Jump to content

Recommended Posts

Hello,

 

I've been a MBAM Premium user for the last few years and love the fact that is coexists with NIS.

 

Last weekend, I built a brand new PC with an H87 motherboard, Intel Core5 3670, 32GB RAM, and an Intel 530 SSD. Installed Windows 8.1 Enterprise.

 

Installed NIS (the most recent version), few other apps (Office, etc) and MBAM 2.0. I've configured MBAM and NIS to exclude each other's installation folders. I have a RamDisk (SoftPerfect) that I use for all browser caches (temp internet files) and temp files.  

 

By default, the Threat Scan is scheduled to run once a day. Every day since it's been installed, when the Threat Scan runs, it results in an OS crash (Windows reboots). There is no blue screen, no bugcheck in the Windows event logs and no errors other than the generic "The previous shutdown was unexpected. This could have been caused by a loss of power..." entry in the event log.

 

For the time being, I have removed the scheduled daily scan, but, at some point, I would like to enable it. 

 

I searched, but, don't see this reported as an issue. Based on the above, does anything stand out as a likely culprit? If there are any steps I can take to troubleshoot this, or generate a debug log, please let me know.

 

Thanks,

MediocreFred.

Link to post
Share on other sites

Hello MediocreFred: :welcome:

That's a very nice hardware setup.

Before more advanced techniques are employed, please open MBAM and go to Settings > Advanced Settings and untick "Enable self-protections" if selected.
 
Then, please follow the instructions in: MBAM Clean Removal Process.
 
Please follow with a MBAM install and reply with a repeat test of your installation.

 

During any Threat Scan, that was followed by a system reboot, has "Restart computer when required for threat removal" been checked in the scheduled Threat Scan's Advanced Settings? Were any malware discoveries made that show in the appropriate Scan and/or Protection Log?

HTH :)

Link to post
Share on other sites

Hey 1PW,

 

Thanks for the welcome and the suggestions. I followed your steps and here's an update.

 

I uninstalled MBAM and reinstalled the newest version 2.0.1.1004. Rebooted again. As for the Threat Scan settings, all of its advanced settings are at their default - so, the restart computer options is unchecked.

 

I ran a manual threat scan a couple of times. Each time, when it's at about the 95% mark of the "Scanning File System Objects" step, Windows reboots. There are no malware discoveries in the logs (other than a couple of quarantined PUPs from sourceforge apps).

 

Interestingly, when I go to History -> Application Logs, I don't see any scan logs at all. Before I reinstalled, the only scan log that was there was from the day MBAM was first installed (3/30) Since then, the only logs I can see are Protection logs. I skimmed through a couple of protection logs and there is nothing exciting in them.

 

How would I go about finding out *why* Windows reboots at when MBAM gets close to completing scanning file system objects?

 

Thanks,

MediocreFred.

Link to post
Share on other sites

Some more observations.

 

I tried to run a few Custom Scans. Left all settings at default. So, *no* folders/drives selected for scanning. On a couple of attempts, I enabled the "Scan for rootkits" option. Every single run of the custom scan, Windows reboots a few seconds into the heuristics scan. And when it reboots, MBAM does not start back up - THIS is a new development. Before I did the uninstall/reinstall, MBAM would start back up after the spontaneous crash/reboot. 

 

I am now thinking that even with the Threat Scan, the "Scanning File System" step probably does complete and the crash/reboot happens at the next step - heuristics scan - although the progress indicator is still at the end of the "Scanning file objects" option.

 

Also, since it crashes, there is no Scan log written to the file system.

 

Now, every time it crashes, since MBAM does not start back up - either automatically, or, manually (no errors, just doesn't start), I am forced to run the MBAM Cleaner, reboot and reinstall.

 

Is there any way to disable the heuristics scan? I tried unchecking the "use advanced heuristics scan" option, but, it doesn't make a difference.

 

Thanks,

MediocreFred.

Link to post
Share on other sites

 When MBAM fails to start after a crash/reboot, I have the following in the event log:

Faulting application name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7Faulting module name: mbamservice.exe, version: 2.1.9.0, time stamp: 0x530619b7Exception code: 0x40000015Fault offset: 0x0007d28aFaulting process id: 0x764Faulting application start time: 0x01cf50de2e037da1Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeFaulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeReport Id: 74acc95b-bcd1-11e3-8273-00110a53b09dFaulting package full name: Faulting package-relative application ID: 
Faulting application name: mbamscheduler.exe, version: 2.0.23.0, time stamp: 0x52f2947eFaulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1eException code: 0x40000015Fault offset: 0x0008d6fdFaulting process id: 0x610Faulting application start time: 0x01cf50de24f0aee6Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeFaulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllReport Id: 6bada721-bcd1-11e3-8273-00110a53b09dFaulting package full name: Faulting package-relative application ID: 
Link to post
Share on other sites

Hello MediocreFred:

 

I have not forgotten you. I'm putting together a tailored information request for you.

 

In the meantime, would you please run a read-only chkdsk (without repair) with your Intel SSD? You need not send/pipe it to a text file - just reply with its general outcome.

 

Please watch this space... :)

Link to post
Share on other sites

Hello MediocreFred:

 

I was able to get some sleep while daledoc1 was keeping the lid on...

 

Thank you as always to daledoc1 for watching the store. :)
 
Due to the unfortunate actions of a few new members, posts on this forum are editable only when the member's posts have exceeded 100.
 
 
LAST STEP

Download sUBs' latest DDS from dds.com file and save it to your desktop.

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded, you can disconnect from the Internet and disable your Anti-Virus/Anti-Malware temporarily, if needed.
Then left double-click dds.com to run the tool.
Left-click Run in the Open File - Security Warning window.
Do not alter any of the options in the DDS: Settings window and left-click the Start button.
A DDS: Processing window, with a black background, should appear and run for less than three minutes.
A DDS window should appear. Left-click the Run button.

  • When done, DDS might open two (2) Notepad log report windows:
  •  
  • dds.txt and attach.txt
  •  
  • Close both these text report file windows.
  • Please attach dds.txt and attach.txt from your desktop to your forum reply

Note: You can ignore the note about zipping the dds.txt and attach.txt files in most cases but do attach both output text files to your reply.

 

Thank you.   :)

Link to post
Share on other sites

Yikes!

Our posts are crossing in cyberspace! :D

Hi 1PW,

 

Hmmm... DDS doesn't seem to run on Windows 8.1. I get a " cannot run in compatibility mode" when I attempt to run it.

 

Thanks,

MediocreFred.

 

You are correct - that's why I had you skip that step.

 

The FRST logs and checkresults.txt should be enough for the staff to get started.

They will take it from there...

 

 

Thanks for your patience,

 

daledoc1

Link to post
Share on other sites

@daledoc1 - Thank you - I had criminally incomplete notes that are corrected now. :)

 

@MediocreFred - Though I see relevant items in the reports that are not consistent with similar reports for my W7P x64 SP1 MBAM2 installed system, I've asked our forum's very knowledgeable manager to weigh in and render advice. 

 

Though that response may not be till later this evening, it could be sometime Sunday before "AdvancedSetup" (Ron) comes our way.

 

Similar to the read-only chkdsk you ran for %SystemDrive%, perhaps you could run a read-only chkdsk to the remaining storage devices/partitions.

 

Thank you. :)

Link to post
Share on other sites

@MediocreFred: To make the best use of AdvancedSetup's time, please provide the following if it will run in Windows 8.1:

 

 

Download Random's System Information Tool (RSIT) by random/random, from RSITx64 and save it to your desktop.

At this point, please make sure all your Internet browsers are closed. Likewise, close all of your open windows.

Starting RSITx64.exe: Single right-click RSITx64.exe and single left-click Run as Administrator to allow it to run.

Accept the disclaimer: Single left-click the "Continue" button in the disclaimer window.

A small window will open and show random's system information tool progress.

Once RSITx64 has finished, two report logs will have been generated and open - likely with Notepad.

Note: "log.txt" will be open and "info.txt" will have been minimized if this is the first time RSITx64 has run.

"info.txt" will not be generated in subsequent runs.

Save both text files to the desktop.

Please attach both log files in your next reply.

 

 

Thank you. :)

Link to post
Share on other sites

Thank you both very much! I really appreciate your help!

 

I ran a chkdsk on all logical drives and they are all OK.

 

Thanks,

MediocreFred.

 

@daledoc1 - Thank you - I had criminally incomplete notes that are corrected now. :)

 

@MediocreFred - Though I see relevant items in the reports that are not consistent with similar reports for my W7P x64 SP1 MBAM2 installed system, I've asked our forum's very knowledgeable manager to weigh in and render advice. 

 

Though that response may not be till later this evening, it could be sometime Sunday before "AdvancedSetup" (Ron) comes our way.

 

Similar to the read-only chkdsk you ran for %SystemDrive%, perhaps you could run a read-only chkdsk to the remaining storage devices/partitions.

 

Thank you. :)

 

Link to post
Share on other sites

  • Root Admin

I'm actually working with another user that has this exact same software loading and is also having a similar issue.  SoftPerfect RAM Disk

Can you temporarily uninstall or fully disable that and see if that changes anything. 

Also try setting your Norton Antivirus to disabled temporarily

 

Your Event Logs are showing that other programs like Explorer are also crashing not just our product so something is in conflict.

Link to post
Share on other sites

Hi AdvancedSetup,

 

Thanks for looking at the logs. As I had mentioned earlier, this PC is a brand new build - just about a week old. The other apps crashing were, initially, due to missing drivers and things like that.

 

Also, until yesterday, I had my RAM Disk configured as type "logon" instead of "boot". So, the RAM Disk was only getting created after I logged in. This was causing Explorer, Dropbox and Office Upload and perhaps, other apps that load on startup, to crash. Yesterday, I realized this and changed my RAM Disk to be created on boot. Now, when I reboot, there are no errors in the event logs. 

 

I did try disabling Norton AV, but, that didn't prevent MBAM from crashing right after it gets to the Heuristics Scan step.

 

I will try disabling RAM Disk tomorrow and testing again, In the mean time, if you find anything else, please do let me know.

 

Thanks,

MediocreFred.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.