Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows update from MBAM anti exploit?


  • Please log in to reply
13 replies to this topic

#1 Zuben el genub

Zuben el genub

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 22 October 2016 - 05:56 PM

The other half has a desktop running 7 Home. Pretty sure he has SP1. He got a pop-up from (he says) Malwarebytes Anti-Malware about an update, so he clicked on it. I checked on his computer and it was running a windows update. I cancelled it. It looked like it was adding extra crap like Windows Life Cam, which he doesn't want. (Big icon for Cam on desktop)

I'd turned off all notifications from Windows when MS started with the auto update to 10.
Whatever this was, it turned notices from security on again.

I saw a post elsewhere about getting updates from Windows itself and not every Tom, Dick and Harry.

Told the other half that.

 

How much extra does that bundled update include? Does it include stuff like Windows Life Cam?

Can you still remove any apps like Life Cam through the Programs and features in the control panel?

 

He also prefers to use ESET rather than the Windows AV. What's the easiest way to make sure he can use ESET and it doesn't get knocked out by the update?

 

Thanks


Edited by hamluis, 24 October 2016 - 07:48 AM.
Moved from Win 7 to AV/AM Software - Hamluis.


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,486 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:01 AM

Posted 23 October 2016 - 09:39 AM

Stopping a Windows update can cause problems with the operating system.  You would be better off allowing the update to be installed and then uninstall it.

 

I have no idea what "bundled update" you are referring to.  There is a Windows 7 Cumulative update, is this what you are referring to?  If you want to know more about this update you can read more about it here.

 

Once again you have been unspecific about exactly what you are referring to.  In this case the Windows AV.  This being Windows 7 I would hazard to guess you are referring to Microsoft Security Essentials.  If this in the case, open the Control Panel, select Programs and Features, find Security Essentials, right click on it and select uninstall.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 Zuben el genub

Zuben el genub
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 23 October 2016 - 05:00 PM

He swears he clicked on a notice in MBAM anti-exploit. As far as I know, updating Windows is not a part of MBAM's service.

And if someone spoofed MBAM as far as an update, we didn't want it. We'll get our updates from Windows itself, not another app.

I also had all notices turned off while Windows was trying to install 10 on every computer it could find. Whatever this was, turned all services back on. It also looked like it was installing some junk from the new icons on the desktop.

 

He's been mistaken before, and I get to clean it up if I can. If not, it goes to a tech.

 

By cumulative, does an official update include an install of things like Windows life cam, Skype, etc?. I read you can no longer go through the updates and choose which updates you actually want,. I'm assuming general, immediate and critical. You used to be able to just get the critical updates. MS is doing 7 and 8 like 10. All or nothing.

 

Since Windows is now using the W10 model for everything, that's why I asked if you can still uninstall parts of Windows you don't want, like the AV, Paint, et al. through the control panel.

 

I have the same version of MBAM anti-exploit. I didn't get a notice from them.



#4 MoxieMomma

MoxieMomma

  • Members
  • 471 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 23 October 2016 - 06:02 PM

Hi:

 

For the record, no Malwarebytes software application (neither MBAM nor MBAE nor MBAR-beta nor MBARW-beta nor any of their other tools) has anything to do with Windows Update on any version of Windows.

 

A screen shot (or at least the EXACT wording) of the message you report would be most helpful in trying to figure out what is going on (or protection logs from MBAM, MBAE or both).

 

Perhaps it could be a prompt by the MBAM or MBAE internal auto-updater to update the program?

Or perhaps it could be some sort of fake malware scam on a website, or the system could be infected, or any of a number of other possibilities exist....

 

But, to be clear, neither MBAM nor MBAE nor any other Malwarebytes software application will prompt a computer user about MS/Windows updates.

 

Cheers,

 

MM


Edited by MoxieMomma, 23 October 2016 - 06:03 PM.


#5 Zuben el genub

Zuben el genub
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 24 October 2016 - 06:26 AM

I did check the log of MBAM. It said nothing. Had it been an actual spoof, it should have attacked me first as it is my account.

 

He's done this before. He downloaded something he thought was from ESET and it wasn't. He doesn't click on random crap. I laid down the law a couple of years ago.

 

He said the icon for MBAM Anti exploit had popped up and that's what he thought he was updating. When he mentioned it was taking too long, I looked and there was an icon on the desktop for Windows Life Cam. I didn't think that should come in with a legitimate update from Windows, so I cancelled the whole shebang.

 

I had also turned off any communication with Windows while the W10 nonsense was going on. It should have still been OFF! This turned everything back on. He does use the Windows firewall, but I checked no updates.

 

I see that there is an app in another security forum that will clean the 10 stuff out of the registry totally. I'm thinking of doing that, and then someone will have to tell me how to make sure he is getting the right downloads for 7 home.

 

I want him to get the updates and we would get them from MS itself, not some random app that shows up on the computer. He's used to having a real IT department secure his computer. He will not read any security posts to check on anything.



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:01 PM

Posted 24 October 2016 - 03:53 PM

And to be clear...neither Malwarebytes Anti-Exploit or any other Malwarebytes program bundles other software.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 MoxieMomma

MoxieMomma

  • Members
  • 471 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 25 October 2016 - 02:56 AM

Hi:

 

@quietman7 is absolutely correct -- there is NOTHING bundled with any Malwarebytes product, ever (assuming that the installer was obtained from the vendor's own site or from one of a handful of reputable, approved, third-party hosting sites).

 

Without seeing a screen shot of the actual message or some basic diagnostic information from the computer in question, we can only speculate about the behavior you report, second-hand, on a computer that belongs to someone else. 

As we are not in front of that computer, we cannot know what was or is happening...

 

I am also a bit confused by the term "MBAM Anti-Exploit".

Malwarebytes Anti-Malware (MBAM) is one program.  Malwarebytes Anti-Exploit (MBAE) is an entirely separate application.

It's not clear if the problem you describe relates to MBAM or to MBAE.

 

If you would like further help with this, I suggest the following for the affected computer:

  • Download from HERE and save to the desktop the version of FRST that corresponds to the architecture (32-bit or 64-bit)
  • Temporarily pause your AV's realtime protection
  • Run the FRST tool
  • ATTACH BOTH resultant logs (FRST.txt and Addition.txt) to a new, separate post here: http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
  • Wait for someone to review the logs and advise you further (additional information, such as MBAM Protection logs, MBAE logs, etc. may also be requested)

Alternatively, you could instead attach those same two logs to a new, separate post in either the MBAM Help Forum OR the MBAE Help Forum, depending on which of the two programs is causing the problem.

 

As far as the "GWX" patches for a Win7 computer, there is no need any longer to use a 3rd-party application to block the Win10 updates.  The free upgrade offer ended a few months ago.  And MS has issued its own patch to remove the "GWX" software from Win7/8/8.1 systems.  You may get that update here:  KB3184143

 

If you are having other, unrelated problems with Windows Update on the affected system (unrelated to MBAM or MBAE), that will require a slightly different approach.

But it will still necessitate posting some data (diagnostic logs, screenshots, etc.) in order for anyone to better assist you.

 

Thanks,

 

MM


Edited by MoxieMomma, 25 October 2016 - 02:57 AM.


#8 Zuben el genub

Zuben el genub
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 25 October 2016 - 08:27 AM

I meant MBAE. It isn't easy to keep things straight early in the AM with a cat on your lap. I do know that the Malwarebytes wouldn't include anything like that in their programs. I wanted to check on a spoof.

 

He didn't ask on the original screen - just assumed it was MBAE since that was the logo he saw pop up. He's been mistaken before and won't admit it.

 

I'm going to print out your instructions and see what I can do.

 

He wants to do other things this AM, so I think I'll have him run a good check with ESET.

 

Then I'll try to argue him into doing your diagnostics. They sound good to me. I've done similar with rooted Androids.

 

If everything is clean, I'll tell him to go to MS and get the download first for removing get W10, then update


Edited by Zuben el genub, 25 October 2016 - 08:28 AM.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:01 PM

Posted 25 October 2016 - 08:41 AM

If some type of malware were pretending to be a Malwarebytes Anti-Exploit update (as we have seen with fake Adobe, Windows updates) there would have been reports of it and warnings issued by the Malwarebytes Team. In the past (2014) there were at least two rogues that used part of or all of the Malwarebytes name including this Fake and Bundled Malwarebytes Anti-Malware 2.0.

I am not aware of any such reports involving Malwarebytes Anti-Exploit.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,486 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:01 AM

Posted 25 October 2016 - 08:43 AM

@MoxieMomma

 

FRST is only used in the Virus, Trojan, Spyware, and Malware Removal Logs forum.  Only members of the Malware Removal Team can respond to topics in this forum.  If you would like to peruse a list of the tools which are not allowed in the Am I Infected forum you can find one here.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#11 MoxieMomma

MoxieMomma

  • Members
  • 471 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 25 October 2016 - 11:59 AM

@MoxieMomma
 
FRST is only used in the Virus, Trojan, Spyware, and Malware Removal Logs forum.  Only members of the Malware Removal Team can respond to topics in this forum.  If you would like to peruse a list of the tools which are not allowed in the Am I Infected forum you can find one here.


Indeed.
Oversight on my part in the wee hours.
Sorry about that.

MM

#12 Zuben el genub

Zuben el genub
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 27 October 2016 - 11:20 AM

Took some time, but I have half of it sorted out.

 

The other half does not pay attention to what he is looking at. It wasn't MBAE, it was a Windows Update shield.

 

Ist question - how long does it take for the windows patch to remove anything involving W10 to work? I removed some of the bits that would install it from the registry. He tried it and fussed since it was taking longer than he wanted. He wanted no part of 10.

 

2nd. What is in the new downloads? Only security type patches? Why would a security type patch want to install Windows LIfe         Cam?

        He doesn't use Office, or most of the Windows offerings. He does have Skype and Paint. IE is there, but he doesn't use it.

 

3rd. I don't trust the link in his computer - can someone give me the site for updating W7 home manually?

 

       The computer did download security essentials on 10/25 with no extras attached.

       

We did a full scan with ESET, and nothing turned up. Neither did MBAE have any crap.

 

Sorry about the confusion.

 

Thanks



#13 MoxieMomma

MoxieMomma

  • Members
  • 471 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 27 October 2016 - 11:53 AM

Hi:
 
Glad you got it sorted.
 
1:   KB3184143 is just a quick Windows update patch to install.  It may require a reboot, but I would not expect it to take very long.

 

2: Not sure what you mean.  For most users, Windows Update is configured via the built-in Windows Update "applet" accessible from the Control Panel ("Start" > "Control Panel") (or directly from the Start Menu, if the user has pinned it there).  Many advanced users prefer to set it to "Check for updates but let me choose".  However, if the system is way behind on patches and if you do not plan to research each available patch before installing it, it might be better to let it notify you when needed patches are available.

 

Perhaps check here for some basic info:

http://www.sevenforums.com/tutorials/2797-windows-update-settings-change.html

 

3: There is no one "link" to update Windows manually.  The vast majority of the time, Windows Updates are handled via the built-in Windows Update applet.  Occasionally, one might need to download and install an individual patch or two from the Windows Update Center, on a case-by-case basis.  But it would be very cumbersome, time-consuming and unnecessary to do that most of the time.

 

Hope this helps,

 

MM

 

P.S. You wrote:

 

Neither did MBAE have any crap.

 

I'm not sure what that means?  MBAE is not a scanner.  It provides real-time anti-exploit protection for browsers (Free version) and other applications (Free and Premium). But there is no scanning function.  So, unless you are referring to the MBAE protection logs (accessed via the "logs" tab of the GUI), I'm not quite sure what you mean?  Please let us know if you need more help with that.



#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:01 PM

Posted 27 October 2016 - 12:01 PM


For any specific questions or issues with Windows Update, you should start a new topic in the applicable Windows Operating Systems forum for your system. This forum is only for questions and issues related to Anti-Virus, Anti-Malware, and Privacy Software.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users