1059 - Execution
C:\reg:32

 

5 minutes ago, Grutzar said:

It might have to do with the "Block penetration tests"-feature,

Yes, it is because of that,

That needs to stay off.

That setting is specific to penetration testing (i.e. not actual threats) so enabling won't really do anything unless the system is tested using third party testing tools/test exploits.  It is purely for testing purposes to verify that protection is working properly, however it is not needed for protecting your system from actual malware which is why it is turned off by default.

Link to post
Share on other sites
Grutzar

Grutzar

Posted
  • Author
Posted
1 minute ago, Porthos said:

 

Yes, it is because of that,

That needs to stay off.

That setting is specific to penetration testing (i.e. not actual threats) so enabling won't really do anything unless the system is tested using third party testing tools/test exploits.  It is purely for testing purposes to verify that protection is working properly, however it is not needed for protecting your system from actual malware which is why it is turned off by default.

 

Alrighty, I still have a 100% clean backup with most of the important files needed. I will turn the functions "less agressive / to default" now. If there is some sort of infection, I'll probably notice it or see another reply.
I just want to be sure my laptop = 100% safe. ( I can't use any infections for the work I do ). 

Link to post
Share on other sites
Grutzar

Grutzar

Posted
  • Author
Posted
1 minute ago, Porthos said:

Using torrent programs makes it unsafe.

Did you spot a torrenting program? If so, could you kindly tell me where? That must be deleted immediatly!
Any other files / programs that you spotted? Or was it just a suggestion?

Link to post
Share on other sites
Grutzar

Grutzar

Posted
  • Author
Posted
30 minutes ago, Porthos said:

You had a block last month triggered by the following.

 

Thanks for letting me know, much appreciated!

I tried to look up both Brave and qBit torrent. But can't find the programs/apps... Show hidden files are on.

I can find some leftovers in the reg, file hist. and in the Malwarebytes notifications. 

I have a suspicion my oldest is hitting puberty...On the brightside Brave = Ok.

And I read qBit is not the worst, still: torrent = torrent. Torrent = wrong/harmful.

In place repair/install and changing  passwords it is! 

Thanks Porthos ✌🏻💚.

The thread can be closed I suppose.

...

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.