Open kienankb opened 7 years ago
Also I am experiencing this issue on Windows 10. Log report ID: b1c7a973c546f07d8a9bdf1c
CC @zanderz
@quonic seesms like you have permissions problems:
24 2017-05-11T22:26:54.863037-05:00 - [DEBU keybase util.go:183] 018 | Temporary file generated: C:\Users\spyin\AppData\Local\Keybase\keybased.info.GAIGVMATIOJ2CKJJUGFW7FOB3DNQ3FGA
25 2017-05-11T22:26:54.864038-05:00 - [ERRO keybase standard.go:230] 019 Error renaming file C:\Users\spyin\AppData\Local\Keybase\keybased.info.GAIGVMATIOJ2CKJJUGFW7FOB3DNQ3FGA: rename C:\Users\spyin\AppData\Local\Keybase\keybased.info.GAIGVMATIOJ2CKJJUGFW7F
I also have this issue. log ID: 93f5a61e3bb63eff4a6a1f1c
Also, these errors appeared when submitting the logs:
edit: It is because of BitDefender that detects runquiet.exe as a Trojan...
On-Access scanning has detected a threat. The file has been deleted.C:\Users\magan\AppData\Local\Keybase\runquiet.exe is malware of type Gen:Trojan.Heur.JP.WX2@aWdsoIni
@maxtaco That folder is set for full control for my user account that this is running under.
I've tried uninstalling, removing the Keybase folders, and reinstalling, but that hasn't change anything.
From what Procmon is saying is that ReplaceIfExists call get's the Access Denied.
9:54:19.3680046 AM keybase.exe 29844 CreateFile C:\Users\spyin\AppData\Local\Keybase\keybased.info.AFQHGQ7XKVPSQEYIJI3CHFL2ZGRPAVB6 SUCCESS Desired Access: Generic Write, Read Attributes, Disposition: Create, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Created
9:54:19.3682678 AM keybase.exe 29844 WriteFile C:\Users\spyin\AppData\Local\Keybase\keybase.service.log SUCCESS Offset: -1, Length: 178
9:54:19.3682920 AM keybase.exe 29844 WriteFile C:\Users\spyin\AppData\Local\Keybase\keybased.info.AFQHGQ7XKVPSQEYIJI3CHFL2ZGRPAVB6 SUCCESS Offset: 0, Length: 64, Priority: Normal
9:54:19.3683382 AM keybase.exe 29844 CloseFile C:\Users\spyin\AppData\Local\Keybase\keybased.info.AFQHGQ7XKVPSQEYIJI3CHFL2ZGRPAVB6 SUCCESS
9:54:19.3684118 AM keybase.exe 29844 WriteFile C:\Users\spyin\AppData\Local\Keybase\keybased.info.AFQHGQ7XKVPSQEYIJI3CHFL2ZGRPAVB6 SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal
9:54:19.3686826 AM keybase.exe 29844 CreateFile C:\Users\spyin\AppData\Local\Keybase\keybased.info.AFQHGQ7XKVPSQEYIJI3CHFL2ZGRPAVB6 SUCCESS Desired Access: Read Attributes, Delete, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
9:54:19.3687511 AM keybase.exe 29844 QueryAttributeTagFile C:\Users\spyin\AppData\Local\Keybase\keybased.info.AFQHGQ7XKVPSQEYIJI3CHFL2ZGRPAVB6 SUCCESS Attributes: A, ReparseTag: 0x0
9:54:19.3687717 AM keybase.exe 29844 QueryBasicInformationFile C:\Users\spyin\AppData\Local\Keybase\keybased.info.AFQHGQ7XKVPSQEYIJI3CHFL2ZGRPAVB6 SUCCESS CreationTime: 5/12/2017 9:54:19 AM, LastAccessTime: 5/12/2017 9:54:19 AM, LastWriteTime: 5/12/2017 9:54:19 AM, ChangeTime: 5/12/2017 9:54:19 AM, FileAttributes: A
9:54:19.3688662 AM keybase.exe 29844 CreateFile C:\Users\spyin\AppData\Local\Keybase SUCCESS Desired Access: Write Data/Add File, Synchronize, Disposition: Open, Options: , Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
9:54:19.3690760 AM keybase.exe 29844 SetRenameInformationFile C:\Users\spyin\AppData\Local\Keybase\keybased.info.AFQHGQ7XKVPSQEYIJI3CHFL2ZGRPAVB6 ACCESS DENIED ReplaceIfExists: True, FileName: C:\Users\spyin\AppData\Local\Keybase\keybased.info
9:54:19.3692812 AM keybase.exe 29844 CreateFile C:\Users\spyin\AppData\Local\Keybase\keybased.info SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Non-Directory File, Attributes: n/a, ShareMode: None, AllocationSize: n/a, OpenResult: Opened
9:54:19.3693326 AM keybase.exe 29844 QueryFileInternalInformationFile C:\Users\spyin\AppData\Local\Keybase\keybased.info SUCCESS IndexNumber: 0x214000000017627
9:54:19.3693476 AM keybase.exe 29844 CloseFile C:\Users\spyin\AppData\Local\Keybase\keybased.info SUCCESS
9:54:19.3694195 AM keybase.exe 29844 CloseFile C:\Users\spyin\AppData\Local\Keybase SUCCESS
9:54:19.3694612 AM keybase.exe 29844 CloseFile C:\Users\spyin\AppData\Local\Keybase\keybased.info.AFQHGQ7XKVPSQEYIJI3CHFL2ZGRPAVB6 SUCCESS
cc: @zanderz for the follow up. Might be an issue of virus protection
@quonic We've seen this kind of thing when an AV is monitoring file access, though I'd have expected it would show up in ProcMon. Do you have one?
@zanderz MalwareBytes doesn't appear do be doing anything other than opening the Keybase folder and closing it, but doesn't seem to touch the files. I've also excluded the Keybase folders in MB and that hasn't changed anything.
@kienankb Your logs show that everything installed, but for some reason the services are not running. Can you check that:
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
contains a link called KeybaseStartup
?@quonic An AV could, in theory, still cause a delay during file access while it checks its whitelist. Is it possible to disable it completely for a brief test?
@zanderz I've turned off MB's protections, but that didn't change anything that I can tell. Excluding the keybase folder from MB, Procmon doesn't show MB doing anything with Keybase.
@zanderz I did mess around with the startup settings a bit and Keybase started on boot and seems to be working! Thanks so much for the help.
Good news, @kienankb , thanks. Are there particular settings that helped? Maybe they could help someone else.
@vb4life We have renamed runquiet.exe
to keybaserq.exe
and have been submitting it to AV vendors as a false positive, but there is little else we can do except urge our users to do the same with their AV vendors. Hopefully you can add an exception for our utilities.
@zanderz Turns out I'd disabled Keybase in Task Manager's startup tab. Re-enabling both entries for Keybase fixed the issue.
@zanderz it works if i keybase ctl watchdog
or keybase ctl watchdog2
from the Keybase Shell, so I'll manage for now. It works from my home computer, since I don't use BitDefender there.
Keybase is enabled in Task Manager, both files are present in Startup folder, %localappdata%\Keybase
is whitelisted in MBAM, keybase ctl watchdog(2)
both fail, KBFS isn't present as a drive, GUI won't load, gives a connectivity error, clean reinstall still didn't help. Help anyone? @zanderz
Log ID: 010c9e5056e5cb8881676a1c
Seems to be working for me now, but can't tell you why. Had the stuck on loading screen issue after first install. Rebooted, still no love, so I reinstalled. I checked Task Manager and didn't see it in the Startup tab, so I checked %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup and there were two lnks: GUISTartup and KeybaseStartup. I double-clicked the GUIStartup option and the app popped right up with a login screen. Logged in, and it's been working since including after a reboot.
Neither option is showing up in the Startup tab in Task Manager, though.
@QuibblingAsh42 On my end they are called "Keybase quiet start utility" on the Start Up tab. Moving the GUIStartup and KeybaseStarup links outside then inside the folder makes them disappear and reappear after a few secs. Also in my case, the first entry is for the GUI (which I disabled) and the second one is for the service (which I enabled).
@zanderz it seems that most AV vendors have whitelisted the file now. https://www.virustotal.com/en/file/1bf95ea81e25ee011d275ec1188bb6f6af5c01bcc4dc326244fe2cd2e90333d2/analysis/1494943091/
I reinstalled, and everything is golden :)
Launching Keybase brings up the GUI window but it never moves past "loading...". Sometimes status tray window displays "logged-in" interface, other times it doesn't; KBFS is inaccessible and unusuable. Error reported is that keybased.sock doesn't exist (and it doesn't); system PATH and environment variables don't seem to be different from a working Win10 installation in a way that would break Keybase. Log report ID: 10e8828c05267710cdc5191c