Jump to content

Gagome

Members
  • Content Count

    13
  • Joined

  • Last visited

Posts posted by Gagome

  1. Yes, everything runs OK now. I hope the BSOD will not occur again.

    I have downloaded ADWCleaner and did run it. It found only three things and two pre-installed programs from Lenovo (which I don't mind).

    It found this:

    - file Askcom.xml in a Firefox profile searchplugins directory
    - directory Search in C:\users\<user>\Favorites (I don't know why that is bad?)
    - a registry key which belongs to some known good programs and which is certainly not malware (I have no idea why ADWCleaner flags this)

    I did let it remove the first two and rebooted.

    And, yes, I have a lot of items starting automatically when the PC boots. But that is OK.

    Thanks for your support.

  2. Hello,

    I have opened already a ticket and uploaded the stuff the mb-support tool is collecting. But I was not able to upload the MEMORY.DMP file.

    And I did not get any replay from MB Support.

    Therefore I decided to create new topic about this problem in the forum.

    I have already encountered twice a BSOD in tcpip.sys and mwac.sys. And this is not great.

    WhoCrashed reports:

    Crash Dump Analysis
    --------------------------------------------------------------------------------
    
    Crash dumps are enabled on your computer. 
    
    Crash dump directories: 
    C:\WINDOWS
    C:\WINDOWS\Minidump
    E:\Dump
    
    On Mon 2020-10-12 18:22:55 your computer crashed or a problem was reported
    crash dump file: C:\WINDOWS\Minidump\101220-188343-01.dmp
    This was probably caused by the following module: tcpip.sys (0xFFFFF8061C6A1217) 
    Bugcheck code: 0x3B (0xC0000005, 0xFFFFF8061C6A1217, 0xFFFFF080E15B5D10, 0x0)
    Error: SYSTEM_SERVICE_EXCEPTION
    file path: C:\WINDOWS\system32\drivers\tcpip.sys
    product: Microsoft® Windows® Operating System
    company: Microsoft Corporation
    description: TCP/IP Driver
    Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code. 
    This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. 
    The crash took place in a Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time. 
    
    
    
    On Mon 2020-10-12 18:22:55 your computer crashed or a problem was reported
    crash dump file: E:\Dump\MEMORY.DMP
    This was probably caused by the following module: mwac.sys (mwac+0x13ADF) 
    Bugcheck code: 0x3B (0xC0000005, 0xFFFFF8061C6A1217, 0xFFFFF080E15B5D10, 0x0)
    Error: SYSTEM_SERVICE_EXCEPTION
    file path: C:\WINDOWS\system32\drivers\mwac.sys
    product: Malwarebytes Web Protection
    company: Malwarebytes
    description: Malwarebytes Web Protection
    Bug check description: This indicates that an exception happened while executing a routine that transitions from non-privileged code to privileged code. 
    This appears to be a typical software driver bug and is not likely to be caused by a hardware problem. 
    A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: mwac.sys (Malwarebytes Web Protection, Malwarebytes). 
    Google query: mwac.sys Malwarebytes SYSTEM_SERVICE_EXCEPTION

    Attached are the output of mb-support tool.

    To which address can I send the MEMORY.DMP file for further analysis? Or do you not want it?

     

    Thanks.

    mbst-grab-results.zip

  3. I have upgraded my installed version 4.0 of Power Mixer to version 4.1.

    When I start the program Malwarebytes immediately did quarantine the main execurable pwmixer.exe with MachineLearning/Anomalous 100%.

    I don't believe this is correct. The web site from where I downloaded the product (https://www.actualsolution.com/power-mixer/) is marked as clean by any other antivirus product.

    Can you check?

    Thanks.

    image.png.cf8ea9cd4adb620a4503216957b61b65.png

    pwmixer.zip

  4. Hello,

    I have now disabled AdGuard and ProxyCap. But there is no change; MBAMService is still not able to resolve names.

    Then I used your MB-Support tool to clean Malwarebyte and then reinstall the latest version. This solved the problem. MBAM is now Premium.

    Before I did this I browsed through all the MBAMSERVICE.LOG.bkx files to find out when this problem first appeared. It appeared first on 21.8.2019 right after I installed Windows 10 1903 upgrade. I have no idea why the Windows 10 update did break DNS resolution only for MBAMService. I never had any problem with DNS resolution in any other application which is installed.

    I only wonder why MBAM did not tell me that there is a problem. I still would run MBAM Free if I had not checked manually.

    Anyway thanks for your support.

  5. Hi,

    I was using MB 3.83 Premium on Windows 10 Pro 64-bit for several months now. A few days ago I saw that it has reverted to the Free version. Surprised I opened Malwarebytes and tried to activate my license. But Malwarebytes displays the error message:

    Quote

    Unable to contact update server. Please check your Internet connection.

    But my internet connection is fully working. I don't have any problem with it.

    I then installed the newest version 4.04 but after the PC rebooted I got the same result. MBAM is unable to contact the update server.

    When I look at the process mbam.exe using Sysinternals Process Explorer I can see in the task properties that mbam.exe doesn't even try to access the network.

    I have then looked at the log file C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMSERVICE.LOG and there I find several lines with:

    Quote

    11/12/19    " 13:22:46.998"    4141078    2bd0    12d0    WARNING    HttpConnection    mb::common::net::HttpConnection::LogExceptionDetails    "httpconnection.cpp"    1736    "Exception details: text=DNS error: Non recoverable DNS error while resolving: telemetry.malwarebytes.com"
    11/12/19    " 13:22:46.998"    4141078    2bd0    12d0    WARNING    TelemCtrlImpl    TelemetryControllerImpl::SendTelemetryRecord    "telemetrycontrollerimplhelper.cpp"    2048    "Problem sending JSON data to DSE stream [errors] - server returned: -9"
    11/12/19    " 13:22:47.353"    4141421    2bd0    14e4    WARNING    HttpConnection    mb::common::net::HttpConnection::SendRequest    "httpconnection.cpp"    393    "Network error."
    11/12/19    " 13:22:47.353"    4141421    2bd0    14e4    WARNING    HttpConnection    mb::common::net::HttpConnection::LogExceptionDetails    "httpconnection.cpp"    1736    "Exception details: text=DNS error: Non recoverable DNS error while resolving: blitz.mb-cosmos.com"
    11/12/19    " 13:22:47.353"    4141421    2bd0    14e4    ERROR    CloudCtrlImpl    CloudControllerImplHelper::GetAuthenticatedURLForBytesTotalUpload    "cloudcontrollerimplhelper.cpp"    5439    "Error code -9 returned in POST to Cosmos"
    11/12/19    " 13:22:47.460"    4141531    2bd0    12d0    WARNING    HttpConnection    mb::common::net::HttpConnection::SendRequest    "httpconnection.cpp"    393    "Network error."
    11/12/19    " 13:22:47.460"    4141531    2bd0    12d0    WARNING    HttpConnection    mb::common::net::HttpConnection::LogExceptionDetails    "httpconnection.cpp"    1736    "Exception details: text=DNS error: Non recoverable DNS error while resolving: telemetry.malwarebytes.com"
    11/12/19    " 13:22:47.460"    4141531    2bd0    12d0    WARNING    TelemCtrlImpl    TelemetryControllerImpl::SendTelemetryRecord    "telemetrycontrollerimplhelper.cpp"    2048    "Problem sending JSON data to DSE stream [errors] - server returned: -9"
    11/12/19    " 13:22:48.350"    4142421    2bd0    14e4    WARNING    HttpConnection    mb::common::net::HttpConnection::SendRequest    "httpconnection.cpp"    393    "Network error."
    11/12/19    " 13:22:48.350"    4142421    2bd0    14e4    WARNING    HttpConnection    mb::common::net::HttpConnection::LogExceptionDetails    "httpconnection.cpp"    1736    "Exception details: text=DNS error: Non recoverable DNS error while resolving: blitz.mb-cosmos.com"
    11/12/19    " 13:22:48.350"    4142421    2bd0    14e4    ERROR    CloudCtrlImpl    CloudControllerImplHelper::GetAuthenticatedURLForBytesTotalUpload    "cloudcontrollerimplhelper.cpp"    5439    "Error code -9 returned in POST to Cosmos"

    Looks like a DNS proplem. But my PC is able to resolve all the mentioned names without any problem.

    What problem does Malwarebytes have?

    I have ProxyCap (version 5.36) installed. And when I look at the process mbamservice.exe using Process Monitor I found that it tries to access the file pcapwsp.dll which is part of ProxyCap. Is there again some compatibility problem between ProxyCap and Malwarebytes? I thought that was solved with version 3.83. And I have another PC where both ProxyCap and Malwarebytes are installed and both are working.
    I have attached the logs gathered with MB support tool.
    Maybe you can find the cause of the problem.

    Thanks.

     

    mbst-grab-results.zip

  6. Hello Porthos & LiquidTension,

    Yes, I have already followed the advice from Porthos and I have deleted the downloaded new installer.

    And now I no longer get the prompts to install the new version.

    I just wanted to wait a day to find out if it really is working before I provide feedback.

     

    The now open question is: are you able to fix the issue with ProxyCap?

  7. I have installed version 3.6.1 but now I get several times during a day a prompt to upgrade to a new version.

    image.png.705f710c36d33c5abf0afb45a447469a.png

    But I have set in Malwarebytes Settings Application Updates to Off.

    image.png.b09caa553d15ad02005c3db1ea6a7147.png

    Why do I get the prompt then?

    This is really getting to be annoying.

    What can I do to avoid those prompts?

    I guess this is a bug in version 3.6.1.

    True, I hope you can fix the problem in 3.7.1 to make it work together with ProxyCap. But currently getting the prompts several times during a day is really annoying.

  8. Hello,

    I got prompted to update to MB 3.7.1. After the installation completed successfully I didn't see the MB icon in the notification area.
    I am running Windows 10 Pro 1803 x64.
    I checked Event Viewer and found:
     

    Faulting application name: mbamservice.exe, version: 3.2.0.765, time stamp: 0x5c508d96
    Faulting module name: MwacLib.dll, version: 3.1.0.535, time stamp: 0x5c4b9e72
    Exception code: 0xc0000005
    Fault offset: 0x000000000000d95c
    Faulting process id: 0x2a10
    Faulting application start time: 0x01d4c546b98e792a
    Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    Report Id: d6317523-d568-4827-a747-06c3d1de023c
    Faulting package full name: 
    Faulting package-relative application ID: 

    Then I downloaded mb-support-1.3.1.553.exe and did run it.
    It tried to repair MB. I had to do a reboot too. But after my PC started I found the same messages in Event Viewer.
    I collected all log data.
    You will find all attached.

    I have now the same problem on my second device which is too Win10 Pro 1803 x64.

    Maybe there is a bug in MB 3.7.1?
    Can you please look into this?

    Thanks.

    mbst-clean-results.txt

    mbst-grab-results.zip

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.