lmacri

Members
  • Content count

    88
  • Joined

  • Last visited

About lmacri

  • Rank
    Regular Member

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    Canada

Recent Profile Visitors

3,755 profile views
  1. Since this thread hasn't been locked yet, I'll just post another status update for Vista users. I was recently required to upgrade from NIS v21.7.0.11 to the latest NIS v22.7.0.76 to patch the vulnerabilities listed in Symantec's security advisory SYM16-010, and the Norton upgrade didn't solve my conflict with MBAM Premium's Malicious Web Protection (MWP). MBAM's MWP still prevents my NIS v22.7.0.76 background Automatic LiveUpdates from running to completion during system idles on my 32-bit Vista machine. This was a clean install of NIS v22.7.0.76. I uninstalled v21.7.0.11 from the Control Panel (selecting "Please remove all user data"), ran the Norton Removal Tool, installed v22.7.0.76 using the latest NIS offline installer from www.norton.com/latestnis, and ran multiple LiveUpdates to ensure v22.7.0.76 was fully patched. Adding mutual scan exclusions for NIS and MBAM executables as instructed <here> made no difference, so I've had to permanently disable MWP again. It's fine if forum mods want to lock this thread. The MBAM Help Desk already looked at my diagnostic logs and trace routes and concluded that a bug fix would be a low priority since this type of problem only occurs for a small number of users. ------------- 32-bit Vista Home Premium SP2 * Firefox v47.0.1 * NIS v.22.7.0.76 * MBAM Premium 2.2.1.1043 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS
  2. Further to my previous post, I've decided to re-enable the Allow pages to choose their own fonts, instead of my selection above in my Firefox settings because Firefox's default Times New Roman font looks terrible on many other websites I visit that use a Serif font. The text at https://blog.malwarebytes.com/ is back to the washed-out font shown in Corrine's post # 15 but that's better than having several other websites defaulting to the wrong font.
  3. Hi Corrine: Thanks for raising this issue. I also use Firefox as my default browser and could barely read the text at https://blog.malwarebytes.com/. I disabled the setting at Tools | Options | Content | Fonts & Colors | Advanced | Allow pages to choose their own fonts, instead of my selection above and the text is much easier to read now.
  4. I was also told that free utilities like BlueScreenView and WhoCrashed don't have the ability to interpret all the symbols in crash dumps that allow you to look at functions further down the crash stack. The Windows debugging tool WinDbg can be configured to access the Microsoft symbol server (see the MS article Debugging with Symbols) and it looks like WhoCrashed Professional has at least some ability to perform kernel stack traces with symbol resolution that the free version doesn't have. ------------- 32-bit Vista Home Premium SP2 * Firefox v45.0.2 * NIS v.21.7.0.11 * MBAM Premium 2.2.1
  5. Hi Kaiwen et al: Just a bit more info to clarify my last post <here> about BSODs reported in the Norton forum by users with Gigabyte motherboards. BSODs would only occur when the Norton AV was running a scan or performing a background idletime task. BSODs stopped when Norton was removed from their system. In most cases BlueScreenView or WhoCrashed would show a crash caused by Microsoft files ntoskrnl.exe (Windows NT Operating System Kernel) or hal.dll (Hardware Abstraction Layer), and not a Norton driver. Utilities like BlueScreenView and WhoCrashed are usefull tools but will only show the last driver loaded into memory before the crash. BlueScreenView would show that the Gigabyte driver gdrv.sys used by multiple Gigabyte utilities such as Fast Boot, EasyTune, Smart Backup, etc. was loaded into memory at the time of the crashes but did not indicate that any Gigabyte driver was involved in the crash. It required a full analysis of the crash dumps with the Windows Debugger Tool WinDbg to show that crashes were in fact caused by the EasyTuneEngine driver, and once the EasyTune utility was uninstalled and Norton was reinstalled the crashes stopped. The output from one of these WinDbg analyses is shown <here>. There are several BitDefender users posting WhoCrashed output in the BSOD, Crashes, Kernel Debugging board that show that mwac.sys (Malwarebytes Web Access Control) was the last driver to load before a BAD_POOL_CALLER BSODs. It certainly points to a mwac.sys conflict with BitDefender as the probable cause of the crashes but a proper analysis of your diagnostic logs and dump files might be required to isolate the exact cause of your crashes. Hopefully Maurice Naggar's above suggestion to create mutual file exclusions in BitDefender and MBAM will provide an easy workaround. ------------- 32-bit Vista Home Premium SP2 * Firefox v45.0.2 * NIS v.21.7.0.11 * MBAM Premium 2.2.1
  6. Hi Kaiwen: Since you've declined to post the diagnostic logs requested by Maurice Naggar in your own thread <here> in the Malware Removal Help board, you might be interested in reading the November 2015 ESET support article Blue screen error (BSOD) on systems with ASUS/Gigabyte motherboards with chipsets H87/Z87 and H97/Z97: "AI Suite (ASUS) and APP Center (Gigabyte) applications use drivers that create memory-mapped I/O to access hardware ports in a non-standard way. If the memory is subsequently read by another process utilizing a Windows API function (for example, during a memory scan by ESET), it may have unpredictable results on the system and the system may crash...ESET is working closely with ASUS and Gigabyte to make sure this issue get resolved as quickly as possible." This support article specifically mentions the Z87 and Z97 chipsets but I wouldn't be surprised if drivers used by the applications that come with other Gigabyte/ASUS motherboards also have a similar issue. You should also read Phoenix365's thread Norton Security Blue Screen from Background Tasks, where analysis of dump files showed that BSODs on a computer with a Gigabyte GA-Z170X-UD5 "F4" BIOS were caused by a conflict with a Gigabyte utility called the EasyTuneEngine. Uninstalling the EasyTuneEngine utility solved the BSODs. ------------- 32-bit Vista Home Premium SP2 * Firefox v45.0.2 * NIS v.21.7.0.11 * MBAM Premium 2.2.1
  7. Hi Chewie: I'm not sure if your problems are related, but daledoc1 reported in 2016.03.23.06 update issues: update doesn't finish that disabling checking for program updates (Settings | Updates | Check for program updates when checking for database updates | DISABLE) allowed database updates to run to completion. I'm not sure if a re-boot was required before the setting change took effect. ------------- 32-bit Vista Home Premium SP2 * Firefox v45.0.1 * NIS v.21.7.0.11 * MBAM Premium 2.2.1
  8. Just reporting that updating to MBAM Premium v2.2.1.1043 didn't solved this conflict with my Norton Internet Security (NIS). After performing a clean install of v2.2.1, my Vista machine is still unable to connect to the Norton update servers and download background Pulse Updates or Automatic LiveUpdates when MBAM's Malicious Website Protection in enabled. Norton Updates Fail with MBAM v2.2.1 Malicious Website Protection Enabled: Norton Updates Succeed with MBAM v2.2.1 Malicious Website Protection Disabled: I opened a ticket with the Malwarebytes Support Desk on 10-Dec-2014, and it's unfortunate that it took them until 22-Sept-2015 to tell me that my problem would not be escalated to the software development team because "it looks like an issue specific to the 32-bit Vista operating system where MWAC (Malwarebytes Web Access Control) can act oddly on occasion." I realise that Microsoft is ending extended support for Vista on April 11, 2017. I am also aware that companies like Apple (iTunes) and Google (Chrome) have already announced that their products will continue to run on Vista but that they will no longer provide security updates or technical support for this OS. I only wish that Malwarebytes had been just as forthcoming back in 2014 so that I hadn't wasted countless hours running trace routes to Norton servers and submitting new diagnostic logs to their Support Desk every time a product update was released for MBAM or NIS. Please lock this thread, since I have no expectation that this conflict with my Norton antivirus will be addressed in a future MBAM release. ------------- 32-bit Vista Home Premium SP2 * Firefox v45.0.1 * NIS v.21.7.0.11 * MBAM Premium 2.2.1 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS
  9. Hi AdvancedSetup: Thanks for the offer, but are you seeing any obvious problems in the logs I attached in post # 3 of this thread that weren't present when you checked my system a few months ago in the Malware Removal Help board at https://forums.malwarebytes.org/index.php?/topic/171640-cant-run-windows-update-after-pupoptionalspigota-removal/?p=984449. The Addition.txt file I attached in that older thread also showed multiple Code Integrity errors for mwac.sys, and after you'd cleaned up some stray files and registry entries I confirmed that your tune-up hadn't solved the conflict with Norton background tasks and MBAM's Malicious Website Protection. I believe it was Albert Einstein who said, "Insanity is doing the same thing over and over and expecting a different result." I think it would make more sense for me to wait a few weeks and see how the upcoming MBAM v2.2.1 update behaves on my 32-bit Vista system before deciding how to proceed, unless you saw something that points to a serious problem in my latest set of logs. ------------- 32-bit Vista Home Premium SP2 * Firefox v44.0.1 * NIS v.21.7.0.11 * MBAM Premium v2.2.0.1024 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS
  10. Hi P1W: Thanks for the suggestion, but I provided multiple sets of diagnostic logs to the Customer Support Help Desk and also had my system checked for malware in the Malware Removal Help forum a few months ago to confirm that my system was clean, so I'm confident that my Norton conflict with Malicious Website Protection has nothing to do with a malware infection. Malwarebytes has also been very clear that bug fixes for Vista users are not a priority. For now I'll just disable my real-time protection and use MBAM sparingly as an on-demand scanner until the current spoofing vulnerability is patched in the upcoming v2.2.1 release. I'll continue monitor this forum and see if anyone else reports a problem with mbam.exe crashing when the Self-Protection module is enabled. If my problems still persist in v2.2.1 I'll reconsider opening another topic in the Malware Removal Help forum. ------------- 32-bit Vista Home Premium SP2 * Firefox v44.0 * NIS v.21.7.0.11 * MBAM Premium v2.2.0.1024 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS
  11. Hi 1PW: Cheers. I should mention that I took a quick look through my diagnostic logs and noticed that Addition.txt listed multiple issues related to mwac.sys and chameleon.sys in the CodeIntegrity section. Here's an excerpt: CodeIntegrity: =================================== Date: 2016-02-06 20:26:04.556 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2016-02-06 20:26:03.620 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. I wonder if this could be connected to the current problems I'm having with Malwarebytes Web Access Control (MWAC) and Malwarebytes Self-Protection (a.k.a. Chameleon) on my 32-bit Vista system? I checked in C:\Windows\System32\drivers and both drivers are signed by Malwarebytes Corporation and I can't see any obvious problems with the digital signatures or certificates. ------------- 32-bit Vista Home Premium SP2 * Firefox v44.0 * NIS v.21.7.0.11 * MBAM Premium v2.2.0.1024 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS
  12. Hi 1PW: Thanks for your response. I've attached the requested diagnostic logs, but unless you can see obvious evidence of a malware infection I don't want to waste your time, or mine, digging too deeply for the root cause of this problem. At this point I'm just wondering if other users have reported a similar mbam.exe crashes when MBAM's self-protection module is enabled. CheckResults.txtFRST.txtAddition.txt I actually have a much more serious problem with MBAM Premium that started with v2.0.3. When Malicious Website Protection (MWP) is enabled it causes important Norton Internet Security tasks such as Pulse Updates, Automatic LiveUpdates and Insight scans of downloaded files to fail because MWP prevents Norton from connecting to the backend Symantec servers. If you're interested, trace routes to Symantec servers that I ran with MWP enabled are posted in my thread Norton Pulse Updates Fail when Malicious Website Protection Enabled at https://forums.malwarebytes.org/index.php?/topic/161955-norton-pulse-updates-fail-when-malicious-website-protection-enabled/?p=966377. Several months after I first contacted the Malwarebytes Help Desk I was told that this conflict with Malicious Website Protection and Norton is likely specific to 32-bit Vista and related to a problem where Malwarebytes Web Access Control (MWAC) "can act oddly on occasion". This problem hasn't been widely reported by other Norton/MBAM Premium v2.x users and would be a low priority for the software development team so I have been told that "there is no solution or workaround we can offer for you at the moment". I suspect that this new issue with mbam.exe crashing at boot-up when MBAM's self-protection module is enabled is also related to my 32-bit Vista OS and/or another conflict with Norton. I've been told by a Malwarebytes employee that "Vista is no longer supported even by Microsoft" (I respectfully disagree - extended support for Vista SP2, including monthly security updates, will not end until April 11, 2017) so I might just have to disable all my MBAM Premium real-time protection if Malwarebytes has this many problems running on Vista. ------------- 32-bit Vista Home Premium SP2 * Firefox v44.0 * NIS v.21.7.0.11 * MBAM Premium v2.2.0.1024 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS
  13. Is anyone aware of a known issue where MBAM Premium v2.2.0 (mbam.exe) can crash at boot-up when the self-protection module is enabled? I recently enabled the self-protection module (Settings | Advanced Settings | Enable self-protection module) of my MBAM Premium as recommended in the 01-Feb-2016 Malwarebytes Unpacked blog entry Malwarebytes Anti-Malware Vulnerability Disclosure (https://blog.malwarebytes.org/news/2016/02/malwarebytes-anti-malware-vulnerability-disclosure/).%C2'> Now mbam.exe crashes when I boot up my 32-bit Vista system (see attached APPCRASH errors - fault module is always kernel32.dll) regardless of whether self-protection early start (Settings | Advanced Settings | Enable self-protection module | Enable self-protection early start) is enabled or disabled. MBAM APPCRASH Error Messages Feb 2016.txt My Norton Internet Security always has early boot time protection enabled to ensure that my antivirus protection loads early in the boot process (Settings | Computer | Real-Time Protection | Enable Boot Time Protection | Aggressive), but this Norton setting does not prevent mbam.exe from loading correctly at boot-up as long as MBAM's self-protection is disabled. Creating mutual scan exclusions for both my MBAM v2.x executables and Norton installation folder doesn't help. ------------- 32-bit Vista Home Premium SP2 * Firefox v44.0 * NIS v.21.7.0.11 * MBAM Premium v2.2.0.1024 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS
  14. After waiting almost four months for instructions for collecting additional diagnostic logs, I finally heard back from the Malwarebytes Help Desk and the news isn't very encouraging. It appears that the issue I've encountered with Norton LiveUpdates failing when MBAM's Malicious Website Protection is enabled is specific to 32-bit Vista and related to a problem where Malwarebytes Web Access Control (MWAC) "can act oddly on occasion". This problem hasn't been widely reported by other Norton/MBAM Premium v2.x users and will be a low priority for the software development team so I have been told that "there is no solution or workaround we can offer for you at the moment." As such, my only options are to purchase a new computer with a 64-bit OS, purchase different antivirus software when my Norton subscription expires, use MBAM Premium with Malicious Website Protection permanently disabled, or abandon MBAM Premium and try another realtime anti-malware program like SUPERAntiSpyware Pro. ------------- 32-bit Vista Home Premium SP2 * Firefox 41.0 * NIS 2014 v. 21.7.0.11 * MBAM Premium 2.1.8 HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS
  15. Hi AdvancedSetup: I completed your cleanup routine and ran one final MBAM Threat Scan (no threats deteced) so I believe I'm good to go. One last observation about the ERUNT 1.1j tool I downloaded from Link 2 of your instructions <here> (Link 1 still gives an error 404). I'm not sure it actually created a registry backup that I could have used in case of an emergency on my 32-bit Vista machine because the specs posted for v 1.1j (released 2005) on MajorGeeks at http://www.majorgeeks.com/files/details/erunt.html only mention NT/2000/XP. I was logged in with an account with Administrator rights but ERUNT 1.1j generated multiple error messages when I doubled-clicked the desktop icon (see one image below). The tool seemed to run normally when I right-clicked and selected "Run as Administrator" and stored two .dat files in C:\Windows\ERDNT, but I noticed that the startup banner only listed NT/2000/XP as compatible operating systems and at the time I assumed the omission of Vista was just an oversight. The latest ERUNT available at http://www.bleepingcomputer.com/download/erunt/ is compatible with 32-bit XP/Vista/Win 7. Thank you again for your assistance. Your prompt responses and professional guidance were greatly appreciated.