• Content count

  • Joined

  • Last visited

1 Follower

About tetonbob

  • Rank

Recent Profile Visitors

15,085 profile views
  1. Hi Gt-truth. Great! Thanks for participating in our Beta
  2. Hi Gt-truth. Nice avatar I don't think this is anything to be concerned about. This startup entry is as expected for MBARW. You may want to have Trojan Scanner ignore this entry, and perhaps report it to them. Since the message you were asking about was from other programs and how they were viewing MBARW's startup entry, I don't think that in this case you need to provide the information requested by 1PW. If in the future you do need to, then you would click Yes on that message. Thank you!
  3. Hello, mrdodrop (Gt-truth? New user name today ). These are MBARW's startup entries being flagged by two different programs. It seems that Trojan Scanner can't see that there's an argument (--starttray) at the end of the path and is considering that a 'non-executable file extension'.
  4. Thanks, John. That has been our experience as well in all cases. It has been replicated in house, and Dev is investigating.
  5. Hi PcDad. Thanks for your report. I'm glad to hear that. For now, with this Insider Build, you'll not be able to perform rootkit scans. Our Engineering team is looking into this, but I have no time frame about a possible resolution.
  6. Interesting. In all other cases we've handled with this issue, disabling rootkit scanning ended the BSOD issue. Please disable self-protection in MBAM. Go to Settings in the top navigation Go to Advanced Settings Uncheck Enable self-protection module The following steps will require a restart of your computer. Configure your system for Complete Memory Dump: Open File Explorer (click the folder icon in the left part of the taskbar). Right-click This PC and select Properties from the menu. In the left part of the System window, click Advanced system settings. In the System Properties window, go to the Advanced tab. In the Startup and Recovery section, click Settings. In the Startup and Recovery window, select Complete memory dump from the drop-down list. Uncheck Automatically restart Click OK and OK your way out of the dialog box. Allow the computer to restart. Once back in Windows... Attempt to run a new scan, ensuring 'Scan for rootkits' is not enabled. Let me know the results, please. Thanks!
  7. Hi PcDad. Thanks for that information. Do you have scheduled scans in place which have rootkit scanning enabled? Can you please run the diagnostic tools shown in this topic, and attach the logs to your reply? https://forums.malwarebytes.org/topic/146024-assistance-obtaining-computer-system-information/ Thank you.
  8. PcDad, hello and welcome to the forums. I am not a BSOD analyst but I do have a few questions for you. The BSOD experts may interject with their analysis and questions. Are you running rootkit scans? If you are, does disabling the rootkit scan stop the BSOD? Is Secure Boot enabled? Do you have a Complete Memory dump available? (C:\Windows\MEMORY.DMP)
  9. Hi Teddyjtr. Please see your private message inbox. Thanks! Also, if you have the MBAMService.log from the affected machine, that would be great to have. It's located here: C:\ProgramData\Malwarebytes\MBAMService\logs\
  10. Hello Teddyjtr. Welcome to the forums. Thanks for your report. Was this a test environment? Can you share the MD5 or SHA256 of the sample you ran? In our tests, we are successfully detecting some variants of CryptXXX. We are aware of additional variants and are working on solutions for our next Beta release.
  11. Hi wunsche. I edited out the image you provided as it showed the license and we don't want that posted. The license in the image was a Malwarebytes Anti-Malware license. In your purchase, you received both a Malwarebytes Anti-Exploit (MBAE) license and a Malwarebytes Anti-Malware (MBAM) license. The MBAE license has an ID and Key. The MBAM license in this case is only a Key. If you need further assistance, please create a ticket in our help desk. We do typically prefer to handle license issues in that more private setting. You can create a support ticket by following the instructions on this link: https://support.malwarebytes.com/customer/portal/articles/2029485?b_id=6440 Direct link to open a ticket: https://support.malwarebytes.com/customer/portal/emails/new?b_id=6440
  12. Hi RRin. Can you export the Application logs from your Event Viewer? run eventvwr.msc -> Windows Logs -> Application Right click on Application and select Save All Events As... Select a name and location for the .evtx file and save it Zip that file, and attach it to a reply. Thank you.
  13. Hi. Is this folder "C:\Program Files (x86)\Advanced Monitoring Agent" (aka C:\PROGRA~2\ADVANC~1)" related to GFI LanGuard?
  14. Thanks, GeekFreak. We're looking into this. About this: The \Quarantine directory is created as needed by the application, not during installation. Have the files in question actually be removed from your system? They no longer exist in their original locations? C:\PROGRA~2\ADVANC~1\patchman\11\lnsscomm.exe C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\16.0.6965.2058\OfficeClickToRun.exe
  15. Hi GeekFreak. Can up zip and upload this directory? C:\ProgramData\Malwarebytes\MBAMService\Quarantine Also please zip and upload this entire directory: C:\ProgramData\Malwarebytes\MBAMService\logs