Grifman

unable to update Malwarebytes

20 posts in this topic

As I posted in a related thread, I am unable to update Malwarebytes also. I ran downloaded and ran the updater but still get the following message:

Update failed. Please be sure you are connected to the internet and that your firewall is set to allow Malwarebytes Anti-Malware to access the internet.

FYI, I use Trend Micro for both my virus and firewall protection, and I added mbam.exe to the list of approved programs that are allowed to access the internet, but that still doesn't work.

Any assistance would be appreciated. Thanks.

Share this post


Link to post
Share on other sites

Please take a look at the following posts and see if they help you to resolve this or not.

Potential Malware infection issues to review to get MBAM running

Also look here: http://www.malwarebytes.org/forums/index.php?showtopic=10138

If so then please update and run MBAM and do a Quick Scan and open a NEW post in the HJT forum as asked below.

Scan and post logs - read note at bottom in green

If you're having Malware related issues with your computer that you're unable to resolve.

  1. Please read and follow the instructions provided here: I'm infected - What do I do now?
  2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
  3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.
  • Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
  • Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
  • Using these other tools often makes the cleanup task more difficult and time consuming.
  • If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
  • Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
  • There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review
  • NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.

Share this post


Link to post
Share on other sites
Please take a look at the following posts and see if they help you to resolve this or not.

Potential Malware infection issues to review to get MBAM running

No, this does not seem applicable, as I am not seeing a fake security alert popping up.
Again, this does not look applicable as I do not see any sort of fake alert.

I tried running the Rootkit analysis and it did not show any problems, so once again, no go here.

Also look here: http://www.malwarebytes.org/forums/index.php?showtopic=10138

If so then please update and run MBAM and do a Quick Scan and open a NEW post in the HJT forum as asked below.

This link tells me to check and see if IE is in offline mode. I don't use IE, I use Firefox and I have verified that it is not in offline mode.

As far as I can tell, this does not appear to be a malware issue.

Can you provide further assistance?

Share this post


Link to post
Share on other sites
This link tells me to check and see if IE is in offline mode. I don't use IE, I use Firefox and I have verified that it is not in offline mode.

It does not matter what browser you use. MBAM uses Internet Explorer's settings to download updates. I assume you checked Internet Explorer and not Firefox?

Also, have you already downloaded and installed version 1.37?

Share this post


Link to post
Share on other sites
It does not matter what browser you use. MBAM uses Internet Explorer's settings to download updates.

Ah, you learn something new every day ;)

I assume you checked Internet Explorer and not Firefox?

Actually, I originally checked Firefox, but I just now checked IE and neither is in off line mode.

Also, have you already downloaded and installed version 1.37?

Actually, I have version 1.36 which was what was on the Malwarebytes website. Looks like it was just updated. I'll go download that now and see what happens. Thanks.

Share this post


Link to post
Share on other sites

Looks like the newest version did the trick. I can now update successfully. Thanks for the assistance.

Share this post


Link to post
Share on other sites

I am having the same problem with the same basic error message, but it gives the specific error code 732(12002). I tried to update earlier this morning, and tried again just a short time ago with the same results. My other other security products update with no problem. I downloaded the 1.37 version yesterday and and the problems started today. I thought it might be a server problem on your end, but don't see very many posts about it.

Every now and then the program seems to self delete "the database could not be found". What I do it that case is just download it again. Should I just go ahead and do that in this case? Thanks for any suggestions.

Share this post


Link to post
Share on other sites

The 12002 in the parenthesis means: The request has timed out.

This is probably an issue with your connection to the update servers. Could be a firewall issue as well, but that's less likely.

Restart your modem, and try again.

Share this post


Link to post
Share on other sites

I uninstalled 1.37 and then downloaded it again and looked for updates. None of my settings has changed and my modem seems to be working normally since I am able to update other things. It must be something to do with the servers, because the update seems to start normally, but after about 30 seconds the error message (the timingi out) occurs. I'll try it again tomorrow. I use the free version and the updates are manual.

Share this post


Link to post
Share on other sites

I did a quick scan just a bit ago and it came up clean...with no updates since I downloaded version 1.37. This was on my XP computer. On the computer I am writing on now, I downloaded and installed version 1.37 and searched for updates. There was one and it downloaded with no problem or error message. Forgot to mention that both these machines are on dialup...I still am looking for a reasonable provider...Qwest wants me have a "phone package" that will cost more than just my straight land line...but that's another story.

Since others seem to have similar problems perhaps there are server issues, so will just keep trying on the other computer...since it is just my backup.

Share this post


Link to post
Share on other sites
Since others seem to have similar problems perhaps there are server issues, so will just keep trying on the other computer...since it is just my backup.

Considering that we get 400,000+ downloads every week, and only a very tiny percentage are coming to us with updating issues, I'm going to assume that it's more likely to be ISP/firewall/DNS issues than server issues. Of course, our CDN does have thousands of servers, so there is always the potential for issues on a local server, but MBAM is supposed to hit a different server each time it updates, so if there is a server issue then it should not be persistent.

Share this post


Link to post
Share on other sites
Considering that we get 400,000+ downloads every week, and only a very tiny percentage are coming to us with updating issues, I'm going to assume that it's more likely to be ISP/firewall/DNS issues than server issues. Of course, our CDN does have thousands of servers, so there is always the potential for issues on a local server, but MBAM is supposed to hit a different server each time it updates, so if there is a server issue then it should not be persistent.

I just posted this on another thread, but I wanted to post it here too since this thread was talking about ISP issues.........and maybe others are seeing this due to the same IP blocking reasons......

-------

I have been troubleshooting this same update issue from our network for a couple of weeks now....

From what I could find......v1.36 used 208.111.160.6 to get updates.....and now v1.37 has tried to use 208.111.160.6 and 208.111.161.254

What I found out before today is that our cybersecurity department at HQ is blocking 208.111.160.6 because it was in the US-CERT recommended blocks for January 2009..... because it was detected as being an IP address hosting malicious code...... I'm not sure if they are blocking 208.111.161.254 as well....but MBAM won't update when it tries to go THAT ip address either.......

Here is what I got back from cybersecurity........

US-CERT reported that 208.111.160.6 on their CAT3 Watchlist, meaning the site has been identified as hosting malicious code. US-CERT additionally provided the following hostnames in which the malicious code was detected. They are cdn-208-111-160-6[dot]iad[dot]llnw[dot]net and cds723[dot]iad[dot]llnw[dot]net.

Not really sure where to go from here...... unless 208.111.160.6 can get its reputation cleared with US-CERT

Share this post


Link to post
Share on other sites

If true it's possible some larger ISP or Companies are blocking but not too likely for most users.

Share this post


Link to post
Share on other sites
If true it's possible some larger ISP or Companies are blocking but not too likely for most users.

That's a possibility. It's also possible that there is an issue with the Internet backbone that a user's ISP has and the backbone that our CDN uses. Sometimes Level3 doesn't like other networks, and Level3 is the largest backbone at least on the east coast.

Share this post


Link to post
Share on other sites
That's a possibility. It's also possible that there is an issue with the Internet backbone that a user's ISP has and the backbone that our CDN uses. Sometimes Level3 doesn't like other networks, and Level3 is the largest backbone at least on the east coast.

I believe our AT&T contract uses Level3 networks at some point...... so I don't think it's a level3 thing.......but I can't say for sure......

I'm not sure what factors decide which server on the CDN a computer will connect to for updates, but mine always seems to goto one of two IPs......208.111.160.6 or 208.111.161.254..... and neither of those are allowed a port 80 connection from our network

Share this post


Link to post
Share on other sites

Can your security department please provide the URL to this report please.

On a SPAM list 78 sites report no issues or reports for this IP: 208.111.160.6

IP address: 208.111.160.6

Reverse DNS: cdn-208-111-160-6.iad.llnw.net.

Reverse DNS authenticity: [Verified]

ASN: 22822

ASN Name: LLNW

IP range connectivity: 2

Registrar (per ASN): ARIN

Country (per IP registrar): US [united States]

Country Currency: USD [united States Dollars]

Country IP Range: 208.111.128.0 to 208.111.255.255

Country fraud profile: Normal

City (per outside source): Unknown

Country (per outside source): -- []

Private (internal) IP? No

IP address registrar: whois.arin.net

Known Proxy? No

So if your IT Security is blocking them then I'd like to get a direct URL link to who or why please, otherwise there is not much else I can do for you.

Share this post


Link to post
Share on other sites
Can your security department please provide the URL to this report please.

On a SPAM list 78 sites report no issues or reports for this IP: 208.111.160.6

IP address: 208.111.160.6

Reverse DNS: cdn-208-111-160-6.iad.llnw.net.

Reverse DNS authenticity: [Verified]

ASN: 22822

ASN Name: LLNW

IP range connectivity: 2

Registrar (per ASN): ARIN

Country (per IP registrar): US [united States]

Country Currency: USD [united States Dollars]

Country IP Range: 208.111.128.0 to 208.111.255.255

Country fraud profile: Normal

City (per outside source): Unknown

Country (per outside source): -- []

Private (internal) IP? No

IP address registrar: whois.arin.net

Known Proxy? No

So if your IT Security is blocking them then I'd like to get a direct URL link to who or why please, otherwise there is not much else I can do for you.

The only thing they told me was........

"US-CERT reported that 208.111.160.6 on their CAT3 Watchlist, meaning the site has been identified as hosting malicious code. US-CERT additionally provided the following hostnames in which the malicious code was detected. They are cdn-208-111-160-6[dot]iad[dot]llnw[dot]net and cds723[dot]iad[dot]llnw[dot]net."

I don't have access to any of the reports they get and they are most likely not public..... and might even be classified..... I wish I could be of more help......

Is there any way that you can contact US-CERT directly and ask them about your IP address being listed on their watchlist?

Share this post


Link to post
Share on other sites
Can your security department please provide the URL to this report please.

On a SPAM list 78 sites report no issues or reports for this IP: 208.111.160.6

IP address: 208.111.160.6

Reverse DNS: cdn-208-111-160-6.iad.llnw.net.

Reverse DNS authenticity: [Verified]

ASN: 22822

ASN Name: LLNW

IP range connectivity: 2

Registrar (per ASN): ARIN

Country (per IP registrar): US [united States]

Country Currency: USD [united States Dollars]

Country IP Range: 208.111.128.0 to 208.111.255.255

Country fraud profile: Normal

City (per outside source): Unknown

Country (per outside source): -- []

Private (internal) IP? No

IP address registrar: whois.arin.net

Known Proxy? No

So if your IT Security is blocking them then I'd like to get a direct URL link to who or why please, otherwise there is not much else I can do for you.

FYI.......for the heck of it I decided to try an MBAM update today.......and it WORKED!!..... and it used 208.111.160.6 for the update server.......

Sooooooo not sure what was done by anyone, but it works now.......

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.