Malwarebytes Anti-Malware 1.75.0.1300

As an FYI, all hell is breaking loose with an update:

http://forums.malwarebytes.org/index.php?showtopic=125129

It's flagging literally everything as "Trojan.Downloader.ED", critical system files, even killing MBAM itself to where it acts like it's no longer installed. I just got hit by it while surfing. Avast did a full scan, called it all clean, then I ran across that thread. There's at least 3 going at the forums, it's bad, lol. My Chrome, IE, nothing would work until I physically killed every MBAM process still alive, reinstalled it, and tried again. Meanwhile, I have hundreds of Windows related and other files just sitting in quarantine.

 

Confirming,

Just quarantined my system32 folder including itself.
Disable mbam asap or suffer this worthless nonsense.

 

A new update fixed the FPs, but some are reporting that MBAM is not restoring the files when "Restore" or "Restore All" is selected. My personal experience was that it still listed them as quarantined, but going through the logs manually and copying file names into Windows showed the files returned to their proper location. I selected "Delete All" before I ran across this new complaint, but it appears thus far I managed to avoid a disaster.

By the way, when this flagging was happening, MBAM could not be shut down via the system tray. So, if you're still going through this, kill the processes left alive through Task Manager. Some folks can't even get their systems booted now to fix the damage.

Edit: *sigh* I'm missing a few files, system files. Damnit MBAM.

 

We are working on picking up the pieces now from this. This was a failure in the engine to ignore a bad line in the database . To make backwards compatibility work MBAM is supposed to ignore anything that is not in the engine specs and this should have qualified but it didn't. This was a serious multiple level failure that should not have been possible. Support is working on figuring out the best way to restore the systems affected.

 

Like I wrote on MBAM's forum, this has left a very bitter taste in my mouth.
This kind of mistake is IMHO not acceptable from a security software company as serious as Malwarebytes. (and I own two licenses)
I'm going to uninstall it from my PC and my wife's and get something else.
(and this was just after the other problem with the IP block databases making PCs crawl down to almost a halt)

 

My Pro config is where "automatically quarantine" is disabled and after hitting the Quarantine dialogue six times I kicked into "that ain't right" mode.

No harm done to my system. Others weren't so fortunate, automatically.

 

Please see here for assistance with any issues you are having.

http://forums.malwarebytes.org/index.php?showtopic=125137

 

Wow, I have a couple of licences for MBAM Pro, but am seriously thinking of uninstalling and looking for something else. Something like this these days is just unacceptable...

 

Glad I saw this. I have MBAM Pro on both machines. I just disabled them so they will not start with Windows.
I feel sure it will be fixed in a day or so, but for those who have suffered real computer problems it will be a larger problem.

I hope the systems can be repaired OK. I assume that one can go back to a previous image.

Jerry

 

they can go on safe mode and from malwarebytes console restore all the files from quarentine and put them but to the system
note:i hope my emsisoft behave properly,i dont want this to happen to me,it looks like a nasty malware destrying the systems like

 

I know it doesnt help much but the database that was affected was only out for less than 15 mins before it was caught. This is not in the current database. Our support is more than willing to help all that are affected. We are putting together a war team to prevent this from happening again.

 

thanks

 

I am going to wait a few days before I reset mine to start with Windows, and am going to leave it off for awhile.
Jerry

 

that is a good idea to restore/image system files and registry back up in real time in case of disasters

 

Dodged a bullet perhaps as my computers were shut down at the time in question and my quarantine is empty. MBAM will remain installed as my overall faith remains strong.

 

man you are lucky you didnt get hammer man

 

Yes. I don't believe in leaving my computers on when I'm not sitting in front of them.

 

Thanks The hammer for the comment. We are working trying to fix all the damage done from this and also have dev working on some tools to help repair this. We are also going to invest heavily into solutions to prevent this from happening again. Its basically all hands on deck at the moment.

 

Time will tell whether my system is okay or not. I'm missing a few system files, but they don't seem to be messing anything up by being gone. I'm only reloading my OS if I absolutely have to. It's not the fault of MBAM that I didn't have a backup handy, but good Lord I hope this won't happen again.

 

did u try an sfc /scannow ?

 

Yep and it came up okay. However, I went through random files in the MBAM logs and searched for the files it had quarantined. Most were back in place, some were gone. I know a few were Windows files, "ntdll.dll" and "GdiPlus.dll" being examples. It quarantined a LOT of files though, so I couldn't search for them all. As I said though, the system is usable and not tossing errors up at this time.

 

Do you guys test each database update before releasing it?
If not, you should start from now on....

 

We do. And with the other safeguards we have this should of not happened. It did and we are going through all the multiple level failures that occured and what we need to do to prevent this from happening again.

 

Thanks, Rich!
This incident will not change my mind about the quality of MBAM.....
It did happen before and it will happen again to others too.
Nothing is perfect.

 

Thanks siketa. We all feel extemely bad about this and are taking it very seriously.