Jump to content

Protection Logs Have Repeated Errors


Recommended Posts

MBAM Premium protection logs show repeated errors during the last two months dating back to 7/8/2015.  Here's the latest protection log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Error, 9/1/2015 1:12 PM, SYSTEM, TOM-HP, Update, Bad md5 or size: akadomains, 11,
Error, 9/1/2015 1:12 PM, SYSTEM, TOM-HP, Scheduler, 5,
Update, 9/1/2015 1:12 PM, SYSTEM, TOM-HP, Scheduler, AKA Domain Database, Failed, Unable to access update server, 2015.8.31.3, 2015.9.1.1,
Error, 9/1/2015 1:12 PM, SYSTEM, TOM-HP, Scheduler, 5,
Update, 9/1/2015 1:12 PM, SYSTEM, TOM-HP, Scheduler, AKA IP Database, Failed, Unable to access update server, 2015.8.29.1, 2015.9.1.3,
Update, 9/1/2015 1:12 PM, SYSTEM, TOM-HP, Scheduler, Malware Database, 2015.9.1.1, 2015.9.1.5,
Protection, 9/1/2015 1:12 PM, SYSTEM, TOM-HP, Protection, Refresh, Starting,
Protection, 9/1/2015 1:12 PM, SYSTEM, TOM-HP, Protection, Refresh, Success,
Error, 9/1/2015 2:45 PM, SYSTEM, TOM-HP, Update, Bad md5 or size: akadomains, 11,
Error, 9/1/2015 2:45 PM, SYSTEM, TOM-HP, Update, Bad md5 or size: akaips, 11,
Error, 9/1/2015 2:45 PM, SYSTEM, TOM-HP, Scheduler, 5,
Update, 9/1/2015 2:45 PM, SYSTEM, TOM-HP, Scheduler, AKA IP Database, Failed, Unable to access update server, 2015.9.1.3, 2015.9.1.3,
Error, 9/1/2015 2:45 PM, SYSTEM, TOM-HP, Scheduler, 5,
Update, 9/1/2015 2:45 PM, SYSTEM, TOM-HP, Scheduler, AKA Domain Database, Failed, Unable to access update server, 2015.9.1.1, 2015.9.1.1,
Error, 9/1/2015 3:05 PM, SYSTEM, TOM-HP, Update, Bad md5 or size: akadomains, 11,
Error, 9/1/2015 3:05 PM, SYSTEM, TOM-HP, Update, Bad md5 or size: akaips, 11,
Error, 9/1/2015 3:05 PM, SYSTEM, TOM-HP, Scheduler, 5,
Update, 9/1/2015 3:05 PM, SYSTEM, TOM-HP, Scheduler, AKA Domain Database, Failed, Unable to access update server, 2015.9.1.1, 2015.9.1.1,
Error, 9/1/2015 3:05 PM, SYSTEM, TOM-HP, Scheduler, 5,
Update, 9/1/2015 3:05 PM, SYSTEM, TOM-HP, Scheduler, AKA IP Database, Failed, Unable to access update server, 2015.9.1.3, 2015.9.1.3,
Error, 9/1/2015 4:58 PM, SYSTEM, TOM-HP, Update, Bad md5 or size: akadomains, 11,
Error, 9/1/2015 4:58 PM, SYSTEM, TOM-HP, Update, Bad md5 or size: akaips, 11,
Error, 9/1/2015 4:58 PM, SYSTEM, TOM-HP, Scheduler, 5,
Update, 9/1/2015 4:58 PM, SYSTEM, TOM-HP, Scheduler, AKA Domain Database, Failed, Unable to access update server, 2015.9.1.1, 2015.9.1.1,
Update, 9/1/2015 4:58 PM, SYSTEM, TOM-HP, Scheduler, AKA IP Database, Failed, Unable to access update server, 2015.9.1.3, 2015.9.1.3,
Update, 9/1/2015 4:58 PM, SYSTEM, TOM-HP, Scheduler, Malware Database, 2015.9.1.5, 2015.9.1.6,
Protection, 9/1/2015 4:58 PM, SYSTEM, TOM-HP, Protection, Refresh, Starting,
Protection, 9/1/2015 4:58 PM, SYSTEM, TOM-HP, Protection, Refresh, Success,
Error, 9/1/2015 5:14 PM, SYSTEM, TOM-HP, Update, Bad md5 or size: akadomains, 11,
Error, 9/1/2015 5:14 PM, SYSTEM, TOM-HP, Update, Bad md5 or size: akaips, 11,
Error, 9/1/2015 5:14 PM, SYSTEM, TOM-HP, Scheduler, 5,
Update, 9/1/2015 5:14 PM, SYSTEM, TOM-HP, Scheduler, AKA IP Database, Failed, Unable to access update server, 2015.9.1.3, 2015.9.1.3,
Error, 9/1/2015 5:14 PM, SYSTEM, TOM-HP, Scheduler, 5,
Update, 9/1/2015 5:14 PM, SYSTEM, TOM-HP, Scheduler, AKA Domain Database, Failed, Unable to access update server, 2015.9.1.1, 2015.9.1.1,
Update, 9/1/2015 5:15 PM, SYSTEM, TOM-HP, Scheduler, Malware Database, 2015.9.1.6, 2015.9.1.7,
Protection, 9/1/2015 5:15 PM, SYSTEM, TOM-HP, Protection, Refresh, Starting,
Protection, 9/1/2015 5:15 PM, SYSTEM, TOM-HP, Protection, Refresh, Success,
Error, 9/1/2015 5:50 PM, SYSTEM, TOM-HP, Update, Bad md5 or size: akadomains, 11,
Error, 9/1/2015 5:50 PM, SYSTEM, TOM-HP, Update, Bad md5 or size: akaips, 11,
Error, 9/1/2015 5:50 PM, SYSTEM, TOM-HP, Manual, 5,
Update, 9/1/2015 5:50 PM, SYSTEM, TOM-HP, Manual, AKA IP Database, Failed, Unable to access update server, 2015.9.1.3, 2015.9.1.3,
Error, 9/1/2015 5:50 PM, SYSTEM, TOM-HP, Manual, 5,
Update, 9/1/2015 5:50 PM, SYSTEM, TOM-HP, Manual, AKA Domain Database, Failed, Unable to access update server, 2015.9.1.1, 2015.9.1.1,
Scan, 9/1/2015 6:04 PM, SYSTEM, TOM-HP, Scheduler, Start:9/1/2015 5:50 PM, Duration:14 min 12 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Error, 9/1/2015 6:10 PM, SYSTEM, TOM-HP, Update, Bad md5 or size: akadomains, 11,
Error, 9/1/2015 6:10 PM, SYSTEM, TOM-HP, Update, Bad md5 or size: akaips, 11,
Error, 9/1/2015 6:10 PM, SYSTEM, TOM-HP, Manual, 5,
Update, 9/1/2015 6:10 PM, SYSTEM, TOM-HP, Manual, AKA IP Database, Failed, Unable to access update server, 2015.9.1.3, 2015.9.1.3,
Error, 9/1/2015 6:10 PM, SYSTEM, TOM-HP, Manual, 5,
Update, 9/1/2015 6:10 PM, SYSTEM, TOM-HP, Manual, AKA Domain Database, Failed, Unable to access update server, 2015.9.1.1, 2015.9.1.1,
Scan, 9/1/2015 6:18 PM, SYSTEM, TOM-HP, Scheduler, Start:9/1/2015 6:10 PM, Duration:8 min 33 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Error, 9/1/2015 7:06 PM, SYSTEM, TOM-HP, Update, Bad md5 or size: akadomains, 11,
Error, 9/1/2015 7:06 PM, SYSTEM, TOM-HP, Update, Bad md5 or size: akaips, 11,
Error, 9/1/2015 7:06 PM, SYSTEM, TOM-HP, Scheduler, 5,
Update, 9/1/2015 7:06 PM, SYSTEM, TOM-HP, Scheduler, AKA IP Database, Failed, Unable to access update server, 2015.9.1.3, 2015.9.1.3,
Error, 9/1/2015 7:06 PM, SYSTEM, TOM-HP, Scheduler, 5,
Update, 9/1/2015 7:06 PM, SYSTEM, TOM-HP, Scheduler, AKA Domain Database, Failed, Unable to access update server, 2015.9.1.1, 2015.9.1.1,
Error, 9/1/2015 8:47 PM, SYSTEM, TOM-HP, Update, Bad md5 or size: akadomains, 11,
Error, 9/1/2015 8:47 PM, SYSTEM, TOM-HP, Update, Bad md5 or size: akaips, 11,
Error, 9/1/2015 8:47 PM, SYSTEM, TOM-HP, Scheduler, 5,
Update, 9/1/2015 8:47 PM, SYSTEM, TOM-HP, Scheduler, AKA IP Database, Failed, Unable to access update server, 2015.9.1.3, 2015.9.1.3,
Error, 9/1/2015 8:47 PM, SYSTEM, TOM-HP, Scheduler, 5,
Update, 9/1/2015 8:47 PM, SYSTEM, TOM-HP, Scheduler, AKA Domain Database, Failed, Unable to access update server, 2015.9.1.1, 2015.9.1.1,
Error, 9/1/2015 9:03 PM, SYSTEM, TOM-HP, Update, Bad md5 or size: akadomains, 11,
Error, 9/1/2015 9:03 PM, SYSTEM, TOM-HP, Update, Bad md5 or size: akaips, 11,
Error, 9/1/2015 9:03 PM, SYSTEM, TOM-HP, Scheduler, 5,
Update, 9/1/2015 9:03 PM, SYSTEM, TOM-HP, Scheduler, AKA IP Database, Failed, Unable to access update server, 2015.9.1.3, 2015.9.1.3,
Error, 9/1/2015 9:03 PM, SYSTEM, TOM-HP, Scheduler, 5,
Update, 9/1/2015 9:03 PM, SYSTEM, TOM-HP, Scheduler, AKA Domain Database, Failed, Unable to access update server, 2015.9.1.1, 2015.9.1.1,

(end)

Link to post
Share on other sites

Hello and :welcome: :
 

Is this the same computer as this one here?

 

ALSO:

Was MBAM installed and configured from an Admin account?

Are you logged into Windows from a LUA when the errors ocur?

 

First: Please check to be sure your system date and time are correct.
 
If that doesn't resolve your issues, as a first step:

Please read the following and attach to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)

 

Thank you,

Link to post
Share on other sites

No, this is not the same computer as the one that had the PUP problem.  MBAM was installed and configured from an Admin account (Bozo the Clown).  And yes I am logged into Windows 10 from a LUA when the errors occur.  My system date and time are correct.  I have attached the requested files.

 

Thank you.

Addition_02-09-2015_11-27-25.txt

FRST_02-09-2015_11-27-25.txt

CheckResults.txt

Link to post
Share on other sites

Hi:
 
Thanks for the logs and for the info -- it helps a great deal.
 
The logs suggest the following:

  • FRST was NOT run from an Admin account (so the results are incomplete)
  • MBAM was installed a few days ago (8/29/2015), but it doesn't appear to have been a "clean" install, using the removal tool?
  • You may have recently upgraded to Windows 10?
  • Something is blocking MBAM-check and/or MBAM itself
  • There are many programs running in compatibility mode which ought not to be

So, the first suggestions would be:

  • Please follow the steps in this pinned topic to uninstall your current version of MBAM and reinstall the latest build - MBAM Clean Removal Process 2x
    • Please be sure to reboot the computer after running the removal tool and again after the reinstall
    • It would also be a good idea to remove the many programs from compatibility mode
  • If that does not correct the issue, then please read the following and attach to your next reply a fresh, new set of all 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)
    • NOTE: If you need to run FRST again, please be sure to do so from an Admin account, AND please be sure there is a check-mark in the "Addition.txt" option before it runs

Please let us know how it goes.

 

Thank you again,

Link to post
Share on other sites

I performed a clean removal of MBAM and a reinstall per your instructions.  Everything seems to be working fine now.  I'll monitor the protection logs for the next few days to see if any of the errors reappear.  Yes, I had reinsatlled MBAM a few days ago in an attempt to get it running properly.  I thought it could be reinstalled from a LUA account as long as it was "Run as administrator".  Apparently that it not the case.

 

Yes I upgraded to Windows 10 at the end of July and it has been a long learning experience for me.  Concerning compatibility mode, I am unaware of how any program might run in that mode.  I have never selected compatibilty mode or compatibilty view.  Perhaps when I upgraded from Windows 7 Home to Windows 10 the compatibility mode kicked in?  How do I find the programs in compatibilty mode and take them out of compatibilty mode?

 

I ran a scan after the reinstall of MBAM and five PUPS were discovered (OutBrowse) and put into quarantine.  These PUPS had been in the registry during the time that MBAM was disabled.  And yes I know that something had been blocking MBAM or causing it work improperly.  That's why I asked for help.   I ran FRST again from the admin account and have attched the logs:

FRST.txt

Addition.txt

Link to post
Share on other sites

If I may interject here, this computer can really use a little cleanup, the logs show enough that warrants you getting help from the experts for a one on one cleanup. There are traces from an infection or prior infection that need to be dealt with. There they can help you with the compatibility mode removal as well. Just point them to this post HERE. Basically post in that section with your logs you put here and wait for a helper to take your topic.

We are not permitted to work on possible malware-related issues here in this section of the forum.

Such work is conducted in a special forum area reserved for that purpose, or at the help desk.

Being that you are probably infected, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware.

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

Thank you

Link to post
Share on other sites

Thank you.  Indeed I'll follow up on that.  I need to add that MBAM is broken.  Something is wrong.  It keeps losing its abillity to contact the update server.  I've dealt with this problem for months now.  See the attached protection log just after my new clean install.  MBAM seems to become disabled when used by any LUA.

Protection Log.txt

Link to post
Share on other sites

  • Staff

Hi Unicore. For the repeated AKA database failures, please do this.

Reinstall MBAM 2.1.8.1057 with only an administrator account logged on.

Allow it to update the database at the end of the installation.

Next, download mbam-rules from here:

http://downloads.malwarebytes.org/file/mbam_rules

 

Extract the contents of the mbam-rules zip file to their own folder. There will be two files inside, mbam2-rules.exe and mbam-rules.exe

Run the mbam2-rules.exe and allow it to install it's database.

Now, you can do one of two things. You can either manually update the database, or, you can log into your standard user account, and allow the next scheduled update to take place.

 

The mbam2-rules package should take care of the issue you were seeing in your logs, and allow normal updating in the standard user account going forward.

Link to post
Share on other sites

Thank you tetonbob for the help.  I followed your instructions and reinsatlled MBAM 2.1.8.1057 logged on to administrative account and allowed it to update its database.  I downloaded and extracted the files and ran mbam2-rules.exe. 

 

I have now left the administrative account and returned to my LUA to see the results as I wait for the next scheduled update to occur.  I'll let you know.

 

Thanks again for your help!

 

I also want to thank Firefox for his patient help as well!  And Firefox, I'm still working on the clean-up on another thread.  I'll keep you posted.

Link to post
Share on other sites

  • Staff

Monitor this for a while, please.

 

This is expected:

 

Error, 9/3/2015 10:47 AM, SYSTEM, TOM-HP, Update, Bad md5 or size: akadomains, 11,

Error, 9/3/2015 10:47 AM, SYSTEM, TOM-HP, Update, Bad md5 or size: akaips, 11,

 

 

That's after the first install. Those DB are not included in the installer.

This is likely from mbam2-rules:

Update, 9/3/2015 10:47 AM, SYSTEM, TOM-HP, Manual, AKA IP Database, 0.0.0.0, 2015.9.2.1,

Update, 9/3/2015 10:47 AM, SYSTEM, TOM-HP, Manual, AKA Domain Database, 0.0.0.0, 2015.9.1.1,

 

This worked:

 

Update, 9/3/2015 11:21 AM, SYSTEM, TOM-HP, Scheduler, AKA Domain Database, 2015.8.27.1, 2015.9.1.1,

Update, 9/3/2015 11:22 AM, SYSTEM, TOM-HP, Scheduler, AKA IP Database, 2015.8.26.1, 2015.9.2.1,

 

This, I'm not sure why it happened, but it did replace the database.

 

Error, 9/3/2015 11:30 AM, SYSTEM, TOM-HP, Update, Bad md5 or size: akaips, 11,

Update, 9/3/2015 11:30 AM, SYSTEM, TOM-HP, Scheduler, AKA IP Database, 2015.9.2.1, 2015.9.2.1,

Link to post
Share on other sites

This, I'm not sure why it happened, but it did replace the database.

 

 

What I noticed is that Malicious Website Protection did start after the error occurred.

 

Becky Dubrow referred me to this thread from Malicious Website Protection problem, any status update ?

 

Do I understand correctly that "Update Now" won't work in a LUA after applying your fix and that I need to let the auto update schedule keep MBAM databases up to date when I'm logged in to a LUA? If I do a "Scan Now" within a LUA, will MBAM update (providing updates are available)? If any errors clear within a short time, and the protections always re-start when in a LUA; that's a big step forward. Thanks for the work on this. The work around I've been doing to mitigate this issue is getting very old.

Link to post
Share on other sites

  • Staff

Hi calintexas. Sorry, that was not as clear as it could have been. The intent was just to allow a scheduled update take place in the LUA, as the failed scheduled update in LUA was the most frequently posted issue that I saw. It was not intended to discount or ignore manual functions in LUA. There was actually another choice, log into the LUA and perform a manual update.

 

Manual updates can be performed in LUA. A scan, manual or scheduled, should update before the scan takes place. In the case of a scheduled scan, the setting "Check for updates before scanning" would need to be enabled on the Scan task.

 

To test Malicious Website Protection, our iptest URL can be used

 

http://iptest.malwarebytes.org

 

We're continuing investigation into the behavior with the AKA Domains/AKA IPs database download

 

Link to post
Share on other sites

Your solution worked tetonbob!  Since running the mbam2-rules.exe file as you instructed, I have seen no more errors in the protection logs.  I have attached the protection logs for the last two days for your information.  Thanks again for your help.  I also want to thank Firefox for his help as well.  I'm still working on the cleanup but I think I'm almost done Firefox.

Protection Log 9.3.15.txt

Protection Log 9.4.15.txt

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.