Jump to content


Malwarebytes problem


  • Please log in to reply
25 replies to this topic

#1 OFFLINE   mac

mac

    Topic Cop

  • Members
  • PipPipPipPipPipPipPip
  • 778 posts

Posted 27 January 2018 - 03:07 PM

Went to get a fresh cup of coffee, and returned to a black screen. Immediately suspected ver 1709 of WIN10, but didn't turn out that way.
Had to do a manual reboot using the reset button on the case - nothing else worked. After rebooting and reviewing the error file, the only named problem was malwarebytes. While diagnosing the problem, the PC black screened again. After another reboot, I brought up Task manager and watched the processes screen. Malwarebytes was using over 4 GB of RAM, and increasing. When it got close to the 8 GB in my PC, I hit the end task for the program. However, though it closed, it relaunched itself, and the RAM usage  started increasing again. I went to the icon on the right side of the task bar, and told it to turn off. Even with that, when I checked in task manager, it was still showing. I did an end task again, and this time it did not restart.
PC running normally now...

Bad update?
Mac
"Long ago, when men cursed and beat the ground with sticks,
it was called witchcraft. Today it's called golf." -- Will Rogers (1879-1935)

#2 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,723 posts

Posted 27 January 2018 - 03:11 PM

Yes. They are working on a fix.
You could try MB-Clean tool to remove and reinstall MB and preserve your licence data.
https://support.malw...m/docs/DOC-1112
Posted Image

Registered Linux User 445659

#3 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,723 posts

Posted 27 January 2018 - 03:21 PM

https://forums.malwa...stay-on/?page=4
Posted Image

Registered Linux User 445659

#4 OFFLINE   Digerati

Digerati

    Post Master

  • Members
  • PipPipPipPip
  • 227 posts

Posted 27 January 2018 - 03:48 PM

I would not bother doing a clean install of Malwarebytes since this clearly is not a problem isolated to you. I've had 3 machines affected with my most common problems being Web Protection Turned off, black screen and Pale Moon locking up.
Posted Image Bill (AFE7Ret)
Freedom is NOT Free!
Posted Image Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

____________________________________________

#5 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,723 posts

Posted 27 January 2018 - 03:54 PM

Patch is now out and clean install worked.

Posted Image
Posted Image

Registered Linux User 445659

#6 OFFLINE   frapper

frapper

    Topic Cop

  • Members
  • PipPipPipPipPipPipPip
  • 775 posts

Posted 27 January 2018 - 04:07 PM

Same symptoms in Win7 this AM. It took me down for 3 hours. Finally restored an Acronis image and all was fine. I'm sure by that time they had the fix in the pipeline. As with Mac, my problem started when I was in Palemoon and stepped away for a few minutes, only to find a script error message on the screen. Then slow as molasses and black screens. I had to do hard shutdowns too. Figured I was somehow infected. Instead I was apparently infected by the very thing that was supposed to thwart infections. All good now.
Posted Image
Norm
Windows 7 Home Premium SP1 x3
USAF - '67-'71
Posted Image

#7 OFFLINE   Digerati

Digerati

    Post Master

  • Members
  • PipPipPipPip
  • 227 posts

Posted 27 January 2018 - 04:09 PM

Quote

Patch is now out and clean install worked.
You should not have to do a clean install just to apply a patch. :(

I just started my Malwarebytes program again. I had it check for updates and it found one, and applied it. But Web Protection was still off. Telling it to start was fruitless. I had to kill Malwarebytes and restart it. It now appears all is working, but frankly, this gave my confidence with the program another hit it did not need after all the other problems since 3.x was first released without proper beta testing over a year ago.
Posted Image Bill (AFE7Ret)
Freedom is NOT Free!
Posted Image Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

____________________________________________

#8 OFFLINE   zlim

zlim

    It's me, plodr

  • Forum MVP
  • 7,129 posts

Posted 27 January 2018 - 04:29 PM

I had my first ever low memory error box. Everything disappeared from my desktop. I had a USB stick in and wanted to remove it. Impossible to do with no icons anywhere.
Task Manager wouldn't open.

I too thought that maybe the linux stick I was going to format and redo did something to the computer. But when my husband's froze and my desktop had web protection disabled, I fired up my android tablet and went to the MBAM forum to see if something was up.

I guess I'm off to update.
Liz
Registered Linux User # 401459
Posted Image

#9 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,723 posts

Posted 27 January 2018 - 04:38 PM

This isn't the first time I've uninstalled and reinstalled Malware Bytes to fix a problem. I was having the same issues with Web Protection off. Probably just restarting and getting the update would have fixed it but since I had already closed the program I figured a reinstall wouldn't hurt.
I agree with Digerati that my confidence is low in this particular program. The issues surfaced after version 3 came out.
Posted Image

Registered Linux User 445659

#10 OFFLINE   Digerati

Digerati

    Post Master

  • Members
  • PipPipPipPip
  • 227 posts

Posted 27 January 2018 - 04:48 PM

FTR, my confidence the program is protecting me is extremely high. It is my confidence the company doing adequate in-house testing prior to releasing updates that has not recovered from the 3.0 release fiasco over a year ago. I feel the offending update that broke Malwarebytes could have been caught with better in house testing - considering how quickly and how widespread the problem occurred.
Posted Image Bill (AFE7Ret)
Freedom is NOT Free!
Posted Image Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

____________________________________________

#11 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,723 posts

Posted 27 January 2018 - 04:57 PM

Yes it does a good job of anti-malware and I was lucky enough to get a perpetual licence at a good deal so I continue to use it. It works well with my antivirus and firewall (ESET.)
Posted Image

Registered Linux User 445659

#12 OFFLINE   Digerati

Digerati

    Post Master

  • Members
  • PipPipPipPip
  • 227 posts

Posted 27 January 2018 - 05:16 PM

Quote

And I was lucky enough to get a perpetual licence at a good deal
Yeah, several years ago I got a bunch of lifetime licenses (with no annual/recurring fees - which I hate) for me and my kids at a special cost before they went to the subscription model. Otherwise, I probably would not have it on my systems.

Edited by Digerati, 27 January 2018 - 05:19 PM.

Posted Image Bill (AFE7Ret)
Freedom is NOT Free!
Posted Image Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

____________________________________________

#13 OFFLINE   ebrke

ebrke

    Board Bigwig

  • Forum MVP
  • 2,807 posts

Posted 27 January 2018 - 07:19 PM

I too had this problem with mother's laptop this morning. Strangely enough, after booting in safe mode, which was the only way I could get anything done, I discovered something on her desktop she must have downloaded and quickly deleted it. When I rebooted, everything was okay and memory usage remained normal. There was certainly something hinky about what she downloaded, since at some point in the proceedings I'm pretty sure I saw a UAC prompt asking to let that object make changes to the system. Of course, I said no and deleted the object. I'm wondering if MalwareBytes managed to download the patch right when I was deleting the unwanted object from her desktop. I'm going to check on the program version later. I usually have MB set to notification only, but must have forgotten to do that after the last program update.

One thing I noticed was that MalwareBytes loaded even when I was in safe mode. Anyone else noticed that? Even ESET didn't load in safe mode, but MB did. I'm not sure how happy I am with that behavior.

Edited by ebrke, 27 January 2018 - 07:25 PM.

Posted Image

#14 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,723 posts

Posted 28 January 2018 - 12:18 PM

Things seem to be back to normal now. I hope everyone updated OK.
Posted Image

Registered Linux User 445659

#15 OFFLINE   Digerati

Digerati

    Post Master

  • Members
  • PipPipPipPip
  • 227 posts

Posted 28 January 2018 - 12:31 PM

Well, the update/fix was "pushed" out so hopefully those not even aware something was wrong are still in ignorant bliss! ;)
Posted Image Bill (AFE7Ret)
Freedom is NOT Free!
Posted Image Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

____________________________________________

#16 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,723 posts

Posted 28 January 2018 - 12:42 PM

Yes I had a laptop which was offline during the whole incident and it just picked up where it left off yesterday with a proper update. Thankful for that much.
Posted Image

Registered Linux User 445659

#17 OFFLINE   zlim

zlim

    It's me, plodr

  • Forum MVP
  • 7,129 posts

Posted 28 January 2018 - 12:59 PM

I didn't need to uninstall to fix two of the computers. I selected "check for updates". When it opened it said downloading or installing depending on when the program opened. Web protection was still off. I did not try to turn it on. I rebooted and the computers were back to normal.
Apparently my desktop bypassed the bad update. It is still on 1.0.3787 while the two fixed computers are on 1.0.3804.
Liz
Registered Linux User # 401459
Posted Image

#18 OFFLINE   Digerati

Digerati

    Post Master

  • Members
  • PipPipPipPip
  • 227 posts

Posted 28 January 2018 - 01:20 PM

Nobody should have needed to uninstall and reinstall. But many did I suspect, because that seems to be the automatic (first checklist item) suggestion on the Malwarebytes forums whenever anything goes wrong with the program. Even though that very often works, I usually find that suggestion irritating - sort of a cop-out. I guess because I don't understand why a program's installation so easily gets messed up in the first place that a simple uninstall/reinstall fixes it. Particularly for a security program which I feel should be much more robust.

Quote

Apparently my desktop bypassed the bad update.
If it is still on 3787, it did not bypass any update. It has not updated yet. :(

Right now, everyone should be on:

Malwarebytes version: 3.3.1.2183

Component package version: 1.0.262

Update package version: 1.0.3808


Also, it was not even necessary to exit and restart Malwarebytes after applying the update/fix. Although Web Protection remained turned off after the update was applied, just waiting it out a few minutes would have given the program time to enable it again. That said, no harm restarting and setting everything straight right away.
Posted Image Bill (AFE7Ret)
Freedom is NOT Free!
Posted Image Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

____________________________________________

#19 OFFLINE   ebrke

ebrke

    Board Bigwig

  • Forum MVP
  • 2,807 posts

Posted 28 January 2018 - 03:55 PM

Quote

Apparently my desktop bypassed the bad update. It is still on 1.0.3787 while the two fixed computers are on 1.0.3804.
Mom's laptop is still at 1.0.3803. Whatever the problems were related to on her machine yesterday, today everything is fine, but it makes me nervous about requesting the patch manually (I turned off auto installation).
Posted Image

#20 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,723 posts

Posted 28 January 2018 - 08:13 PM

If you have 1.0.3803 that did incorporate the patch so you should be OK. However as Bill said the current update is 1.0.3808.
Posted Image

Registered Linux User 445659

#21 OFFLINE   Temmu

Temmu

    The Assimilator

  • Forum MVP
  • 12,543 posts

Posted 29 January 2018 - 12:44 AM

between the meltdown patch blue screens and this, ya gotta ask yourself, doesn't anyone test before letting these things fly??
Posted Image

#22 OFFLINE   Corrine

Corrine

    The Mystical Rose

  • Forum Admins
  • 4,247 posts

Posted 29 January 2018 - 12:11 PM

From the PDF, root cause, attached to the Malwarebytes blog post, IMPORTANT: Web Blocking / RAM Usage - Malwarebytes Labs | Malwarebytes Labs:

Quote

Findings and Root Cause

There are detection syntax controls in place to prevent such events as the one experienced in this incident. Recently we have been improving our products so that we can show the reason for a block, i.e. the detection "category" for the web protection blocks. In order to support this new feature, we added enhanced detection syntaxes to include the block category in the definitions. The unfortunate oversight was that one of the syntax controls was not implemented in the new detection syntax, which cause the malformed detection to be pushed into production.

Corrective Action Based on the finding listed above, the following corrective actions will be taken:
  • The system that performs the syntax checking of all Web Filtering heuristics will be expanded to reject entries that cover these wide IP ranges.
  • The components within the Malwarebytes Web Filtering system that runs on customer computers will be changed to perform stronger checking of these entries – similar to the point above – and reject any that do not meet that criteria.
  • Improve the facility within our publishing system that provides the ability for faster rollback of problematic detections. This will reduce the window of exposure, thus reducing the number of customers impacted.
  • Add many more computers to our existing testing cluster to increase the scope of our coverage.

Posted Image

Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

#23 OFFLINE   Digerati

Digerati

    Post Master

  • Members
  • PipPipPipPip
  • 227 posts

Posted 29 January 2018 - 02:14 PM

Thanks for that Corrine. Did you notice the Chronology of Events? 15 minutes after the offending patch was posted to their update server, the problem was reported to their Research Team. As indicated earlier in that report the Research Team was notified by their Customer Success team (which I am assuming is their customer's first point of contact). So users started noticing the problem in considerably less than 15 minutes.

I can't help but wonder how the offending update was released for distribution with a flaw that was so readily apparent? :(

I am glad to see,

Quote

This investigation will result in identification and implementation of changes to the release process of these
detections, specifically – but not limited to – stricter verification and validation of detection syntax and scope.

Add many more computers to our existing testing cluster to increase the scope of our coverage.
But with the past fiasco of 3.0x clearly being released with inadequate in-house testing, I fear for many unhappy users, these steps may be too little too late to restore their confidence. :(
Posted Image Bill (AFE7Ret)
Freedom is NOT Free!
Posted Image Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

____________________________________________

#24 OFFLINE   raymac46

raymac46

    Discussion Deity

  • Forum MVP
  • 3,723 posts

Posted 29 January 2018 - 04:18 PM

Even though their bulletin has a horse..barn door..closed ring to it, I am encouraged that MB have taken the problem seriously and do have some additional steps in place to prevent another glitch like this.
Posted Image

Registered Linux User 445659

#25 OFFLINE   Digerati

Digerati

    Post Master

  • Members
  • PipPipPipPip
  • 227 posts

Posted 29 January 2018 - 05:30 PM

I agree. They did a "stand up" job on that front.
Posted Image Bill (AFE7Ret)
Freedom is NOT Free!
Posted Image Windows and Devices for IT, 2007 - 2018

Heat is the bane of all electronics!

____________________________________________




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users