Malwarebytes pushed out a protection update that gobbled up memory and CPU resources and turned off web protection. The first fix still left users with unusable or crashing computers, but the latest release resolved the issue. A neighbor called me, seeking help with his computer. He’s not technically inclined, so his explanation didn’t immediately make much sense: He wasn’t certain if he was even connected to the Internet, but his browser kept crashing. He was having a hard time giving me answers, as his laptop was nearly unresponsive. When asked if he had run a Malwarebytes scan, he mentioned that web protection was turned off and he couldn’t get it to turn back on. Little did I expect for the problem to actually be caused by Malwarebytes.On Saturday, after Malwarebytes pushed an update to consumers with Premium and Premium Trial, as well as enterprise Endpoint Security users, the company’s forums lit with complaints that the software was hogging 90 percent or more of memory and CPU resources. One post about RAM usage currently is 37 pages long.Aware of the problem, Malwarebytes tweeted that “all hands” were on deck to resolve the issue.Please note that we are aware of the current update issues and the complete Malwarebytes team is all hands on deck to fix this ASAP. Thank you for your patience and understanding. https://t.co/TLtSG1TIQv— Malwarebytes (@Malwarebytes) January 27, 2018Unfortunately, even though a new update package was pushed out in about an hour, it did not fix the problem. Even after rebooting their computers, some users reported that their systems locked up as soon as the Malwarebytes Service process started, as it ate large amounts of RAM. Malwarebytes pushed out a second update to address the memory leak issue.What caused the problem?Malwarebytes CEO Marcin Kleczynski explained, “Earlier this morning, we published a protection update that caused connection issues for many of our customers. As a side effect of the web protection blocks, the product also spiked memory usage and possibly caused a crash. We have triaged this issue and pushed a protection update that resolves it.” “The root cause of the issue was a malformed protection update that the client couldn’t process correctly,” Kleczynski added. “We have pushed upwards of 20,000 of these protection updates routinely. We test every single one before it goes out. We pride ourselves on the safety and accuracy of our detection engines. To say I am heartbroken is an understatement.”If the update didn’t automatically fix the problem, then he suggested shutting down web protection, checking for updates and rebooting the computer. If the update package version is 1.0.3803 or higher, then you have a database which addressed the issue.To resolve, simply reboot your machine. In some cases, a second or even third reboot may be needed.To verify you have this update, go to Settings -> About -> Update package version: 1.0.3803Kleczynski was “personally available” to discuss the problem on both the forums and via his email. Endpoint Security solution customers can contact corporate-support@malwarebytes.com if they are still experiencing an issue.Malwarebytes apologized several times on its forums and on Twitter.If you’re experiencing any issues w/ your #Malwarebytes, pls follow the steps in this blog. All our updates go through rigorous internal testing, note our team is investigating what happened & will inform you. We’re sorry for any inconvenience this caused: https://t.co/17Ycwp752c pic.twitter.com/kcmijP77sG— Malwarebytes (@Malwarebytes) January 28, 2018The company is investigating what happened and also posted the steps to resolve the issue in a blog post. It has steps for consumers, as well as for users with Malwarebytes Endpoint Security on-premises and cloud protection.Getting your computer or business back up and running is our utmost priority, as is rebuilding your trust.More on antivirus and antimalware The best antivirus software? Kaspersky, Symantec and Trend Micro lead in latest testsLinux antivirus and anti malware: 8 top toolsBest Android antivirus? The top 12 toolsMalware detection in 9 easy steps Review: Minerva protects endpoints with trickery and deception Related content news Dow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server. By Ms. Smith Feb 28, 2019 4 mins Data Breach Hacking Security news Ransomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently. By Ms. Smith Feb 27, 2019 4 mins Ransomware Security news Bare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks. By Ms. Smith Feb 26, 2019 3 mins Cloud Computing Security news Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VR By Ms. Smith Feb 21, 2019 4 mins Hacking Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe