Kernel Krumpet

By and large, almost all of the time MBAM has been the cream of the crop, the best of the bunch etc... but, the technical stability and robustness of the product for me has always been an anal-clenching adventure.. Yes, ever since it hosed Windows Backups in the early days! In addition, it is still quite beyond belief as to why it doesn't register with the Windows Security Center, hangs on scans with cancel and pause not registering, confusing end-user messages about 'updating the database et al.. Certainly not show stoppers or disasters but... indicative of a culture.... I appreciate that people who work in ivory towers and testing labs can't cover the myriad of disasters that occur, can occur and are waiting to occur in the trenches of 'the real world', but.... i really do think that aspects of this company could be better attended to for graduating 'top of the class' - if that's where you want to be. Zlob vs. MBAM's RootKit Utility? Zlob wins! [still it's better than HitMan Pro which removes the Zlob and takes the user HD out at the same time!!] However, this is all fine for me as I bill by the hour and support Software's idionsyncracies and imperfections - and there's lots to be found everywhere.. I see other techs. comments here and am in agreement. I can see who works in the trenches - and how long they've been at it. There is some very valuable, sage, FREE [!!] and substantial advice here. Heed it! thanks for reading my .10c

figgered. others tho' slipped by the mbam eye. maybe 'fresh' is just 'getting to know you' time! thanks.

i wrote a backup script last night and saved it where i save all my other simple backup scripts Here's MBAM's prognosis: and here's the contents of the simple backup scipt file - c:\dubu.cmd. robocopy.exe x:\ "C:\Users\me.domain\documents\my web sites" /E /XJ /TEE /XO /NS /NP /XA:H /MT:4 /R:3 /W:8 /REG /XD _vti_cnf akismet twentythirteen twentyfourteen /XF *.tmp /log:C:\Users\me.domain\desktop\dubyou.txt

yeah, it may be but, nothing shows with a scan...tx 4 t'advice.

To reply to above, I need to assume something else. Mbamchamelon Failed to obtain file name information - C0000022 is not a result of a drive being formatted... Anyone? thank you.

This Error ID: 67103 in Windows System Event Log... Mbamchameleon Failed to obtain file name information - C0000022 I'm assuming this happens while a drive is being formatted? Or, should I be assuming something else? Thank you.

@shadowwar Tx for that. Yes, Tom quickly clued me in to that after I'd followed FF's advice in his/her 1st post above. I would assume that Malwarebytes Heuristics catches more than the notepad executable. They might like to add twains and thunks too! I didn't want to post Tom's solution detail as I thought it might be too revealing... Mea Culpa apparently.

Indeed. I have been called many things but never that! Cryptolocker bundled with Zbot malware was, as you probably perceived, the intention. Thank you for pointing this out. It has been duly edited.

Case closed. Thank you.

To clean up any confusion, no, no help from bc - just reading the 10 page thread on Cryptolocker. You are the only other helping.

Hmmmmm. Given the 10-page-or-so bleepingcomputer Cryptolocker thread along with 2 full Malwarebyte scans and RootKit checks, I was thinking more like false positive but, your 2 comments "...take a look under the hood to make sure the infection is completely gone......" & "...Being that you are probably infected..." are duly heeded. Thank you.

8:30am PST. After spending a couple of days on a client's Zbot Cryptolocker removal and file restoration - the blocking of executables running from XP's %username%\Application Data\ folders and sub-folders was implemented through Group Policy. As a test I just now copied notepad.exe from c:\windows into the \application data\ folder. But, Malwarebytes blocked this and called Zbot Crypto on notepad.exe - and Quarantined. Next, Right Click notepad.exe and 'scan with malwarebytes' - no malware found? Next, Delete notepad.exe from windows\ and windows\system32\ and replace with known good copy. Next, copy good notepad.exe into %username%\application data\ again. Again, Malwarebytes calls Zbot Cryptolocker on the copy and quarantines. Next, copy thunk??.exe into %username%\application data\ folder & run. Group Policy blocks the execution! Whassup with copying notepad.exe from \windows into %username\application data\ ? Thanks.

Just in case any of you are unfortunate enough to have paid for the "new and improved" Trend Micro Titanium anti whatever software, please see screen capture below to be a totally bogus Trend Micro Titanium message. The Trend Micro Software seems to think that the mbam-clean executable is a threat! Not that I am in any affiliated with the Malwarebytes company but, subject to all the official screening and editing of these Forum posts, I can almost assure you all that the mbam-clean executable is not the Fake Trojan that Trend Micro would have us believe! The only threat to Trend Micro is their constant inability to produce a decent software product. That and Malwarebytes of course!

New Version huh? Did the Marketing Department have anything to do with this? Can we have the old version back please so that millions - yes millions - of your users don't waste any more of their own or their companies time. (We ALL know about the disclaimers on Software Licenses) And, it's not just XP users suffering a time, protection and money loss in spite of their appearing to be this Board's majority posters. ======================================================================================================= Win7 Ultimate, Core-i7, 6GB RAM patched, up-to-date and working flawlessly - until this morning's MBAM install! Faulting application name: mbam.exe, version: 1.60.0.59, time stamp: 0x4ef23d40 Faulting module name: mbamcore.DLL, version: 1.60.0.52, time stamp: 0x4eea37f7 Exception code: 0xc0000005 Fault offset: 0x00060ae0 Faulting process id: 0x9e4 Faulting application start time: 0x01ccc5b2f968dc91 Faulting application path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.DLL Report Id: 39101e7f-31a6-11e1-98f0-0024e811876b ========================================================================================================= Also, some of the suggested resolutions are seriously worrying in as much as the "uninstall, reboot, run a cleaner, reboot, get your License Key and ID, Re-install and, let us know" software manufacturing patter goes. What's worrying is that this doesn't appear to be working all the time thus leading to more wasted time and money. In addition, preventing Acronis working appears to be a throwback to the early days when MBAM prevented MS Backup from working too. Did anyone read yesterday's article on Slashdot about American Software? The title read "Why American Corporate Software Can No Longer Be Trusted " Anyways, can we have a guaranteed fix or solution for this please. Our computers are messed up. thanks.

History: Sage technical support insisted that MSE and MBAM must be set to ignore one of their Medicalware Applications - written in Clarion. Even tho' MBAM (& MSE) were setup to ignore the aforementioned Clarion MedWare App. - it still cratered! In true Clarion fashion it was only fully repaired after 2 days worth of Clarion DBase Utility Repairs and the requisite 3 foot high stack of report paper!! Current Status: Sage now recommends what they refer to as "Business Class" Security Software and, in the same breath, trot out the words "Symantec Endpoint". But, interestingly enough, Sage Software support continues to recommend that their Medical Software App. is ALSO excluded from Symantec's Endpoint Scanner. This begs the question: Why, if MBAM (& MSE) are being blamed for corrupting the Sage Medical Apps. Clarion Database - even with "Ignore" on - will Symantec's Endpoint not manifest the same behaviour? My own experience with SEP is that it is a) not very effective and b) high maintenance($) to setup efficiently (for a small business). Given all the above can anyone please speak to MBAM and Clarion Databases or, as I suspect, are we, in this instance, getting a run around from Sage. Thanks.