Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes not working (need help to get it working again)


  • This topic is locked This topic is locked
19 replies to this topic

#1 Jisupset

Jisupset

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 23 September 2014 - 05:00 PM

I am trying to get Chameleon to help get the MalwareBytes program working again.  I have run into issues with CryptoPrevent stalling the fix with popups saying it is blocking a file ending in .scr and a file ending in firefox.pif and another file ending in firefox.scr

It asks if I want to continue, and I don't know if I should continue or cancel.

MalwareBytes will not update, and a scan history log reveals that the Malware Protection has been disabled, as well as malicious website protection, and self protection, all disabled

Can anybody help me please?



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,395 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:58 AM

Posted 23 September 2014 - 08:59 PM

Malwarebytes Chameleon Technology is a feature which deals with malware that targets Malwarebytes Anti-Malware and other security tools to keep them from running properly. Chameleon includes renamed versions/file extensions of the tool (firefox.com, firefox.exe, firefox.scr, iexplore.exe, winlogon.exe, windows.exe, rundll32.exe, etc) that can be used when the normal .exe file is blocked from running by the malware.

CryptoPrevent has a filter module (in the installer version) which allows you to apply (enable) or disable suspicious program filtering for .cpl, .scr and .pif files which are executable files. This option is found by opening CryptoPrevent and selecting Advanced > show Advanced Options at the top.

However, before disabling you may want to try using one of the other renamed files such as iexplore.exe, winlogon.exe, windows.exe.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Jisupset

Jisupset
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 24 September 2014 - 03:13 PM

Thanks quietman7.  I will try your suggestions.  Really appreciate the help.



#4 Jisupset

Jisupset
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 24 September 2014 - 03:40 PM

and so, do I just go online and download one of those you suggested?  I am new to all of this, and a bit worried.  Do I have to be online when I run Chameleon?  I have stayed offline because of the problems I have.

 


Edited by Jisupset, 24 September 2014 - 03:48 PM.


#5 Jisupset

Jisupset
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 24 September 2014 - 03:41 PM

oh, and another question, why is that a better action to take?

I just ran through all my choices, and the only ones CryptoPrevent brings up, are

C:\PROGRA~2\MALWAR~1\CHAMEL~1\WINDOWS\MBAM-C~1.SCR  , and

C:\PROGRA~2\MALWAR~1\CHAMEL~1\WINDOWS\MBAM-C~1.PIF   , and

C:\PROGRA~2\MALWAR~1\CHAMEL~1\WINDOWS\firefox.pif   , and

C:\PROGRA~2\MALWAR~1\CHAMEL~1\WINDOWS\firefox.scr

 

So, again, do I download iexplore.exe or the others you suggested, from online? 

 


Edited by Jisupset, 24 September 2014 - 04:08 PM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,395 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:58 AM

Posted 24 September 2014 - 04:43 PM

You do not have to be online.

How to Use Chameleon to run Malwarebytes Anti-Malware

...If the Chameleon help file will not open for any reason, you may alternatively navigate to your Malwarebytes Anti-Malware program folder (usually under C:\Program Files or C:\Program Files (x86)) and open the Chameleon folder.

Once there, you may double-click on any of the files within that folder except mbam-killer.exe in order to attempt to launch Chameleon.


Within that same folder should be renamed files...iexplore.exe, winlogon.exe, windows.exe, etc.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Jisupset

Jisupset
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 24 September 2014 - 05:30 PM

I tried iexplore.exe, winlogon.exe, windows.exe and they all stalled, but at different points in attempting the scan, should I try the rest in the Chameleon list, except mbam-killer.exe?

 

There are four other mbam files besides the -killer.exe. Their type are mbam-chameleon msdos application, application, PIF file and SCR file. Are they okay to try?  There are also four firefox files with the type msdos application, application Pif file and SCR file.  , as well as one called svchost.with the type application.  Should I try all of those?


Edited by Jisupset, 24 September 2014 - 05:42 PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,395 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:58 AM

Posted 24 September 2014 - 05:42 PM

You can try any except for except mbam-killer.exe but CryptoPrevent will stop those with .scr and .pif file extensions.

BTW, are you just trying to run a scan or is your computer infected with malware?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Jisupset

Jisupset
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 24 September 2014 - 05:45 PM

I suspect I have been infected with Malware, but I do not know for sure , that is why I tried to initiate a scan

Should I allow the program to run that CryptoPrevent is stopping?

Edited by Jisupset, 24 September 2014 - 05:47 PM.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,395 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:58 AM

Posted 24 September 2014 - 06:10 PM

Should I allow the program to run that CryptoPrevent is stopping?

If you are sure its one of Chameleon's renamed versions you certainly can try that. I can only go by what you describe and from that description it appears to be the case.

 

I suspect I have been infected with Malware, but I do not know for sure , that is why I tried to initiate a scan


If you need individual assistance with malware infection, you can start a new topic in the Am I infected? What do I do? forum OR follow the instructions provided in the Malware Removal and Log Section Preparation Guide starting at Step 6.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs. (Note: Windows 8.1 Users will not be able run DDS and create a log)
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

If you choose to post a log...after doing that, please reply back in this thread with a link to the new topic so we can closed this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,395 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:58 AM

Posted 24 September 2014 - 06:20 PM

Being that CryptoPrevent is designed primarily to prevent crypto malware and you may not want to take the chance or are unsure, it may be better to start a new topic or post a log if you're hesitant about trying to allow the program to run.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 Jisupset

Jisupset
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 24 September 2014 - 07:05 PM

I went ahead and tried all of the files in Chameleon, and none of them worked.  They all stalled.  I will begin the Malware Removal and Log Section Preparation Guide tomorrow.  Do you still want me to come back to this topic once I have started that?  So am I correct, you want me to start with step 6?



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,395 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:58 AM

Posted 24 September 2014 - 07:31 PM

Have you tried running your scan in safe mode? Many security scanners (like Malwarebytes) are designed and recommended to run in normal mode for optimal detection and removal so it does not limit the program's abilities. However, when a regular mode scan fails or you cannot boot up normally, then attempting a scan in safe mode is an alternative.

If that still does not work, then yes start with Step 6. After opening your new topic with logs, let me know so I can close this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 Jisupset

Jisupset
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 24 September 2014 - 08:47 PM

ok will try the safe mode, and thank you for all your help.  I will let you know once I have opened the new topic with logs.  I will let you move on to others for the time being, but will keep this topic open until I open new topic with logs.



#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,395 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:58 AM

Posted 25 September 2014 - 04:48 AM

Not a problem.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users