Wildcat1981

I do have some more interesting information. I reinstalled Rollback Rx on my system and now mbam does not detect those files as threats. For some reason, installing Rollback after mbam seems to make a difference.

First I downloaded MBAR and ran it on my computer with no changes. It found the same two threats. I also ran MBAR on my wife's computer which also has Rollback Rx and it only has Webroot as an AV. It found one driver as a threat, not the same as either of the ones found on my computer. I was curious so I un-installed Rollback Rx on my computer, rebooted (normal mode), started up mbam, checked the option to turn on rootkit checking and removed all exclusions. Then I ran a scan and mbam did not detect any threats. I did not remove either AV, so I feel pretty safe that the problem is with the incompatibility between Rollback Rx and Mbam rootkit detection. So for now at least, I will just not have Mbam check for rootkits since it makes sense that Rollback essentially works so similarly to a rootkit.

I think I have an idea what the problem might be. I use Rollback Rx. I was reading another post on this forum and I noticed that someone had a similar problem and you deduced that the problem was because of Rollback RX. Perhaps I should not even turn on rootkit scanning in mbam if I am using Rollback RX. Maybe that doesn't make sense since Rollback RX would likely look like a Rootkit? BTW, the post I was reading said that there was a fix for the Rollback RX incompatibility. Is that not in the current version yet?

It is interesting to note that, in both Norton's and MBAM, when I go to exclude those files, both are not able to see the drivers in that directory, so if I go to manually add those two files through browse, MBMAM is not able to see them. I can see them in File Explorer though. I don't know if that has anything to do with the issue or not.

I went ahead and excluded the entire drivers directory in Nortons and totally shut down Webroot and mbam still flags those two files.

Webroot does not have a way to do that and Norton's does but Norton's does not think those two files exist, even if I make system and hidden files visible in file explorer.But if I disable both antivirus programs it still behaves the same, or if right click on those files and have webroot or Nortons scan those files neither one has a problem with them.

OK, I guess I have waited long enough. I see what I did wrong previously. I did not click the "Attach This File" after I browsed for the log file. It should be attached now. CheckResults.txt

No, the forum is not letting me use the More Reply Options now, it says as a new member I have posted my limit so I have to wait. It still lets me use the regular way of posting though.

That's what I did and everything seemed to work ok but I just don't see it attached. I'll try it again. Let's see if I can attach it to this post.

Well, I don't see that the file I attached actually attached to my post. I tried cutting and pasting it into this post but got an error saying the post was too long. How should I send you the log?

Sure. The log is attached. Thanks!

Disabling Webroot and Nortons did not help either. Same result.

I deleted the old version to be thorough and re-installed again and did another scan right away. Again, those two files show up as threats. Interesting that this did not happen until I downloaded the new version. Even if there is a mismatch, shouldn't those files be ignored if they are in the exclusion list?

Rebooting did not help, those two files continue to be flagged as threats.I will try re-installing.

The exclusions do show up in the settings. However, they still get flagged as threats with each scan. I am about to reboot to see what happens, I have not rebooted yet. If I do a re-install, is it necessary to un-install first? I have both Norton's Internet Security and Webroot Secure Anywhere running at the moment. I do not have any Driver Booster type programs running. I'll let you know if rebooting makes any difference and if not will try re-installing. Thanks!

Oh, I did want to add that, yes, I did press the button to perform the actions after I selected "Add Exclusion" for each of the files.

I ran another scan and told MBAM to add an exclusion for those two files. But the next time a scan ran, those same to files showed up as threats again. I said to add an exclusion for each of them again, but I don't think it is sticking because the log says "No action by user" just like in the log above where I selected "Ignore this time".

Thanks!

I downloaded and installed the new version and the first scan quarantined what looks like Malwarebytes files. I told it to ignore once, so I assume it put them back where they belong. But then this morning I found the problem that others have had where Malicious Website Blocking is not enabled. The only thing that would get it back on was a re-install. I had tried updating the database, restarting, and rebooting. I'm not sure if the files it thinks are threats and the disabling of the website blocking is related? Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/13/2014 Scan Time: 5:51:17 PM Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.10.13.09 Rootkit Database: v2014.10.11.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Kevin Scan Type: Threat Scan Result: Completed Objects Scanned: 391702 Time Elapsed: 42 min, 39 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Unknown.Rootkit.Driver, C:\WINDOWS\SYSTEM32\drivers\mbam.sys, No Action By User, [f92b0e478c0faa6d6661e6e977247e60], Unknown.Rootkit.Driver, C:\WINDOWS\SYSTEM32\drivers\mwac.sys, No Action By User, [0664f6335f108f38fe08c3ca747311ee], Physical Sectors: 0 (No malicious items detected) (end)