Jump to content

Strange issue


Recommended Posts

I'm running MBAM 2.1.0.1004 Premium on Win 8.1 64-bit with the spring update. This morning, I booted my PC, which had been powered off overnight, and noticed that the MBAM icon was no longer in the notification area. Further investigation revealed that MBAM wasn't running.

 

I started MBAM manually, and the dashboard came up displaying a warning that the databases were out of date, and that real-time protection was disabled. I tried to do a manual update, but got an error that the server was not available. My internet connection was up and I verified that I could reach several external sites and perform manual updates on other applications, including Eset AV.

 

Going in to MBAM settings, I found that all the log entries and exclusions were no longer showing in the lists. Start MBAM with Windows, enable Malware and Website protection were all enabled in settings, but disabled according to the dashboard, and could not be started.

 

Full scans with Eset AV and Hitman Pro did not find anything untoward. I ran Chameleon, which started but came up with two errors, to the effect that it could not perform an update and could not start a system scan.

 

One other thing I noticed that I had not seen before, was a menu in MBAM settings that appeared to allow configuration for various MBAM notifications to be sent by email, written to the syslog etc. I ended up uninstalling and re-installing MBAM, and everything is working fine again now. All my settings and licence details were preserved, the log entries and exclusions are showing in the console and it is updating and scanning fine. The notification configuration menu I mentioned above has disappeared again.

 

The only other thing of note is that I accepted a Windows Update for KB2919355 again yesterday. This was originally installed last Patch Tuesday as part of the spring update, but appears to have been offered again yesterday as indicated by Microsoft here: http://support.microsoft.com/kb/2919355

 

Looking at the logs, MBAM had not written any entries since the update was installed, so possibly it is connected.

 

Anyway, everything seems to be fine again now. I did download and run FRST and mbam-check.exe before uninstalling MBAM, and I still have the logs available if they are of interest.

 

 

Link to post
Share on other sites

Yes, could be, and Ssantoro's post "Malwarebytes won't open and Chameleon doesn't work" (sorry, I can't paste links) also posted today shows a screen shot of the exact errors I got when trying to run Chameleon.

 

Is the notification menu that I saw in MB Business Edition? Maybe MBAM thought it was a different edition for some reason?

 

Firefox, thanks for your reply. I don't actually need assistance, because I seem to have managed to fix whatever the problem was with a re-install. My offer to post the logs was just in case they might be helpful in debugging if it is more than an isolated issue. I did intend to take a screenshot, but then uninstalled before I remembered that was what I had intended to do - sorry.

 

I've attached the logs anyway. I'm no expert, but the most useful information seems to me to be in Addition.txt as it contains details of the MBAM application errors.

 

FRST.txt

Addition.txt

CheckResults.txt

Link to post
Share on other sites

  • Root Admin

The logs indicate that something is still causing problems for our program and you also have some other issues going on with the computer.

You also have old Java which is compromised and can easily lead to an infection.  I would highly recommend that you uninstall ALL versions of Java. The if possible run without Java - if you have to have it make sure you're using the latest version.  http://www.java.com

 

You also have a restore setting that has not completed - you need to restart the computer to complete that.

 

 

From the Event Logs

 

Error: (04/17/2014 05:34:58 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

 

Based on the logs I'd still say to run the mbam clean routine - reboot a couple times then run these logs again and post back the new ones for review.

Link to post
Share on other sites

I've removed Java from the machine, although it was disabled in the browser.

 

The Cryptographic Services error is a known issue with Windows 8.1 and the Volume Shadow Copy Service. The MS recommended fix doesn't work, but Macrium state that although the error is generated when a backup starts, their software is not affected by it and it can be safely ignored. It hasn't caused any issues with either Macrium, Syncback or MBSB.

 

I've attached the new logs generated following a reboot. Thank you for your help.

 

FRST.txt

Addition.txt

CheckResults.txt

Link to post
Share on other sites

  • 3 weeks later...

Same thing has just happened again, following a reboot - MBAM icon disappeared from sys tray and MBAM not running. Got the screenshots this time after starting MBAM manually. Looking at the settings screen, it seems to think that it's a different version - Business Version I'm guessing. There's no version number in the title bar and my licence information is blank. Trying to update the database or clicking on Fix Now just gets a response that the update server is unreachable. Fixed again by an uninstall and re-install, with all my licence details and previous settings retained.

 

 

post-103992-0-91398200-1399405780_thumb.

post-103992-0-73045200-1399405830_thumb.

Link to post
Share on other sites

Hello and :welcome:

Your logs show that you are currently using Malwarebytes version 2.0.1.1004. How about you try to install the latest beta as mentioned below, it has fixed quite a few bugs that are present in the version you are using.

Thank You
Link to post
Share on other sites

Hi Firefox,

 

The logs in my previous post are a couple of weeks old now. I was running 2.0.2.1010 when it happened. I'd completed an in-place install over the top of v1009 a couple of hours previously, and everything seemed fine up until the point where I rebooted the PC following an update for my UPS monitoring software.

 

Anyway, I've done as you suggested and completely removed MBAM using the clean tool. I installed v1010 again and rebooted - all OK. Set up exclusions and rebooted - no tray icon. This time though, Task Manager showed that MBAM was running and I found I could get the tray icon back by manually running "Malwarebytes Anti-Malware Notifications".

 

I re-booted a couple more times just for good measure, and both times again the tray icon was missing when the PC restarted, although MBAM was running. I unticked the option to start MBAM with Windows in Advanced Settings, then selected it again, and on a subsequent re-boot the tray icon was back. So far, all seems OK.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.