Malwarebytes BIG problem

Topic

New Reply

There’s an acknowledged problem with Malwarebytes. Lawrence Abrams at BleepingComputer has the details: An update pushed by Malwarebytes today for the
[See the full post at: Malwarebytes BIG problem]

7 users thanked author for this post.

Lori, SueW, wdburt1, FakeNinja, AJNorth, Microfix, Tiernan

Reply | Quote

Replies

Beta testing fail, yet again?

Reply | Quote

Did you miss this topic on your own web site:

https://www.askwoody.com/forums/topic/malwarebytes-yikes/

I already had to help a client ‘fix’ his system 8 hours ago, just about the time the posts on AskWoody started appearing.

Then I found out it was an epidemic at the above URL here, and at other sites.

Reply | Quote

This has killed my whole day. 1st client called about 8am and from his description I thought HDD or memory. Logged in and immediately killed MBAM before running HDD diagnostics. System worked OK and everything came up clean. Rebooted and saw MBAM chewing memory. Disabled it and the system worked fine.

Then the phone started ringing off the hook. One machine I was able to get into was using 30GB of memory for MBAM service.

Sometimes I just hate my job!

3 users thanked author for this post.

SueW, Jan K., amraybt

Reply | Quote

Well, as history has turned out, at least you have job security way past retirement time.

Even without knowing your age, I’m pretty confident, it’s a true statement! 😀

Reply | Quote

Jeeze it’s to be semi-retired only 1 call from a client today, hope Monday isn’t a bomb day.

Reply | Quote

I thought it was just my computer, it was extremely annoying. Thanks Woody!

Reply | Quote

I’m glad I’m still running MBAM 2.x free version with twice weekly manual scans, prior to which I always check their forum to see if there are any false positive or other adverse issues going on. The newer version is trying to be too clever by half, as are Malwarebytes generally with their taking over of other products and incorporating them all into a single product. There was an advantage in the simplicity of their original products, and a benefit in having different companies dealing with different forms of protection. There’s always a disadvantage in having all your eggs in one basket, and it must make routine testing of updates that much more problematic.

Of course, broken  definition updates can still catch version 2.x as very likely was the case here, but by not having MBAM running in the background there is a greater chance of any issues being fixed before they’re encountered. Yes, there is a slightly greater risk of malware compromising the system between manual scans, but these days the threat generally seems more and more to come from the software that is supposed to be protecting you from malware rather than from the malware itself.

Incidentally, a recent poster on the MBAM forums as I write this is reporting that while the fix worked ok yesterday, overnight his paid version 3 MBAM automatically installed a newer update which is not functioning properly although it isn’t compromising the system in the same way as occurred yesterday. Beware!

Update: There’s a separate thread on the MBAM forum this morning with a number of people reporting that MBAM is automatically rebooting their machines after a scan without the usual message that would be displayed if any repair had been undertaken. It’s looking like the product is still pretty flaky, and we can expect a whole lot more trouble when business users return to work after the weekend.

2 users thanked author for this post.

SueW, cyberSAR

Reply | Quote

Different anonymous here than in post 162720.

I’ve been running version 3 free of Malwarebytes for several months now with NO problems, including this latest snafu. The web monitoring service (what’s causing the slowdowns and being a resource hog) is only in the FULL edition of version 3.

You can get the free version by downloading the latest version of Malwarebytes 3 and installing it. By default, it will install the full edition of the program on a free two week trial basis after which it will downgrade itself to the free edition. Therefore, immediately upon running it (or opening it) the first time, go to the “My Account” tab within the “Settings” menu and click the buttons to downgrade the license under the “Subscription Details” section of that page, which will downgrade you to the free version. I don’t remember if you have to reboot after that, but it wouldn’t be a bad idea.

After “downgrading” the license to the free version, I haven’t had any nags about upgrading to the paid edition, and it plays well with my other installed anti-crapware programs like Spybot 2.6 and AVG Free 2017! My system: Intel CPU and motherboard, Win7 SP1 x64 Windows Update group A but under Woody’s guidance, so I have auto-update disabled for Windows update.

By the way, I was “offered” to update to version 3 from version 2 when I ran a check for updates in version 2, and that’s how I updated to version 3 those months ago. You can do the same within version 2. Just put a check mark in the settings box for “Check for program updates when checking for definition updates” box and you should then be offered to update to version 3 within a short while the next time or two you check for definition updates. I had (in version 2) and still have (in version 3) Malwarebytes set to manually check for updates.

I don’t like it where programs decide to update themselves in the middle of the work I’m trying to accomplish and ask to suddenly reboot after I save my work in progress. I’m one of the probably very few who, immediately after the computer has finished booting up for the day, take the time to do nothing but check for program updates and install said updates if called for. Then I go about my business uninterrupted.

3 users thanked author for this post.

EstherD, SueW, Elly

Reply | Quote

I updated MBAM on about 40 machines yesterday and although it appeared to solve the issue we left it disabled for the time being. Glad I did now!

Reply | Quote

That explains the trouble yesterday.  Took a short nap and came back to find the internet computer dysfunctional and Malwarebytes acting up, as in repeatedly displaying a popup warning showing that certain functions were turned off.  At one point it repeatedly refused to be turned back on.  The computer was running slowly or simply balking at doing things.  After a couple of hours and half a dozen reboots, suddenly it straightened out.

I did have Malwarebytes on auto update.

One more reason to work on a separate computer.

Reply | Quote

I was having breakfast yesterday and heard my laptop reboot itself. The computer was almost unusable after the reboot. A perusal of Event Viewer logs told the story. MBAM had been throwing annoying popup messages since the last auto-update. MBAM has been uninstalled from all of our actively used computers. Now I’m looking for a replacement program.

I came to this forum yesterday morning, but didn’t find any posts about the problem. Should have checked later in the day! LOL

Reply | Quote

I`m using the Malwarebytes ADWCleaner freeware .  No problem with it so far.

Reply | Quote

I’m a MWB premium user.  This was a total nightmare yesterday.

Reply | Quote

The Malwarebytes support team responded very quickly and considering the issue happened on a weekend, that is commendable. Other companies would have not responded until Monday. I think it says a lot about their staff. The problem was of their making, but they stepped up with the utmost professionalism. It is not as if they consistently send out flawed updates. I understand the angst but it has been somewhat over the top.

The systems I support have Malwarebytes 3 Premium installed and it was a mystery until I got in to take a look at RAM and paging status. It was obvious that MBAM was the culprit, and the service needed to be stopped until a fix was released. The systems do run a bit faster without it, but MBAM has proven its worth in the past. I saw no reason to be concerned over real time protection not being on for a short period of time.

Reply | Quote

I saw the CEO’s apology online and it was a little better than most, as in “I am going to make sure that this never happens again.”

Reply | Quote

Seff wrote:

I’m glad I’m still running MBAM 2.x free version

Same here, but I’ve been wondering…

Although Malwarebytes is still allowing definition/database updates for MBAM 2.x (and not yet forcing upgrade to MBAM 3.x), does anyone know for certain if the older MBAM 2.x version is fully compatible with Microsoft’s latest “AV-gotta-be-compliant-(and-set-the-registry-key-before-install-)or-else-BSOD” patches?

Reply | Quote

I’m not sure how relevant that is, given that MBAM version 2.x isn’t an AV. You’re presumably running an AV separately (in my case it’s MSE) and that should be the program that activates the register key for MS’s patches.

Reply | Quote

I experienced  the Malwarebytes memory/cpu overload bug yesterday, and by this morning was able to  a fix  from them. Seemed like less than 24 hours total based on the forum letters.

Still, there are people slamming them, and many of the biggest complainers are those who use it free.

Wish we could all have the same sort of service from Microsoft [where nothing is free].

2 users thanked author for this post.

Cybertooth, Bill C.

Reply | Quote

amraybt wrote:

I use the free version of MBAM 2 (2.2.1 I think), and I can confirm updating definitions did not add the registry key for compatibility with the January 2018 Windows updates.

Thanks for that info. Even if compatible, though, the free (on-demand) version might not set the registry key, instead leaving it to be set by a primary (real-time) AV scanner.

So whether product is called anti-malware (Malwarebytes) or anti-virus (most others),
I guess I’m just wondering if the older MBAM 2.x scans are fully compatible with Microsoft’s latest patches.

In other words, if I set the registry key (or my primary AV sets the registry key for me), and I then install the Microsoft patches, and I then scan my system with the older no-longer-officially-supported/updated MBAM 2.x scanner, am I likely to have a problem?

Or, put differently, should I (we?) upgrade to MBAM 3.x before installing the Microsoft patches?

Reply | Quote

Win7-64Pro SP1 on Group B here.

I am on the lastest version of Malwarebytes and did not experience this issue that I know of. Last night at about 7:30PM EST, I did have a framerate issue during a game that had never happened before (it is not a demanding game with DX9), but was only for a few seconds and went away and has not happened since. Maybe that was a CPU spike? In my using the PC most of the day yesterday, I did not hear any increased CPU fan speed or increased temps that a fully utilized CPU would show.

I have found Malwarebytes Version 3 Premium to be totally trouble free so far, BUT, I did not upgrade from V.2 Premium until is was almost out of support due to initial teething problems with version 3 that I read about on the MWB forums. When I did upgrade after it calmed down, it was painless and MWB3 is much much faster and more configuable. I have never had an automatic upgrade of the program itself, except for the signatures. In fact I have had to do manual downloads of newer point releases.

I have found no incompatibility of MWB with the January 2018 Security Only Win7-64Pro patch (Meltdown) or the January 2018 IE rollup and MSRT. I have not installed any of the January 2018 .NET patches. In my use of the PC since the patching, i.e., Office programs, Outlook, IE, Firefox 57.0.4 and 58.0, image editing, multiple games, etc., I have not encountered any detectable Meltdown patch slowness issues. Boot may be a few seconds slower, but I did not time it or run benchmarks so I cannot tell definitively.

The only change I can see is in the Windows Experience Index for Memory dropped from 7.6 to 7.5. The Processor, Primary Hard Disk, Graphics, and Gaming Graphics remained the same. Keep in mind that these are not a reliable indicator of performance in the real world.

Reply | Quote

I have had a questionable “security warning” screen pop up twice in the last few weeks. Each time I ran and Avast boot-time scan that found nothing. Today I decided to run MWB. A notice said that my premium program had expired and I should download a new program. I had accidentally downloaded the premium free trial last time, and then shut off all the bells and whistles. I only use MWB to scan from time to time. So I downloaded the free trial. It took much longer to download than usual and was 79MB which seemed to be a larger file than usual. I scanned the exe with Avast and it found no viruses. I started to run the exe but it was going so slowly I stopped it and looked online to see if there were any problems, and thus discovered what is written above. Rather than installing a faulty program and then fixing it, I would prefer to simply install a program that has the bugs figured out. Will this be forthcoming? Thanks!

Reply | Quote

The issue was reportedly fixed already – see DougCuk’s post on the Code Red topic mentioned above.

Reply | Quote

The Register

You publish 20,000 clean patches, but one goes wrong and you’re a PC-crippler forever

https://www.theregister.co.uk/2018/01/29/malwarebytes_patches_patchy_patch/

 

Incidentally, those who have both MWB 3 and RansomFree (from Cybereason) on their Windows boxes may have noticed the detection of a Registry entry ending in NoDrives classified as a PUM (Possibly Unwanted Modification). If so, then it is almost certainly a “honey trap” set by RansomFree; see https://forums.malwarebytes.com/topic/203716-fp-for-cybereason-ransomfree/ (on my machines, this detection is set to Ignore Always).

1 user thanked author for this post.

HiFlyer

Reply | Quote

I’ve used Malewarebytes Premium for quite a number of years though I stuck with v2 as the two or three times I tried using v3 I ran into the problem many users have complained about with web protection turning itself off.

As it turned out v2 was the better option this weekend as it didn’t suffer from the high CPU usage (also confirmed by other v2 users) though it did still have the other problem of most websites being blocked.

I can’t say I was unduly put out by it, however looking at the complaints in the forums about v3 they do seem to have degraded as a company from their previous high standards when they first began. Corporate greed perhaps, I don’t know

 

Reply | Quote

I am pleased at how often my chosen computing practices avert product oopses.

I run a Malwarebytes scan every morning when I start work, using the free version. But I do not – cannot, really – have this problem.

Why can’t this problem manifest here on my systems? Because A) I don’t have a need for an active anti-malware system running all the time, and B) No matter how much a product wants to install its cloud-integrated, run-all-the-time parts, I don’t choose to let it. If it starts services I stop them after it’s done.

In this specific case, I’ve configured Malwarebytes not to start with the system (there’s a checkbox for that). And when the scans I’ve started finish and I’ve reviewed the results, all I need to do is close the window then right-click the tray icon and tell it to Quit Malwarebytes (which now works properly because I petitioned them to fix a problem with it). Its service will exit. Voila, no service running continuously, no possibility of it consuming resources, no unwanted communications, etc.

Of course this assumes you don’t want to use the full Malwarebytes product, but just use it for scans.

Result? A reliable system that doesn’t often suffer from unexpected behavior.

Minimalist computing has its merits, even with a powerful computer system.

-Noel

9 users thanked author for this post.

Seff, flackcatcher, Lori, Cascadian, SueW, AJNorth, johnf, Sessh, geekdom

Reply | Quote

I agree entirely with your approach Noel, and have only ever run MBAM through the free version. Not only does that necessitate the running of manual scans which as you say precludes any automatic nonsense outside my control, but it also allows me to check the forum prior to running the scan so that I can see if the current update is causing any false positives or other issues before I commit to it.

Most importantly, it means that suspect files are not automatically quarantined (from memory the paid version allows a few paltry seconds to decline quarantine which is useless especially if you’re not at the computer at the time) and thus prevents major disasters from happening (like false positives causing critical system files to be quarantined thereby bricking the machine).

I’ve seen MB’s defenders over the latest debacle suggesting that most of their critics are likely to be free users, but apart from being irrelevant in that even free users are entitled to expect a working product that doesn’t brick their machine, that is most unlikely to be the case given that the vast majority of users affected by a broken update will have installed it automatically as part of a running background application and will by definition therefore be using the paid version. The number of free users who just happened by chance to run a manual scan during the short time that the broken update was being offered is likely to be tiny by comparison with paying customers on automatic updating.

So I’m sticking with the free version, but I’m also sticking with version 2.x because I don’t like a lot of what I hear about version 3.x which tries to do too many things in one product. There may come a time when it’s sufficiently proven and stable for an upgrade from version 2.x but I’m yet to be convinced that we are there yet – rather like sticking with Windows 7 rather than upgrading to Windows 10!

If it ain’t broke, I never fix it. Or, to use another cliche, I’ve yet to see the questions to which MBAM version 3.x and Windows 10 are – at least for me – the answers!

2 users thanked author for this post.

SueW, Noel Carboni

Reply | Quote

Noel Carboni wrote:

Minimalist computing has its merits, even with a powerful computer system.

+1

Noel Carboni wrote:

I run a Malwarebytes scan every morning when I start work, using the free version.

Out of curiousity, Noel, have you updated your system to use the MBAM 3.x scanner, or are you still choosing to use the older (not supported/updated, as mentioned above, but definition database updates still working) MBAM 2.x scanner?

And much thanks for all the useful info you provide on this site!

1 user thanked author for this post.

Noel Carboni

Reply | Quote

I am using their latest scanner now, though I held off on moving up to version 3 for a while until they settled down most issues (some of which were ones I reported). I run it only as a double-check; none of the preventative stuff is enabled.

When doing fitness for purpose testing I monitored the new version for unwanted communications and I (my firewall) even today still very occasionally catch it trying to access a few things online that I have no intention of approving (e.g., http://www.microsoft.com). But in general it works fine, and is quick to run and get done with. For a while their service would fail to exit after having done a rootkit scan but it’s been working as it should for a few months now. You can deconfigure the automatic (“e.g., start with Windows”) stuff, and the service will exit on cue if you right-click the tray icon and choose Quit Malwarebytes.

-Noel

4 users thanked author for this post.

Fritz, Bill C., Cascadian, SueW

Reply | Quote

THANK YOU SO MUCH for posting this info… i was totally freaking out that my computer was going down for the count.  i was running TurboTax and the computer froze.  i had to manually reboot.  then i was trying to do some Word editing and the computer froze again and had to manually reboot.  i finally just did a normal shutdown and left it alone.  glad there is a fix being pushed, and it wasn’t some MS [mess].

Reply | Quote

I use MWB and noticed some weird stuttering on my machine that day, and wondered at first whether I actually had picked up some malware. Nope, just a huge memory leak.

If there’s one thing I’ve learned over the past month, between this and the Meltdown/Spectre debacle, it’s that I actually didn’t waste my money putting together an enthusiast-class machine with more processor capacity and memory than I thought I was ever really going to need. I’m never buying or building a ‘sensible workhorse’ computer again. Who knows what colossal, resource-devouring, performance-killing foul ups supposedly trustworthy and reputable companies have in store for us next.

1 user thanked author for this post.

Bill C.

Reply | Quote

I have an issue after running Mbam free version. During the registry scan, it kicked up 2 reg keys as PUP’s. hklm\software\microsoft\tracing\driversupport_rasapi32 and rasmancs.

I found one other instance of this on the web which took me to the mbam forum and the advice dispensed there was to delete,  indicating some kind of driver download software.

I have them quarantined and so far I don’t find anything unusual.

Anyone know what these refer to?  I did recently update some drivers  from ASUS.

I’m using win7sp1x64 and have not done any of the updates for Jan. Also use Avira anti virus.

any help is appreciated….thanks

Win 10 Pro v.20h2

Reply | Quote

I use TrendMicro. Here’s what they have to say about the files.

Reply | Quote

ThanksPK- Can’t find the file indicated however… TROJ_DLOAD.ADR Will deleting the reg keys be sufficient?

Win 10 Pro v.20h2

Reply | Quote

TROJ_DLOAD.ADR may be hidden – by sure to show hidden files and search the whole computer.

The instructions should be on that page.
Another good source is BleepinbComputer under More\File database –  you can search for rasapi32 and rasmancs and TROJ_DLOAD.ADR

1 user thanked author for this post.

rhp52

Reply | Quote

I also use the Mbam free version have the same problem, HKLM\SOFTWARE\MICROSOFT\TRACING\DriverSupport_RASAPI32, HKLM\SOFTWARE\MICROSOFT\TRACING\DriverSupport_RASMANCS. When I ran the scan this morning the first date was for January 25, 2018 then January 31, 2018. So does Mbam have a problem with their code or do I really have this malware?

Reply | Quote

I posted  earlier that Mbam free verison picked up HKLM\SOFTWARE\MICROSOFT\TRACING\DriverSupport_RASAPI32, HKLM\SOFTWARE\MICROSOFT\TRACING\DriverSupport_RASMANCS. Since then I restored the computer to an earlier date which gave an update for Firefox and Java, I haven’t updated Java yet but I did run another Mbam scan and came up with zero problems. Now I’m deciding whether to update Java or not cause I have a feeling that is the culprit.  Please advise.

Reply | Quote

The Java update is for security purposes. I would install it then run mbam. If you get the positive after that you can probably consider it a false positive.

Reply | Quote

Will do, Thank you

Reply | Quote