Jump to content

Malwarebytes on Windows 8


Guest

Recommended Posts

I've only just notice today in the MBAM logs today some discrepancies, I'm on a clean install of win8 and the logs tell me I'm using win7 and IE9 browser :blink: look like the guy's might have to do a bit more work on the compatibilities between Malwarebytes and the latest Windows system, another thing I've also noticed over the last couple of weeks but wasn't sure if it were related to MBAM is that 90% of my system shut downs don't work correctly in that the screen goes off but the keyboard stays lit up and the power button stays on meaning I have to hard shutdown, once I restart again and disable MBAM the shut downs work properly. Malwarebytes Anti-Malware (PRO) 1.65.1.1000

Database version: v2012.12.09.02

Windows 7 x64 NTFS

Internet Explorer 9.10.9200.16433

Link to post
Share on other sites

Hello craigb

Please provide the following logs and someone will assist you

Create an mbam-check log:

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please copy and paste the entire contents of the log into your next post, or, if you prefer, you may attach the CheckResults.txt file which should now be located on your desktop to your next post instead
    Download DDS from one of the locations below and save to your Desktop
    dds.scr
    dds.com
    Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
    Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
    Then double click dds.scr or dds.com to run the tool, on Vista or Win 7/8 right click and select Run as administrator
    Click the Run button if prompted with an Open File - Security Warning dialog box.
    A black DOS console should open and run for a moment.

    • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt

    [*]Save both reports to your desktop

    [*]Please include the following logs in your next reply: CheckResults.txt , DDS.txt and Attach.txt

    You can ignore the note about zipping the Attach.txt file in most cases.

    [*]After posting , make sure you select Follow this topic (top right side the forum) and choose Instantly,

    so that you're alerted when someone has replied to your post.

Please be patient, someone will assist you as soon as possible.

Link to post
Share on other sites

  • Root Admin

Based on your log entries the computer appears to probably be infected.

Here are the steps needed to get your computer cleaned....

Please read the following so that you can begin the cleaning process:

Don't use any temporary file cleaners unless requested - this can cause data loss and make recovery difficult

You have 3 Options that you can choose from as listed below:

  • Option 1 —— Free Expert advice in the Malware Removal Forum
  • Option 2 —— Paying customer -- Contact Support via email
  • Option 3 —— Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in the
General Malwarebytes' Anti-Malware Forum
, you need to start a topic in the

Malware Removal forum

so a qualified helper can help you fix any malware related problems or infections you may have.
  • Please read and follow the directions here, skipping any steps you are unable to complete.
  • After posting your new post, make sure under options, you select Follow this topic and choose Instantly,
    so that you're alerted when someone has replied to your post.

NOTE: Please do not post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies.

If you reply to your own post helpers may think that you're already being helped and thus overlook your post.


    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
      Or
    • You may send a Private Message to a Moderator asking for assistance.

OPTION 2

Alternatively, as a paying customer, you can contact the help desk
here

OPTION 3

If you would like to use our
Malwarebytes Premium Consumer Services
partner, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our
Malwarebytes Premium Services
support site.

Please be patient, someone will assist you as soon as possible.

Link to post
Share on other sites

There is definitely no infection present in my system Ron, everything works and runs perfectly except for what I have previously explained that when Malwarebytes is running the system will not shut down correctly which I believe is due to Malwarebyte's not being completely compatible with win8 or one of my installed programs and not letting go of certain drivers when the system is trying to shut off. Would you be kind enough to point out to myself where in the logs you find this discrepancy ? I've posted new logs in the malware section just as a cautionary checkup.

Link to post
Share on other sites

  • Root Admin

Just said it "appears" to be. It could be caused by other things such as software conflicts but certainly something going on that requires further analysis.

==== Event Viewer Messages From Past Week ========

.

8/12/2012 7:58:44 AM, Error: Service Control Manager [7003] - The ATKGFNEX Service service depends on the following service: ASMMAP64. This service might not be installed.

6/12/2012 1:57:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

6/12/2012 1:57:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}

6/12/2012 1:56:35 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.

6/12/2012 1:56:35 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

6/12/2012 1:56:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "Unavailable" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

6/12/2012 1:56:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

6/12/2012 1:56:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

6/12/2012 1:56:24 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

6/12/2012 1:56:24 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

6/12/2012 1:56:24 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub System service which failed to start because of the following error: A device attached to the system is not functioning.

6/12/2012 1:56:24 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

6/12/2012 1:56:24 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

6/12/2012 1:56:24 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI Proxy Service Driver service which failed to start because of the following error: A device attached to the system is not functioning.

6/12/2012 1:56:24 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

6/12/2012 1:56:24 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

6/12/2012 1:56:24 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

4/12/2012 5:56:28 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolume12'. This volume will be unavailable for filtering until a reboot. The final status was 0xC03A001C.

4/12/2012 5:20:04 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolume10'. This volume will be unavailable for filtering until a reboot. The final status was 0xC03A001C.

4/12/2012 5:20:03 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolume8'. This volume will be unavailable for filtering until a reboot. The final status was 0xC03A001C.

4/12/2012 5:20:01 PM, Error: Microsoft-Windows-FilterManager [3] - Filter Manager failed to attach to volume '\Device\HarddiskVolume6'. This volume will be unavailable for filtering until a reboot. The final status was 0xC03A001C.

3/12/2012 3:23:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

3/12/2012 3:21:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

2/12/2012 9:29:33 PM, Error: Schannel [36888] - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.

2/12/2012 1:03:11 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.

.

==== End Of File ===========================

Link to post
Share on other sites

Interesting! I wonder if a lot of that has to do with the fact that I've disabled bluetooth features and also the Bluetooth/Wlan co-existence module which also ties in with "The ATKGFNEX Service"

Link to post
Share on other sites

I've just tried a few different scenarios and the problem disappears when I uninstall Outpost and set MBAM back to realtime, seems to only be a problem when there both active so for now I'll do without Outpost so you can close this topic if you like. Thankyou for your help :)

Link to post
Share on other sites

Just a thought.... if it works fine without Outpost, have you tried entering exceptions in both Outpost and MBAM to prevent a possible conflict? I would not recommend running your computer without an antivirus program active.

Please exclude the following files from your Antivirus Software (not sure what version of you are using):

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude them from it as well

For Windows Vista or Windows 7 & 8:

  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\ mbamscheduler.exe

For 64 bit versions of Windows Vista or Windows 7 & 8:

  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware \ mbamscheduler.exe

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude MBAM.EXE and MBAMSERVICE.EXE from it as well

Note: Once that's done, please make sure that if either of those programs has any sort of web filter, that you add the following as a trusted site:

data-cdn.mbamupdates.com

The FAQ contains examples of setting file exclusions for some known AV products

Please post back and let us know how it went.

Link to post
Share on other sites

Yes I had already placed all the exclusions Firefox, it's always the first thing I do whenever installing any security software but it made no difference to the shutdown issue, I guess win8 is just too new at the moment so whether it's one of the programs or my drivers who knows but there all the latest available. Do note that the firewall is outpost and the AV is Defender which is active, once avast gets itself sorted that will be re-installed :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.