giantbender

Hi March 24, 2015 is approaching and I'm writing to follow up to make sure it's still the case that MB 1.75 will get database updates for the forseeable future. Thanks

Thanks for the information guys. exile360 version 2 just wasn't as stable on my system whereas version 1 is fine so I'm going to stay with that as long as possible and hope that in Mar 2015 when I have to upgrade the problems I had are fixed.

I had some problems with MBAM 2 earlier this year so I am using version 1. I want to know how much longer version 1 will continue to be updated. I read earlier this year it was July, however I searched just now and read the FAQ on the website and I can't find this information. Thank you

Can someone from MBAM get back to me on this, thanks.

This is an update on the issue described in the first two posts (they were originally separate threads that were merged), a freezing issue and failing to load the anti-rootkit driver. As noted several weeks ago I followed the clean removal process (mbam-clean-2.0.2.0.exe) and reinstalled Premium (mbam-setup-2.0.2.1012.exe) according to the directions. I did not modify the settings and left them at the default. Monitoring over the last few weeks I can tell you that the issue was partially solved. Not once since I reinstalled did the computer permanently freeze or did MBAM give me that error message about being unable to load the anti-rootkit driver. Based on the change in behavior I'm fairly confident that the MBAM upgrade had at least something to do with my computer freezing. Unfortunately this has led me to uninstall MBAM. I tried to install 1.x but it tried to force me to upgrade to 2.x. Is 1.x still supported, and if so how long will it be supported? Is it vulnerable in any way? I would really like to help solve this. As I said I'm a computer programmer. I'm familiar with the Windows API. If you can get me a debug build, or you have some sort of debug setting or environment variable that causes MBAM to timestamp every action it's taking then hopefully I can make a determination what exactly is happening at the moment the computer freezes. I'm not running Farbar Recovery Scan Tool. I can't verify its origin and it isn't digitally signed. I ran the mbam-check twice. Once when I was experiencing the freezes (before the reinstall) and the second time after the most recent uninstall. I do not have a mbam-check from when the freezes were not occurring (after the reinstall but before the most recent uninstall). I am very careful what I run on this computer and am willing to run anything that could help as long as I can verify its origin, the company behind it or the source (so I can build it myself). Thanks! CheckResults__Before_Reinstall__Freeze.txt CheckResults__After_Removal.txt

Yeah I have failed to verify digital signature entries too. It's one file and it's signed correctly so I'm not sure why it's happening. I started a separate thread about it, here: Failed to verify the digital signature for \?\C:\Windows\system32\igfxsrvc.exe - Malwarebytes Anti-Malware Help - Malwarebytes Forum Regarding the failure to obtain file info (this thread), I was having other problems as well around that time and the MBAM team told me to reinstall. So I'm letting that laptop run for a week or two more before I pore through its logs again and give an update.

How do you know it's OCSP? My clock is correct. What do you think of my theory that a signature in the catalog file is overriding the signature in the exe? Thanks

Ok. Well I'm not new but I don't post much except when I have a problem. I don't know how one could abuse the edit feature. Can you submit a request to give me the ability to edit? I have some broken links and a merged post and I'd like to wrap everything together. In fact I think the edit feature would prevent numerous frivolous posts!

I have a laptop that is running MBAM. There is a scan that is scheduled to run once a day. I would prefer if that scan is only run when the laptop is connected to the charger. My suggestion is an option to disable a scan on battery power. For example in the 'Edit Schedule' window there could be a check box in 'Frequency and Settings' that says 'Skip scan when on battery power (Laptops)' or something like that. Thanks

Ok I followed the clean removal process and reinstalled Premium according to the directions. I ran a scan and no malware was found except for a false positive. I will report back and try step #2 if necessary after I have a chance to determine whether or not the problem still exists.

I just started several threads and I really needed the ability to edit them but I can't so I've had to post replies instead. It would've been easier if I could've edited my original post. I can't find a suggestions forum so I'm posting this here, please move it to suggestions if this isn't the right place. Thanks

I can't edit my original post so I will add this information here. I have since started three other threads here that have information that may or may not be related to this problem: Mbamchameleon Failed to obtain file name information Malwarebytes was unable to load the Anti-Rootkit DDA Driver Failed to verify the digital signature for \??\C:\Windows\system32\igfxsrvc.exe

I tried to attach the file but it didn't attach so I'm trying again. I cannot edit my original post. igfxsrvc.zip

I tried to attach the file but it didn't attach so I'm trying again. I cannot edit my original post.

I'm using MBAM (Premium) v2.0.2.1012 on Windows 8 x64. I have been checking my event logs for MBAM activity because of a problem I've been having since I upgraded and while it may not be related I've seen quite a few notices that say my intel graphics device service cannot be verified: Failed to verify the digital signature for \??\C:\Windows\system32\igfxsrvc.exe or:Failed to verify the digital signature for \Device\HarddiskVolume4\WINDOWS\SYSTEM32\IGFXSRVC.EXE I checked the signature in explorer and it passes. However I then used Sysinternals' sigcheck program which seems to imply that the signature is in a catalog file. I don't know what's happening here but maybe if a program's digital signature is in the file, but then there is also a digital signature for that file in a catalog file, one supersedes the other? Here is the sigcheck output:sigcheck -a -i -r -e IGFXSRVC.EXESigcheck v2.1 - File version and signature viewerCopyright (C) 2004-2014 Mark RussinovichSysinternals - www.sysinternals.comC:\Users\Owner\Desktop\igfxsrvc.exe: Verified: Signed Catalog: C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem17.cat Signers: Microsoft Windows Hardware Compatibility Publisher Status: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Valid Usage: Code Signing, WHQL Crypto Serial Number: 33 00 00 00 08 52 00 A3 24 4E 11 9A 5B 00 01 00 00 00 08 Thumbprint: D94345C032D23404231DD3902F22AB1C2100341E Algorithm: SHA1 Valid from: 7:20 PM 6/18/2012 Valid to: 7:20 PM 9/18/2013 Microsoft Windows Hardware Compatibility PCA Status: Valid Valid Usage: All Serial Number: 33 00 00 00 38 2E 50 E8 6A 98 9D 95 7F 00 00 00 00 00 38 Thumbprint: 8D42419D8B21E5CF9C3204D0060B19312B96EB78 Algorithm: SHA1 Valid from: 5:05 PM 6/4/2012 Valid to: 5:15 PM 6/4/2020 Microsoft Root Certificate Authority Status: Valid Valid Usage: All Serial Number: 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65 Thumbprint: CDD4EEAE6000AC7F40C3802C171E30148030C072 Algorithm: SHA1 Valid from: 7:19 PM 5/9/2001 Valid to: 7:28 PM 5/9/2021 Signing date: 4:27 PM 9/30/2012 Counter Signers: Microsoft Time-Stamp Service Status: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Valid Usage: Timestamp Signing Serial Number: 61 07 79 10 00 00 00 00 00 0E Thumbprint: 1895C2C907E0D7E5C0292B92C6EA8D0E236F525E Algorithm: SHA1 Valid from: 5:53 PM 1/9/2012 Valid to: 5:53 PM 4/9/2013 Microsoft Timestamping PCA Status: Valid Valid Usage: Timestamp Signing Serial Number: 6A 0B 99 4F C0 00 25 AB 11 DB 45 1F 58 7A 67 A2 Thumbprint: 3EA99A60058275E0ED83B892A909449F8C33B245 Algorithm: SHA1 Valid from: 9:04 PM 9/15/2006 Valid to: 3:00 AM 9/15/2019 Microsoft Root Authority Status: Valid Valid Usage: All Serial Number: 00 C1 00 8B 3C 3C 88 11 D1 3E F6 63 EC DF 40 Thumbprint: A43489159A520F0D93D032CCAF37E7FE20A8B419 Algorithm: MD5 Valid from: 3:00 AM 1/10/1997 Valid to: 3:00 AM 12/31/2020 Publisher: Microsoft Windows Hardware Compatibility Publisher Description: igfxsrvc Module Product: Intel(R) Common User Interface Prod version: 8.15.10.2849 File version: 8.15.10.2849 MachineType: 64-bit Binary Version: 8.15.10.2849 Original Name: IGFXSRVC.EXE Internal Name: IGFXSRVC Copyright: Copyright 1999-2006, Intel Corporation Comments: n/a Entropy: 5.934I've attached the file as well. Thanks