giantbender

Hi March 24, 2015 is approaching and I'm writing to follow up to make sure it's still the case that MB 1.75 will get database updates for the forseeable future. Thanks

Thanks for the information guys. exile360 version 2 just wasn't as stable on my system whereas version 1 is fine so I'm going to stay with that as long as possible and hope that in Mar 2015 when I have to upgrade the problems I had are fixed.

I had some problems with MBAM 2 earlier this year so I am using version 1. I want to know how much longer version 1 will continue to be updated. I read earlier this year it was July, however I searched just now and read the FAQ on the website and I can't find this information. Thank you

Can someone from MBAM get back to me on this, thanks.

This is an update on the issue described in the first two posts (they were originally separate threads that were merged), a freezing issue and failing to load the anti-rootkit driver. As noted several weeks ago I followed the clean removal process (mbam-clean-2.0.2.0.exe) and reinstalled Premium (mbam-setup-2.0.2.1012.exe) according to the directions. I did not modify the settings and left them at the default. Monitoring over the last few weeks I can tell you that the issue was partially solved. Not once since I reinstalled did the computer permanently freeze or did MBAM give me that error message about being unable to load the anti-rootkit driver. Based on the change in behavior I'm fairly confident that the MBAM upgrade had at least something to do with my computer freezing. Unfortunately this has led me to uninstall MBAM. I tried to install 1.x but it tried to force me to upgrade to 2.x. Is 1.x still supported, and if so how long will it be supported? Is it vulnerable in any way? I would really like to help solve this. As I said I'm a computer programmer. I'm familiar with the Windows API. If you can get me a debug build, or you have some sort of debug setting or environment variable that causes MBAM to timestamp every action it's taking then hopefully I can make a determination what exactly is happening at the moment the computer freezes. I'm not running Farbar Recovery Scan Tool. I can't verify its origin and it isn't digitally signed. I ran the mbam-check twice. Once when I was experiencing the freezes (before the reinstall) and the second time after the most recent uninstall. I do not have a mbam-check from when the freezes were not occurring (after the reinstall but before the most recent uninstall). I am very careful what I run on this computer and am willing to run anything that could help as long as I can verify its origin, the company behind it or the source (so I can build it myself). Thanks! CheckResults__Before_Reinstall__Freeze.txt CheckResults__After_Removal.txt

Yeah I have failed to verify digital signature entries too. It's one file and it's signed correctly so I'm not sure why it's happening. I started a separate thread about it, here: Failed to verify the digital signature for \?\C:\Windows\system32\igfxsrvc.exe - Malwarebytes Anti-Malware Help - Malwarebytes Forum Regarding the failure to obtain file info (this thread), I was having other problems as well around that time and the MBAM team told me to reinstall. So I'm letting that laptop run for a week or two more before I pore through its logs again and give an update.

How do you know it's OCSP? My clock is correct. What do you think of my theory that a signature in the catalog file is overriding the signature in the exe? Thanks

Ok. Well I'm not new but I don't post much except when I have a problem. I don't know how one could abuse the edit feature. Can you submit a request to give me the ability to edit? I have some broken links and a merged post and I'd like to wrap everything together. In fact I think the edit feature would prevent numerous frivolous posts!

I have a laptop that is running MBAM. There is a scan that is scheduled to run once a day. I would prefer if that scan is only run when the laptop is connected to the charger. My suggestion is an option to disable a scan on battery power. For example in the 'Edit Schedule' window there could be a check box in 'Frequency and Settings' that says 'Skip scan when on battery power (Laptops)' or something like that. Thanks

Ok I followed the clean removal process and reinstalled Premium according to the directions. I ran a scan and no malware was found except for a false positive. I will report back and try step #2 if necessary after I have a chance to determine whether or not the problem still exists.

I just started several threads and I really needed the ability to edit them but I can't so I've had to post replies instead. It would've been easier if I could've edited my original post. I can't find a suggestions forum so I'm posting this here, please move it to suggestions if this isn't the right place. Thanks

I can't edit my original post so I will add this information here. I have since started three other threads here that have information that may or may not be related to this problem: Mbamchameleon Failed to obtain file name information Malwarebytes was unable to load the Anti-Rootkit DDA Driver Failed to verify the digital signature for \??\C:\Windows\system32\igfxsrvc.exe

I tried to attach the file but it didn't attach so I'm trying again. I cannot edit my original post. igfxsrvc.zip

I tried to attach the file but it didn't attach so I'm trying again. I cannot edit my original post.

I'm using MBAM (Premium) v2.0.2.1012 on Windows 8 x64. I have been checking my event logs for MBAM activity because of a problem I've been having since I upgraded and while it may not be related I've seen quite a few notices that say my intel graphics device service cannot be verified: Failed to verify the digital signature for \??\C:\Windows\system32\igfxsrvc.exe or:Failed to verify the digital signature for \Device\HarddiskVolume4\WINDOWS\SYSTEM32\IGFXSRVC.EXE I checked the signature in explorer and it passes. However I then used Sysinternals' sigcheck program which seems to imply that the signature is in a catalog file. I don't know what's happening here but maybe if a program's digital signature is in the file, but then there is also a digital signature for that file in a catalog file, one supersedes the other? Here is the sigcheck output:sigcheck -a -i -r -e IGFXSRVC.EXESigcheck v2.1 - File version and signature viewerCopyright (C) 2004-2014 Mark RussinovichSysinternals - www.sysinternals.comC:\Users\Owner\Desktop\igfxsrvc.exe: Verified: Signed Catalog: C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem17.cat Signers: Microsoft Windows Hardware Compatibility Publisher Status: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Valid Usage: Code Signing, WHQL Crypto Serial Number: 33 00 00 00 08 52 00 A3 24 4E 11 9A 5B 00 01 00 00 00 08 Thumbprint: D94345C032D23404231DD3902F22AB1C2100341E Algorithm: SHA1 Valid from: 7:20 PM 6/18/2012 Valid to: 7:20 PM 9/18/2013 Microsoft Windows Hardware Compatibility PCA Status: Valid Valid Usage: All Serial Number: 33 00 00 00 38 2E 50 E8 6A 98 9D 95 7F 00 00 00 00 00 38 Thumbprint: 8D42419D8B21E5CF9C3204D0060B19312B96EB78 Algorithm: SHA1 Valid from: 5:05 PM 6/4/2012 Valid to: 5:15 PM 6/4/2020 Microsoft Root Certificate Authority Status: Valid Valid Usage: All Serial Number: 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65 Thumbprint: CDD4EEAE6000AC7F40C3802C171E30148030C072 Algorithm: SHA1 Valid from: 7:19 PM 5/9/2001 Valid to: 7:28 PM 5/9/2021 Signing date: 4:27 PM 9/30/2012 Counter Signers: Microsoft Time-Stamp Service Status: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. Valid Usage: Timestamp Signing Serial Number: 61 07 79 10 00 00 00 00 00 0E Thumbprint: 1895C2C907E0D7E5C0292B92C6EA8D0E236F525E Algorithm: SHA1 Valid from: 5:53 PM 1/9/2012 Valid to: 5:53 PM 4/9/2013 Microsoft Timestamping PCA Status: Valid Valid Usage: Timestamp Signing Serial Number: 6A 0B 99 4F C0 00 25 AB 11 DB 45 1F 58 7A 67 A2 Thumbprint: 3EA99A60058275E0ED83B892A909449F8C33B245 Algorithm: SHA1 Valid from: 9:04 PM 9/15/2006 Valid to: 3:00 AM 9/15/2019 Microsoft Root Authority Status: Valid Valid Usage: All Serial Number: 00 C1 00 8B 3C 3C 88 11 D1 3E F6 63 EC DF 40 Thumbprint: A43489159A520F0D93D032CCAF37E7FE20A8B419 Algorithm: MD5 Valid from: 3:00 AM 1/10/1997 Valid to: 3:00 AM 12/31/2020 Publisher: Microsoft Windows Hardware Compatibility Publisher Description: igfxsrvc Module Product: Intel(R) Common User Interface Prod version: 8.15.10.2849 File version: 8.15.10.2849 MachineType: 64-bit Binary Version: 8.15.10.2849 Original Name: IGFXSRVC.EXE Internal Name: IGFXSRVC Copyright: Copyright 1999-2006, Intel Corporation Comments: n/a Entropy: 5.934I've attached the file as well. Thanks

I'm using MBAM (Premium) v2.0.2.1012 on Windows 8 x64. Occasionally I will see the error message "Malwarebytes was unable to load the Anti-Rootkit DDA Driver, this error may be caused by rootkit activity." I did have the rootkit driver and self protection enabled but since then I reset all my preferences to the default and yet I still get that message. I would really like to have both the self protection and rootkit driver options enabled but I will leave them disabled for now until this is worked out. Also, I have a separate support thread I started 15 min ago because of a problem I have where my computer has been unresponsive since upgrading MBAM. I don't know if this is related or not so that's why I posted it separately, but if this thread should be merged as a post into my other thread feel free. A screenshot of the error message is attached. Thanks

I'm using MBAM (Premium) v2.0.2.1012 on Windows 8 x64. I have been checking my event logs for MBAM activity because of a problem I've been having since I upgraded and while it may not be related I've seen quite a few notices about failure to obtain filename info: Mbamchameleon Failed to obtain file name information - C01C0005 Mbamchameleon Failed to obtain file name information - C0000022 Mbamchameleon Failed to obtain file name information - C0000034 Mbamchameleon Failed to obtain file name information - C000000D I want to know does anyone else who uses MBAM 2.x get messages like that in their Windows event log? Thanks

Hi, not sure where to report this so please move it if there's a better place. I'm currently using MBAM v2.0.2.1012 on Windows 8 x64. I'm having a problem with MBAM so I downloaded the mbam-check-2.1.0.0002.exe tool to collect diagnostic information. The tool never stops running on my computer. I checked in Process Explorer and there is a file launched by mbam-check, mbamcheck-vc100-x86-s-2_0_3_1.exe, which eats a steady 24% CPU. I figure it isn't supposed to do that... it didn't terminate when it was finished writing the log file. A screenshot is attached.

Hi, several weeks ago I upgraded from MBAM (Premium) 1.x to 2.x. I'm currently using v2.0.2.1012 on Windows 8 x64. Occasionally my laptop computer will become unresponsive since this upgrade and I can't think of anything else that's changed that could be causing that problem. In the event logs there aren't any clues. The only way to recover is to turn the computer off and then back on. Here's a basic overview of what it looks like in the event logs, in reverse chronological order: 10:46amThe last shutdown's success status was false. The last boot's success status was true.10:46amThe system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.10:46amThe operating system started at system time ?2014?-?05?-?30T14:46:46.499419800Z.10:44amThe kernel power manager has initiated a shutdown transition.10:43amThe system has returned from a low power state.Sleep Time: ?2014?-?05?-?29T23:16:03.452855100ZWake Time: ?2014?-?05?-?30T14:43:18.061922900ZWake Source: Power ButtonAfter reading about this problem in other threads I downloaded and ran mbam-check-2.1.0.0002.exe. CheckResults.txt is attached. I notice that Farbar recovery is recommended as well however I'm not going to download it because I can't seem to find hardly any information on who's behind it, and I don't trust it. I am a C++ computer programmer. If you have a debug mode for MBAM that records all significant calls, or a debug build, or something like that, I would be willing to try it to figure out if there is a freeze or lock somewhere. Thanks

Ok thanks for your help. I also ran TDSS Killer with the 'loaded modules' option but found nothing.

There was some strange behavior on one of the accounts where I couldn't drag and drop files or text from one place to another. When I switched accounts everything was fine. When I switched back the problem was still present and I killed off processes --anything with my session id and username in procexp-- one by one, including explorer, but there was no change. I also unplugged my USB keyboard and mouse and plugged them back in. At the end after everything was closed except a command prompt window so I reopened Process Explorer and then I ran GMER and that's what it showed. I've ran GMER many times before and I've never seen that before. After I rebooted I ran GMER again and those two INITKDBG lines were gone. Also everything was fine and I could drag and drop again. I'm not saying the two are related but I thought it was pretty weird. I'm using Windows 7 x64 btw.

I ran GMER 2.1.19163 on my computer but it only shows this. Is this a sign of an infection or a trojan? I've never seen it before. If you have any references please let me know. ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002fb4000 45 bytes [00, 00, 42, 00, 56, 4D, 4F, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff80002fb402f 16 bytes [00, 00, A0, CD, 82, 01, 00, ...] ---- EOF - GMER 2.1 ---- Thanks

I have some virtual machines and they have huge vmdk and vmem files, and I'm wondering if MBAM is scanning them. I would exclude them but I can't figure out how to exclude extensions. Is there any way to exclude certain extensions? Is what I'm doing even necessary.. does MBAM know not to scan certain files? Thanks

It's been like this for maybe two years. For the most part I ignored it. I just upgraded to the latest version for x64 and it's still happening. http://md5deep.sourceforge.net/ http://sourceforge.net/projects/md5deep/files/md5deep/md5deep-4.2/md5deep-4.2.zip/download DETECTION C:\md5deep\md5deep64.exe Trojan.SpyEyes.R ALLOW Why do all these md5deep files show as TrojanSpyeyes? Is the author unwittingly distributing a trojan? Can you investigate further please Thanks

I want to go to the website getvideoonline <dot> com, but I can't because malware bytes blocks it. What about it is malicious? How can I override the block for a particular website? Thank you