20 replies to this topic

[aram535]

Hi,

I've been getting a notification since I upgraded to v4.1 (I think). A prompt that comes up that says

Malwarebyte's Anti-Malware
Malwarebyte's Anti-Malware IP Protection:
Infection detected: <ip address>

Ok, all good. thank you for stopping whatever it was.

A couple of issues:

1) The message doesn't go away, you have to click on the X to get rid of it which is very annoying.
2) There is no record of what was stopped, what was contained, and what triggers Malware to say it was <whatever>.

Am I missing an option here? I would like to have IP Protector be on, but not have to dismiss the message every time, and it happens a lot it seems. I'm assuming these are tracking cookies of some kind I've even gotten them going to known good sites (cnn, nytimes, weather.com, etc.)

Thanks.

Aram

[exile360]

Greetings aram535 and welcome .

Please review the information in the posts in this thread and it will most likely answer your questions for you. It explains what the message means, how the IP Protection works and also has options for controlling whether the IP Protection displays the messages or not as well as some other options.

[aram535]

Thank you, exactly what I needed. Two questions:

1. The log is simply a log of what was on the screen, no further information is provided as to what the "cause" of the block was.
2. The key: HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware doesn't seem to exist on my vista 64 machine. Is that the current location?

Thanks.

[exile360]

You're welcome .

• The cause is that the IP's (websites) that were blocked have been determined to be malicious and therefore whenever your computer tries to access them, Malwarebytes' blocks it to prevent possible infection as those sites are typically known to either host malware or criminal activities such as phishing scams.
  
• Yes, that's where it should be. I'm on Vista x64 as well and I have that key, I verified it shows up in both the 32 bit and 64 bit versions of regedit (one located in System32 and the other located in SysWoW64).

[aram535]

Ok I've created the Key and the DWORD value within. Let's see if the app will read it.

Thank you for your help.

[exile360]

You're welcome, let me know if you have any trouble.

[aram535]

Hi, it doesn't look like the key in the other article is being read:

[HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware]
"silentipmode"=dword:00000001

I restarted the machine and still when the IP block happens, it still display and it never goes off (until manually closed).

However, the second one you mentioned maybe working:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware]
"silentipmode"=dword:0000000

I'll 100% confirm later on today.

[exile360]

Ok, I'll get one of the staff to take a look at this thread as well .

[aram535]

I think adding to the WOW6432Node fixed it. So that's the proper path, for Vista 64 anyway.

[exile360]

Yes, it seems so, although I'm running Vista 64 myself and have it in both locations. For some reason MBAM placed its entries in both locations. I'm investigating the cause but I suspect it could've been leftovers from a previous version before it was made fully 64 bit compatible.

[AdvancedSetup]

You should probably run the full clean removal and verify reg keys are gone yourself Exile and then re-install the latest version again.

[yardbird]

Instructions for a clean removal and reinstall below:

please try a clean tool below, remove the program and re-install again

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. http://www.malwareby.../mbam-clean.exe

4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwareby...am-download.php

Note: You will need to reactivate the program using the license you were sent
Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan.

PLease post back with your results....regards...

[exile360]

Thanks for the instructions yardbird .

I did it but the key was still there in the 64 bit registry so I removed it manually, reloaded MBAM and all is well, no new key was created there in the 64 bit registry .

[swagger]

In the 32 bit or the 64 bit? I got the impression that you were using a 64 bit O/S and wanted to know why there were entries left in the 32 bit registry. Or am I backwards?

[exile360]

They show up in both registries (there are actually 2 registries in 64 bit Windows, a 32 bit version and a 64 bit version), but in the 64 bit registry they should only show up under the wow6432node key.

[swagger]

Got you... Hmm, I need to investigate my x64 laptop a bit more... do you access the 2 registries differently?

[exile360]

Yep, one version of Regedit is located in C:\Windows\System32 while the other (32 bit version) is located in C:\Windows\SysWoW64.

[swagger]

By a little research, I found that "regedit" from the Run box opens the 64 bit version by default. Do you know the quick way to open the 32 bit registry? Is it:

Click Start, click Run, type drive letter where you installed Windows x64 Edition\Windows\syswow64\regedit.exe –m in the Open box, and then click OK. The –m switch lets you to run multiple instances of Registry Editor.

[exile360]

I haven't tried the -m switch but the path is correct. I've got them both pinned to my start menu myself, each labelled as either 32 bit or 64 bit.

[GT500]

swagger said:

Got you... Hmm, I need to investigate my x64 laptop a bit more... do you access the 2 registries differently?

They are both in the same registry, and are both accessible through the 64-bit version of regedit (but only the 32-bit sections are accessible in the 32-bit version of regedit).

It's pretty easy to tell the difference in the 64-bit version of regedit (which is the default, BTW). For instance, when the two are separated in HKLM/Software, it looks like this:

64-bit:
HKEY_LOCAL_MACHINE\SOFTWARE

32-bit:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node

64-bit apps can, of course, see the 32-bit sections if they look in Wow6432Node, but 32-bit apps are shown the Wow6432Node as if it were the HKLM/Software key.

It works through WoW64, just like the System32 and SysWow32 directories do. 32-bit apps see the SysWow32 directory as if it were the System32 directory, and 64-bit apps will see both.