Jump to content

Malwarebytes problem


mac

Recommended Posts

Went to get a fresh cup of coffee, and returned to a black screen. Immediately suspected ver 1709 of WIN10, but didn't turn out that way.

Had to do a manual reboot using the reset button on the case - nothing else worked. After rebooting and reviewing the error file, the only named problem was malwarebytes. While diagnosing the problem, the PC black screened again. After another reboot, I brought up Task manager and watched the processes screen. Malwarebytes was using over 4 GB of RAM, and increasing. When it got close to the 8 GB in my PC, I hit the end task for the program. However, though it closed, it relaunched itself, and the RAM usage started increasing again. I went to the icon on the right side of the task bar, and told it to turn off. Even with that, when I checked in task manager, it was still showing. I did an end task again, and this time it did not restart.

PC running normally now...

 

Bad update?

Link to comment
Share on other sites

I would not bother doing a clean install of Malwarebytes since this clearly is not a problem isolated to you. I've had 3 machines affected with my most common problems being Web Protection Turned off, black screen and Pale Moon locking up.

Link to comment
Share on other sites

Same symptoms in Win7 this AM. It took me down for 3 hours. Finally restored an Acronis image and all was fine. I'm sure by that time they had the fix in the pipeline. As with Mac, my problem started when I was in Palemoon and stepped away for a few minutes, only to find a script error message on the screen. Then slow as molasses and black screens. I had to do hard shutdowns too. Figured I was somehow infected. Instead I was apparently infected by the very thing that was supposed to thwart infections. All good now.

Link to comment
Share on other sites

Patch is now out and clean install worked.
You should not have to do a clean install just to apply a patch. :(

 

I just started my Malwarebytes program again. I had it check for updates and it found one, and applied it. But Web Protection was still off. Telling it to start was fruitless. I had to kill Malwarebytes and restart it. It now appears all is working, but frankly, this gave my confidence with the program another hit it did not need after all the other problems since 3.x was first released without proper beta testing over a year ago.

Link to comment
Share on other sites

I had my first ever low memory error box. Everything disappeared from my desktop. I had a USB stick in and wanted to remove it. Impossible to do with no icons anywhere.

Task Manager wouldn't open.

 

I too thought that maybe the linux stick I was going to format and redo did something to the computer. But when my husband's froze and my desktop had web protection disabled, I fired up my android tablet and went to the MBAM forum to see if something was up.

 

I guess I'm off to update.

Link to comment
Share on other sites

This isn't the first time I've uninstalled and reinstalled Malware Bytes to fix a problem. I was having the same issues with Web Protection off. Probably just restarting and getting the update would have fixed it but since I had already closed the program I figured a reinstall wouldn't hurt.

I agree with Digerati that my confidence is low in this particular program. The issues surfaced after version 3 came out.

Link to comment
Share on other sites

FTR, my confidence the program is protecting me is extremely high. It is my confidence the company doing adequate in-house testing prior to releasing updates that has not recovered from the 3.0 release fiasco over a year ago. I feel the offending update that broke Malwarebytes could have been caught with better in house testing - considering how quickly and how widespread the problem occurred.

Link to comment
Share on other sites

Yes it does a good job of anti-malware and I was lucky enough to get a perpetual licence at a good deal so I continue to use it. It works well with my antivirus and firewall (ESET.)

  • Like 1
Link to comment
Share on other sites

And I was lucky enough to get a perpetual licence at a good deal
Yeah, several years ago I got a bunch of lifetime licenses (with no annual/recurring fees - which I hate) for me and my kids at a special cost before they went to the subscription model. Otherwise, I probably would not have it on my systems. Edited by Digerati
Link to comment
Share on other sites

I too had this problem with mother's laptop this morning. Strangely enough, after booting in safe mode, which was the only way I could get anything done, I discovered something on her desktop she must have downloaded and quickly deleted it. When I rebooted, everything was okay and memory usage remained normal. There was certainly something hinky about what she downloaded, since at some point in the proceedings I'm pretty sure I saw a UAC prompt asking to let that object make changes to the system. Of course, I said no and deleted the object. I'm wondering if MalwareBytes managed to download the patch right when I was deleting the unwanted object from her desktop. I'm going to check on the program version later. I usually have MB set to notification only, but must have forgotten to do that after the last program update.

 

One thing I noticed was that MalwareBytes loaded even when I was in safe mode. Anyone else noticed that? Even ESET didn't load in safe mode, but MB did. I'm not sure how happy I am with that behavior.

Edited by ebrke
Link to comment
Share on other sites

Yes I had a laptop which was offline during the whole incident and it just picked up where it left off yesterday with a proper update. Thankful for that much.

Link to comment
Share on other sites

I didn't need to uninstall to fix two of the computers. I selected "check for updates". When it opened it said downloading or installing depending on when the program opened. Web protection was still off. I did not try to turn it on. I rebooted and the computers were back to normal.

Apparently my desktop bypassed the bad update. It is still on 1.0.3787 while the two fixed computers are on 1.0.3804.

Link to comment
Share on other sites

Nobody should have needed to uninstall and reinstall. But many did I suspect, because that seems to be the automatic (first checklist item) suggestion on the Malwarebytes forums whenever anything goes wrong with the program. Even though that very often works, I usually find that suggestion irritating - sort of a cop-out. I guess because I don't understand why a program's installation so easily gets messed up in the first place that a simple uninstall/reinstall fixes it. Particularly for a security program which I feel should be much more robust.

 

Apparently my desktop bypassed the bad update.
If it is still on 3787, it did not bypass any update. It has not updated yet. :(

 

Right now, everyone should be on:

 

Malwarebytes version: 3.3.1.2183

Component package version: 1.0.262

Update package version: 1.0.3808

 

Also, it was not even necessary to exit and restart Malwarebytes after applying the update/fix. Although Web Protection remained turned off after the update was applied, just waiting it out a few minutes would have given the program time to enable it again. That said, no harm restarting and setting everything straight right away.

  • Like 1
Link to comment
Share on other sites

Apparently my desktop bypassed the bad update. It is still on 1.0.3787 while the two fixed computers are on 1.0.3804.

Mom's laptop is still at 1.0.3803. Whatever the problems were related to on her machine yesterday, today everything is fine, but it makes me nervous about requesting the patch manually (I turned off auto installation).

Link to comment
Share on other sites

From the PDF, root cause, attached to the Malwarebytes blog post, IMPORTANT: Web Blocking / RAM Usage - Malwarebytes Labs | Malwarebytes Labs:

 

Findings and Root Cause

 

There are detection syntax controls in place to prevent such events as the one experienced in this incident. Recently we have been improving our products so that we can show the reason for a block, i.e. the detection "category" for the web protection blocks. In order to support this new feature, we added enhanced detection syntaxes to include the block category in the definitions. The unfortunate oversight was that one of the syntax controls was not implemented in the new detection syntax, which cause the malformed detection to be pushed into production.

 

Corrective Action Based on the finding listed above, the following corrective actions will be taken:

  • The system that performs the syntax checking of all Web Filtering heuristics will be expanded to reject entries that cover these wide IP ranges.
  • The components within the Malwarebytes Web Filtering system that runs on customer computers will be changed to perform stronger checking of these entries – similar to the point above – and reject any that do not meet that criteria.
  • Improve the facility within our publishing system that provides the ability for faster rollback of problematic detections. This will reduce the window of exposure, thus reducing the number of customers impacted.
  • Add many more computers to our existing testing cluster to increase the scope of our coverage.

  • Like 3
Link to comment
Share on other sites

Thanks for that Corrine. Did you notice the Chronology of Events? 15 minutes after the offending patch was posted to their update server, the problem was reported to their Research Team. As indicated earlier in that report the Research Team was notified by their Customer Success team (which I am assuming is their customer's first point of contact). So users started noticing the problem in considerably less than 15 minutes.

 

I can't help but wonder how the offending update was released for distribution with a flaw that was so readily apparent? :(

 

I am glad to see,

This investigation will result in identification and implementation of changes to the release process of these

detections, specifically – but not limited to – stricter verification and validation of detection syntax and scope.

 

Add many more computers to our existing testing cluster to increase the scope of our coverage.

But with the past fiasco of 3.0x clearly being released with inadequate in-house testing, I fear for many unhappy users, these steps may be too little too late to restore their confidence. :(

Link to comment
Share on other sites

Even though their bulletin has a horse..barn door..closed ring to it, I am encouraged that MB have taken the problem seriously and do have some additional steps in place to prevent another glitch like this.

  • Like 3
Link to comment
Share on other sites

Hello,

 

Glad to see that Malwarebytes resolved the issue so quickly, and their CEO was very upfront about informing users what happened. Excellent response to a difficult issue.

 

Regards,

 

Aryeh Goretsky

  • Like 5
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...