Jump to content

rules.def always deleted at program start - no update possible


Recommended Posts

Ok, problem was not fixed so I tried to find a solution on my own.

As I was the only one with this problem (at least nobody reported a similar story in this forum) I started to evaluate what is different on my system compared to the other environment where mbam was running well. On both systems I had some kind of a special setup for Windows 7 as I have moved the "C:\Program Files" and "C:\Program Files (x86)" folder to drive D instead of default drive C and on both systems I haven't faced a problem with installing new programs so far!

To make a long story short: I used two symbolic links for both folders (created with "mklink /j") on drive C pointing to the respective directories on drive D and left the registry settings in "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" still pointing to drive C (which usually works as every file or directory could be accessed with pathname C although it's physically on drive D). But some reason (?) mbam seems to have a problem with that so I changed the registry setting for all key like "ProgramFilesDir" and "ProgramFilesDir

Link to post
Share on other sites

Ok, problem was not fixed so I tried to find a solution on my own. As I was the only one with this problem (at least nobody reported a similar story in this forum) I started to evaluate what is different on my system compared to the other environment where mbam was running well. On both systems I had some kind of a special setup for Windows 7 as I have moved the "C:\Program Files" and "C:\Program Files (x86)" folder to drive D instead of default drive C and on both systems I haven't faced a problem with installing new programs so far! To make a long story short: I used two symbolic links for both folders (created with "mklink /j") on drive C pointing to the respective directories on drive D and left the registry settings in "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" still pointing to drive C (which usually works as every file or directory could be accessed with pathname C although it's physically on drive D). But some reason (?) mbam seems to have a problem with that so I changed the registry setting for all key like "ProgramFilesDir" and "ProgramFilesDir
(x86)" to drive D and now everything works again.
Link to post
Share on other sites

  • 1 year later...

I know this is a year old.. but I'm having the same issue and I also symlinked program files from C: to D:

 

However my registry already had the path change to D:

 

If I run the GUI from mbam.exe, I do not get a corrupt database message, but if I open the program from the system tray icon, I do.

 

I tried to set rules.ref and database.conf to read-only... and I still get the corrupt error message, but they do not delete. So it seems that the issue isn't that its being deleted, therefor its giving an error message, but instead the Onclick() event tied to the system tray icon launches the program in a way that thinks that the current rules.ref is corrupt. If someone from the MBAM team could supply me with the onclick() event tied to the system tray icon for further troubleshooting would be greatly appreciated.

Link to post
Share on other sites

Hello and :welcome: , bilago:
 
Until Firefox and the staff return....
 
Yes, this is an old thread and the MBAM program has been updated since then.  So a new post would be better than posting in such an old thread. ;)

That will help to ensure you receive prompt, customized help.
 
In order to get a better idea of what's going on, let's get some basic logs.

Please run the following scanners and then please start a NEW post, attaching all of the logs to your first post there.

 

Thanks,

 

daledoc1
---------------------------------------

DDS-MBAMCHECK-FRST

STEP 1
Please run the DDS scanner and send back both logs as attachments to your next reply.

>>If you are running Win 8.1, skip this step.

Download DDS from one of the locations below and save it to your Desktop:
dds.scr
dds.com


Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.

  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please include both of the following logs in your next reply as an attachment: DDS.txt and Attach.txt
  • You can ignore the note about zipping the Attach.txt file and just post it or attach it.

STEP 2
Please run mbam-check and send back the log as an attachment to your next reply.

  • Download mbam-check.exe from HERE and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post; instead please attach to your next reply the CheckResults.txt log file which should now be located on your desktop.

STEP 3
Please run the FRST tool and send back both logs as attachments to your next reply.

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. The one that runs will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your next reply.
Link to post
Share on other sites

I already have all these logs while working with Support one on one (only help i was given was a direction to this thread),

Do you have an open, working ticket with the help desk?

 

I can post them in a new thread though. Thanks.

I see that you have started a new post >>HERE<<.

You attached a Combofix log in that new post -- was that run with the assistance of the help desk Support team?

Also, it appears that you might have attached that log instead of the checkresults.txt log from mbam-check?

 

Please wait for one of the staff or experts to review your logs and advise you further.

 

Thanks for your patience,

 

daledoc1

Link to post
Share on other sites

Hey bilago,

 

actually my problem was not solved although I thought it was. I got following feedback from Malwarebytes:

 

 

 

Hi,

Keep working with the forum help.

We'll close this ticket, we cannot afford to use resources of two techs

 

Hm, "nice" feedback to a paying user like me.

 

The advantage of using also this old thread is that I was able to see your issue. If you find a solution please post it also here.

 

Thanks.

Link to post
Share on other sites

  • Root Admin

Sorry guys but bottom line is you're installing and using the product in an unsupported fashion and though we may attempt to assist you there is no official support for using the product in this manner.

Please post the requested logs that daledoc1 listed and I'll take a look and see if there is anything we can do for you or not, but again this is not supported period.

Thank you

Link to post
Share on other sites

Sorry guys but bottom line is you're installing and using the product in an unsupported fashion and though we may attempt to assist you there is no official support for using the product in this manner.

Please post the requested logs that daledoc1 listed and I'll take a look and see if there is anything we can do for you or not, but again this is not supported period.

Thank you

 

I'm not quite clear on the reasoning to lead you to conclude that I'm "Installing and using the product in an unsupported fashion". If i'm not installing the program to a symlinked directory, and the definition file (rules.ref) is also not being stored on a symlinked directory, how can that difference have any relevance to the issue that when MBAM is launched via the File Protection module icon in the system tray, it fails to validate the current definition file?

For clarity of my issue I created a separate thread as suggested by a member here. That post includes all of my log files.

Link to post
Share on other sites

  • Root Admin

@bilago

 

I've replied to your other post.

https://forums.malwarebytes.org/index.php?showtopic=143490

 

Your computer is suffering from a lot of issue.  Its your computer and you can run it how you want but again that computer is not running well and it could be running great if you took the time to set it up right.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.