Jump to content

Second malwarebytes folder created in program files (x86), again! :(


Recommended Posts

Hello,

I recently fixed an issue I had where a second folder was created in Program Files (x86) with the path "C:/Program Files (x86)/MALWAREBYTES ANTI-MALWARE" in addition to the folder where is was originally installed with the path "C:/Program Files (x86)/Malwarebytes' Anti-Malware" (almost exact same name except one is in all caps and the other contains a ' after Malwarebytes). I had gotten rid of the second folder by uninstalling Malwarebytes with the uninstaller recommended to me in the original thread here My link and then reinstalling the program.

Unfortunately it has now reappeared. It reappeared immediately after I received a warning that the database was out of date by 7 days and I chose to update. Before that I had updated manually multiple times without the folder appearing. I have restarted my computer since the folder appeared and it is still there. The folder also contains the file MBAMEXT.DLL. Is there anything I can do to stop this folder from showing up? Thanks for your help in advance!

Link to post
Share on other sites

Hello Secondfall:

Please run the following utility and post back its text files:

Download the latest
DDS
by sUBs and save it to your desktop

  • Disable any script blocker if your Anti-Virus or Anti-Malware has it.

  • Once downloaded, you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

  • Double click on
    dds.scr
    to run the utility.

  • Upon completion, the
    dds.txt
    file will open.

  • Click Yes at the next prompt for Optional Scan.


    • When done, the DDS utility will open two (2) log files:

    1. dds.txt

    2. attach.txt

  • Save both report text files to your desktop
  • Please include both text files in your next reply: dds.txt and attach.txt

Thank you. :)

Link to post
Share on other sites

Hello Secondfall:

Your privacy and security are important to us.

The files contain no identity, financial or personal information about the computer's users. The logs do try and reveal tell tale evidence left by malware.

If you still feel uncomfortable, you can Private Message (PM) them to a Malwarebytes' staff employee.

If you wish, you can look through the same type of logs, sent by others, in our HJT subforum.

HTH :)

Link to post
Share on other sites

Hello SecondFall,

Please do the following:

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, delete all folders that contain the name Malwarebytes within your program files folder.
  • Temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Please let me know if during an update this occurs again. I am looking through your DDS logs and will let you know when I find the culprit.

Thank you.

Link to post
Share on other sites

Hi Mainard, thank you for the response.

I actually had already taken those exact steps the first time this happened, here is thread where it was addressed: Original Thread

This is now the second time this has occurred during a database update, so I'm just hoping there's an alternative solution to uninstalling and reinstalling the program.

Link to post
Share on other sites

Perform the uninstall.

Then, delete all folders that contain the name Malwarebytes within your program files folder.

Then install MBAM.

Please let me know if the folder is created again.

Thank you very much.

Link to post
Share on other sites

  • 2 weeks later...

Hey guys, just wanted to let you know I was prompted for another program update today which I followed through with and the second folder is back for the 3rd time. So it's still being created on updates, just FYI. For now I'll probably just try to delete it and hopefully it won't show up again.. until another update of course.

Link to post
Share on other sites

Hello Secondfall,

I need further data to assist you in not getting these folders created again.

Please Download OTL to your Desktop:

To Use OTL:

  • Get OTL From
HERE
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
OTL should now start. Change the following settings
Change Drivers to All
Change Standard Registry to All
Under File Scans, change File age to 30
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
Please attach these 2 files in your next reply.

Thank you.

Link to post
Share on other sites

  • 1 month later...

Hi,

I've noticed the 2nd "MALWAREBYTES ANTI-MALWARE" (missing the apostrophe after the "S") folder appearing in my Program Files as well. After deleting the folder, it reappears each time after I boot the computer. I've tried the things posted in this thread running "mbam-clean.exe" and reinstalling Malwarebytes but the folder persists.

I've looked into the program folder since I've lost connection ability to my mapped network drives and network printers and wasn't sure if a malware was at fault. The folder name being in all capital letters seemed odd. Full malwarebytes scan and AVG virus scan in safe mode resulted in nothing. Persistence of the folder reappearing after each reboot seemed odd. I was wondering if this issue Secondfall first posted was resolved or is it normal. Thanks.

Link to post
Share on other sites

  • 2 weeks later...

Hello Amta,

Please Download OTL to your Desktop:

To Use OTL:

  • Get OTL From
HERE
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
OTL should now start. Change the following settings
Change Drivers to All
Change Standard Registry to All
Under File Scans, change File age to 30
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
Please attach these 2 files in your next reply.

Thank you.

Link to post
Share on other sites

Thank you for taking the time to look at this issue.

I've run the OTL as instructed and here are the two files that were generated as the output.

Hello Amta,

Please Download OTL to your Desktop:

To Use OTL:

  • Get OTL From
HERE
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
OTL should now start. Change the following settings
Change Drivers to All
Change Standard Registry to All
Under File Scans, change File age to 30
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
Please attach these 2 files in your next reply.

Thank you.

Extras.Txt

OTL.Txt

Link to post
Share on other sites

Hello amta,

Excellent! I appreciate the logs.

First off, what are the name(s) of the files within this extra folder?

This step is to assure you are consistently getting this issue to occur in your system. We will perform a clean reinstall. The thing I need most is when this new folder is created. F5 will refresh folders once updated. Please keep the folder in which the extra is created and refresh on every step to see the exact moment when this folder is created.

Start off by deleting the extra folder. Then, please right click on a folder/file on your desktop. Refresh the folder to see if the extra folder is created.

Then, please do the following:

  • Download and run mbam-clean.exe from here Refresh the folder to see if the extra folder is created.
  • It will ask to restart your computer, please allow it to do so very important Refresh the folder once the system has booted to see if the extra folder is created.
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here Refresh the folder to see if the extra folder is created.
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates. Refresh the folder to see if the extra folder is created.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

If you have any questions/issues please do not hesitate to ask.

Thank you very much.

Link to post
Share on other sites

  • 2 months later...

Hi there. I have encountered the problem, as described above, twice in the last few days. FYI I am currently using the 15 day pro trial version of your software (which I installed 5 days ago) in tandem with AVG Anti-Virus Free Edition 2012.

The first time the folder appeared I was concerned so I disconnected from the network, deleted the extra folder and ran full scans with MWB and AVG in safe mode, yielding no results. I then removed and reinstalled MWB (latest version), updated the database and ran a full scan, again yielding no results. I repeated this process with Windows Defender, Window Security Essentials and Avast's free antivirus solution (all installed individually to avoid conflicts). All scans were negative.

I returned to my original configuration of MWB and AVG and after reading the forum posts above kept an eye on my folders. This morning a new 'MALWAREBYTES ANTI-MALWARE' appeared in Program Files (x86). The folder contains a single file - 'SSUBTMR6.DLL' which, as I am sure you are aware, is also found (although named in lowercase) in the original 'Malwarebytes' Anti-Malware' folder. However the 'new version' of the file is only 1k in size and contains only a ten digit number (as plain text).

I backed up the folder/file (in case it's required for inspection or validation) and ran the MWB removal tool. This removed the new folder/file immediately and before the reboot.

The new folder and file were timestamped 10:20. I don't know if MWB updated the application or datafiles at that time but the daily log showed MWB was scheduled to update around 23.30 in the evening and had done so the previous night.

Do you have a definitive answer as to if and why this folder is being created by MWB or could it possibly be some sneaky process or malware that is or is trying to circumnavigate MWB?

Thanks.

Link to post
Share on other sites

  • 1 month later...

I did a fresh Windows 7 x64 install recently . Usually do one every year cause pc gets cluttered with junk. I decided to try AVG Free 2012 in tandem with MWB Free. I was using Avast on my old install and never had this issue. But now i'm having the exact same issue as FedSki. MALWAREBYTES ANTI-MALWARE folder being created right after manual update on several occasions, but not everytime, seems random. Deleting the folder and rebooting doesn't bring it back. Folder contains one file, first time it was MBAMEXT.DLL, second time it happened no file in folder, and 3rd time it had SSUBTMR6.DLL file. Considering I just did a fresh install of Win7 I'm pretty sure this isn't some kind of security threat. I think it may be something to do with AVG, since I noticed all of the people with this issue are running it on their PCs. Any ideas?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.