Serious Discussion Malwarebytes installs KB4474419 without asking permission

gorblimey

Level 3
Thread author
Verified
Aug 30, 2017
101
On 23 April 2024 I ran Malwarebytes mbam.exe v3.1.0.1731 (the freebie version) on the monthly scan of my system.

I am using Win7x64 SPI Rollup 1 Build 7601 on a Sandy Bridge CPU.

I always run Mbam in Admin, and my first action is to force an update before running the scan which is always the "Threat Scan". The scan completed successfully, no malware found, but before I could do anything further i got a message that an update had failed. Long story short, Mbam had tried to install Microsoft KB4474419 which was supposed to give Win7 the ability to use SHA-2 for code-signing purposes. I have uploaded the relevant log file, check the final entries. If necessary I can upload the other two logs form Program Data\Malwarebytes.

My problem is that -- for whatever reason, it doesn't matter -- Malwarebytes broke the First Rule of civilised behaviour: Thou shalt not install someone else's software without permission.

I have just managed to uninstall the KB through Programs and Features, the first time I tried this failed, apparently some files were missing? Of course, give that Mbam thinks it failed to install the unwanted program, there may well be files hanging around polluting the system. i do not have the knowledge to see what the true scope of the disaster really is.

There is no way on the Malwarebytes website to immediately contact a human. But I need my machine cleaned. I must also make the point that when a supposedly reliable anti=malware entity acts like a piece of malware, then that entity IS malware. How can I or anybody else now trust Malwarebytes?

Edit: Oops. Forgot upload :(
 

Attachments

  • mbupdatr 2024-04-23.log
    4 KB · Views: 63
  • Like
Reactions: Dave Russo

gorblimey

Level 3
Thread author
Verified
Aug 30, 2017
101
I'm sure that you realize you are running a very outdated version of Malwarebytes.

Thank you for responding. That is one of the very confusing bits of this mess. I know the version is about a century out of date, but Mbam has never actually updated it that I can remember, in spite of the fact that every time I exhume it for a scan (every second month, with EEK in between) I automatically -- manually -- tell it to update, then let it scan. It does update the signatures, but I had always assumed that being the only update button I can see, it would update the app as well. Expecting too much maybe?

I did think about creating an account on Mbam site, but this one I want out in the open.

Just for the record, now that I know about the SHA-2 thing, I would download the KB myself, where I would be able to see if any prerequisites need to be installed first. I have a shrewd suspicion that that is the root of the failure. Yes my box and OS make legacy look very youthful, but I've seen nothing later than 7 that was or is any better than XP, probably Microsoft's worst disaster. (I went from W2K straight to 7. W2K was a dream come true!)
 
  • Like
Reactions: Dave Russo

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top