mbamchameleon.sys - Status - Not Signed - Unsigned Device Driver

[slack7639]

I got a BSOD ( . . . win32k.sys . . . begin physical memory dump . . . ) and looked to see what unsigned drivers I had.

I think mbamchameleon.sys in this folder is related to Malwarebytes:

C: \ Windows \ system32 \ drivers

When I installed SplitCam, Win XP said that it could make the system unstable, but I installed it anyway, so I think that my BSOD was most likely due to splitcamaudio.sys

But at this time, looking for any unsigned drivers, I also found mbamchameleon.sys in there . . . so I have removed it to a non-loadup folder (I think that's how this works)

C: \ Windows \ system32 unsigned drivers

I think the four unsigned lv's are for my Logitech camera, but I'm not sure, no concrete answers from googling, but I removed those also

I just wanted to check here to verify that mbamchameleon.sys is Malwarebytes . . .

I just ran Malwarebytes, and got no error message with mbamchameleon.sys moved.

************************************************************************************************************************************************************************************

To Verify Unsigned Device Drivers

Start \ Run \ sigverif \ OK

Advanced \ [dot] Look for other files that are not digitally signed \ Look in this folder: Windows \ system32 \ drivers

Logging tab \ [check] Save the file signature verification results to a log file \ OK \ Start

Advanced \ Logging tab \ View log

You can move them from "system 32 \ drivers" to another folder you create (for backup purposes), ie:

C: \ Windows \ system32 unsigned drivers

Then Restart . . .

Take a look in the Device Manager and look for yellow exclamation points ... View \ Show hidden devices

Option 1: XP might auto-install a driver for you

Option 2: Look for updated drivers on your computer manufacturer's web site

************************************************************************************************************************************************************************************

File Modified Version Status Catalog Signed By

------------------ ------------ ----------- ------------ ----------- -------------------

[c:\windows\system32\drivers]

lvfal100.cfg 8/12/2011 None Not Signed N/A

lvfel100.cfg 8/12/2011 None Not Signed N/A

lvfel101.cfg 8/12/2011 None Not Signed N/A

lvfel102.cfg 8/12/2011 None Not Signed N/A

mbamchameleon.sys 1/17/2012 None Not Signed N/A

splitcamaudio.sys 8/25/2011 6.1.7600.16385 Not Signed N/A

[exile360]

Greetings

Yes, mbamchameleon.sys belongs to Malwarebytes. It is the driver used for Malwarebytes Chameleon, though it should be digitally signed so I'm guessing it may have gotten corrupt.

That being said, it shouldn't even be loaded into memory unless you're currently running Chameleon to get Malwarebytes Anti-Malware running.

[slack7639]

Here's what I did:

Dowloaded the current version: mbam-setup-1.61.0.1400.exe

De-installed Malwarebytes through Add/Remove

Ran: mbam-clean.exe

Installed: mbam-setup-1.61.0.1400.exe

Got the update

Re-ran sigverif . . . and nothing comes up as being unsigned

In the system32 folder . . . C: \ Windows \ system32 \ drivers

. . . mbamchameleon.sys is not re-installed . . . it is nowhere on C: (just what I put in the unsigned folder)

. . . the closest thing is: mbam.sys

************************************************************

sigverif shows my mbamchameleon.sys as being installed 1/17/2012

Today is 5/13/12

What happened - Did they figure this out?

[Maurice Naggar]

Delete any old (previous) copy of mbamchameleon.sys (that you had moved before).

You just did a new setup of MBAM, and it would not place such a file.

There's no such sys file on my system either.

Seems to me, what Samuel was suggesting to you, is that the driver only appears when you actually invoke (start) Chameleon.

Your BSOD (as you noted at beginning) is from other root causes. You need to write down the XP STOP code and do some research on it.

Here is a reference at MS MSDN for Stop codes http://msdn.microsoft.com/en-us/library/hh406232%28v=vs.85%29.aspx