Jump to content

Cannot update - Malwarebytes has stopped working - 0x40000015


Recommended Posts

I am attempting to clear malware/virus infections from a computer that belongs to the son of a friend.

The computer is an ASUS laptop running MS Win 7 Home Premium 64bit with SP1.

When I installed Malwarebytes (free) 2.0.2.1012 it installed with no errors. Upon attempting to update Malwarebytes crashes with the windows error window "Malwarebytes has stopped working", and the event log contains the following:

 

Log Name:      Application
Source:        Application Error
Date:          6/6/2014 9:50:22 AM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      IsaacM-PC
Description:
Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x13fc
Faulting application start time: 0x01cf8196a0e7e2a1
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
Report Id: e226b1fd-ed89-11e3-82b6-d73ee7779a30
Event Xml:
  <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-06-06T14:50:22.000000000Z" />
    <EventRecordID>30280</EventRecordID>
    <Channel>Application</Channel>
    <Computer>IsaacM-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>mbam.exe</Data>
    <Data>1.0.0.532</Data>
    <Data>53518532</Data>
    <Data>MSVCR100.dll</Data>
    <Data>10.0.40219.325</Data>
    <Data>4df2be1e</Data>
    <Data>40000015</Data>
    <Data>0008d6fd</Data>
    <Data>13fc</Data>
    <Data>01cf8196a0e7e2a1</Data>
    <Data>C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe</Data>
    <Data>C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll</Data>
    <Data>e226b1fd-ed89-11e3-82b6-d73ee7779a30</Data>
  </EventData>
</Event>
 
I attempted to update manually with the download mbam-rules.exe but that does not appear to work with the current version of Malwarebytes. Is there and alternate or new manual download for updating Malwarebytes?
 
More info:
I successfully installed SuperAntiSpyware and ran it and it removed about two dozen infected items plus over 300 tracking cookies. Then I tried updating Malwarebytes again and it still failed.
I successfully ran TDSSKiller and it found nothing. I ran ComboFix and it strangely said to disable Avast (not installed) and MS Security Essentials (already disabled). I continued and ComboFix removed several items. Then I tried updating Malwarebytes and it still failed.
I installed Avast free edition and ran full and boot-time scans and they both found and removed several items. I again tried updating Malewarebytes and it still failed.
I ran Malwarebytes without updates. It found several items (most from quarantines of other tools) and removed them. I again tried updating and it again failed.
I checked firewall and disabled it. I checked proxy and disabled it. I again tried updating Malwarebytes and it failed.
 
I am attaching the dds.txt output file.
 
Link to post
Share on other sites

Hello and welcome to Malwarebytes forum.

 

As we go along, if something is not clear or you have some question, please ask me first. And while I am assisting you, please do not make changes or fixes on your own; nor seek help elsewhere in another venue.
It is important that we stay in sync.   Stick with me until we get this resolved.

I'll need more information to locate the source of the issue.
Please only ATTACH the log files I ask for.  

Could you please tell me if you had the self-protection on in the program   { on the Settings >> Advanced Settings screen} ?
Also, did you do a Windows restart today ?  when was the last time that Windows was started fresh?

Do you have version 2.0.2.1012 installed ?

This tool will collect some information on the installation of Malwarebytes and create a report I need to review:
Download mbam-check.exe and save it to your desktop    from  http://downloads.malwarebytes.org/file/mbam_check
On Vista/Windows 7, 8, Right-click on mbam-check.exe & select Run as Administrator & allow to Run.
On XP,Double-click on mbam-check.exe to run it.
It should then open a log file CheckResults.txt
You should attach the CheckResults.txt file located on your desktop so that I can review.

Link to post
Share on other sites

Other questions for you:

 

Are you now getting malware removal help, here or any where else?

 

I can see that several security apps were installed today.   Avast, our program, and S-A-S.

Is there a suspected or a pre-existing malware infection on this box?

 

When you do get back to the forum.  Please do stop self-medicating with all the various tools.

This needs a re-group and a re-think.

I have moved your topic to the malware removal.   But I need to be sure you are not also asking for help in any other venue.

Edited by Maurice Naggar
Link to post
Share on other sites

1. I am not getting help elsewhere. What I asked for here was specifically about a manual update procedure for Malwarebytes v2. When I couldn't run a current Malwarebytes, I used other tools to remove the infected items. As I said before, multiple infected files, registry entries, etc., have been found by various tools and removed. For the purposes of finding why Malwarebytes will not update, I will stop my actions to remove malicious items from the computer. I am not so much seeking help removing infected items and I am trying to find why Malwarebytes will not update.

 

2. My original question still stands - Is there a manual update procedure for v2 of Malwarebytes? That is really what I am asking for.

 

>Could you please tell me if you had the self-protection on in the program   { on the Settings >> Advanced Settings screen} ?

As I stated before, I am running Malwarebytes (free) 2.0.2.1012 which has the advanced settings greyed out. I have not changed them and it appears the self-protection is not on.

>Also, did you do a Windows restart today ?  

Yes.

>when was the last time that Windows was started fresh?

About an hour ago. I removed Malwarebytes to do a clean re-install. After removal I restarted the computer. I then reinstalled Malwarebytes (free) 2.0.2.1012

>Do you have version 2.0.2.1012 installed ?

Yes. The version of Malwarebytes that I installed, removed, and reinstalled is 2.0.2.1012.

>Is there a suspected or a pre-existing malware infection on this box?

See my original post. Several infected items have been removed by SAS, Combofix, Avast and Malwarebytes with no updates. Malwarebytes continues to abort when update is attempted.

I am attaching the requested file.

 

 

 

CheckResults.txt

Link to post
Share on other sites

1. OK.  I wanted to be sure that there was not a dual set ( multiple sources) of ongoing help.
As I noted before, I'd like for you to follow my guidance and not do things on your own.  We have to stay in sync.
If something is not clear, stop and ask me first.

I am concerned when you mentioned that there were

multiple infected files, registry entries, etc., have been found by various tools and removed.

I would have preferred that you had asked for malware removal help here first before doing it on your own.
Just a bit worried about what may be now overlooked.

In any event, there can be a few different reasons as to why our AntiMalware would not install in the first place.
BUT your system does now have the Anti-Malware installed, with the latest program version.
If the program has some sort of abend ( abnormal termination) then we do need to have a process to get all information pertinent to that.


2. There is not a nice simple way to get a "database" download/refresh like we had with version 1.

Q: This pc is your friend's son's system.  How long will you be able to have it & work on it?

We need to Show all files in Windows 7:

Press and hold Windows-key+E key on keyboard to start Windows Explorer.
From the Windows Explorer menu options, Select Tools, then Folder Options.
Next click the View tab.
Locate and uncheck "Hide protected operating system files (Recommended).
Locate and click "Show hidden files and folders and drives. "
Click Apply > OK.

B
1. Go Here and download ERUNT and Save it to your Desktop
http://dundats.mvps.org/Files/erunt-setup.exe

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start "ERUNT"
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked
6. Press "OK"
7. Press "YES" to create the folder.

C
Look at this folder   C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
locate and then send as an attachment this file =>  mbam-log-2014-06-06 (08-00-20).xml          


D
Go to this folder C:\Program Files (x86)\Malwarebytes Anti-Malware\Plugins
there is a Fixdamage.exe there
Double-click fixdamage.exe   and let it run.  It should run fairly quickly.

E
Please download the Farbar Recovery Scan Tool from here:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

save it to your desktop.

RIGHT-click on **FRST64.exe** and select Run as Administrator to start it and reply Yes to allow to run when prompted by Windows.

When the tool opens click Yes to disclaimer.
Press the Scan button.
It will make a log (**FRST.txt**) in the same directory the tool is run.

Please attach that log to your reply.
The first time the tool is run, it makes a second log (**Addition.txt**).
Please attach that to your reply as well

If you would go ahead and post all of the above ( at this point) in attachments I would appreciate it.

F
NOTE:  If there is any subsequent "crash" / "abort"  in the Anti-Malware I will be looking to get the Windows memory dump files ( wer files) from you.
I'll guide you on that if & when that occurs.


G
Try to do a database update in the Anti-Malware.
Start the program.  On the Dashboard screen, press the Update now link.   Let me know what happens in detail.

If it crashes, I would like for you to provide all details in a post and then stop and wait for my reply.

If it does do an update, then click the Scan Now button on the Dashboard and do a Threat scan +  attach that log in your next reply.
Link to post
Share on other sites

First I need to advise that when I started the computer this morning it went into Avast boot time scan. I did not realize it was pending. It did call out an adware item and I selected the option to move it to the chest.

 

>2. There is not a nice simple way to get a "database" download/refresh like we had with version 1.

 

Thank you for the response.

 

>Q: This pc is your friend's son's system.  How long will you be able to have it & work on 

 

I had originally intended to return it this evening but have just talked to by friend Scott and he said go ahead and hang on to it for a few days. He also told me he received a strange call (number blocked) from someone with a heavy accent (about the time I was running tools to remove virus/malware) claiming to be Microsoft and wanting to help with malicious software removal. I am certain it was not Microsoft, but instead some kind of scam, but the timing was too coincidental.

 

>We need to Show all files in Windows 7:

 

Done.

 

 

>B

>1. Go Here and download ERUNT and Save it to your Desktop....

 

Done.

 

>C

>Look at this folder   C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs

>locate and then send as an attachment this file =>  mbam-log-2014-06-06 (08-00-20).xml          

 

Done.

 

 

>D

>Go to this folder C:\Program Files (x86)\Malwarebytes Anti-Malware\Plugins

>there is a Fixdamage.exe there

>Double-click fixdamage.exe   and let it run.  It should run fairly quickly.

 

Done.

 

 

>E

>Please download the Farbar Recovery Scan Tool from here:


> ....

 

Done.

 

>F

>NOTE:  If there is any subsequent "crash" / "abort"  in the Anti-Malware I will be looking to get the Windows memory dump >files ( wer files) from you.

>I'll guide you on that if & when that occurs.

 

Okay.

 

 

>G

>Try to do a database update in the Anti-Malware.

>Start the program.  On the Dashboard screen, press the Update now link.   Let me know what happens in detail.

>

>If it crashes, I would like for you to provide all details in a post and then stop and wait for my reply.>

>

>If it does do an update, then click the Scan Now button on the Dashboard and do a Threat scan +  attach that log in your >next reply. 

 

The update again failed with the Windows error message "Malwarebytes Anti-Malware has stopped working." I am attaching a txt file with the event log contents (event.txt).

 

Addition.txt

event.txt

FRST.txt

mbam-log-2014-06-06 (08-00-20).xml

Link to post
Share on other sites

Hello,

 

It should go without having to say, that phone call was a scam.  Total scam.  Microsoft will never call and neither would any legitimate company call you out of the blue.

 

I would like to have from you a zip file containting that XML file plus the folder that has the error dump.

Can you arrange for that and then attach here in a reply?

 

this file

C:\Users\Isaac M\AppData\Local\Temp\WER3295.tmp.WERInternalMetadata.xml

Plus this next folder and all of its contents

C:\Users\Isaac M\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_mbam.exe_ee6b9617caee94958672fcb369bbde3f5e1dcb0_10b75d5c

That is just 1 folder --- the system here is chopping the line into 2.

 

It would help to have that.   I will reply soon in a separate post.   Thank you.

Edited by Maurice Naggar
Link to post
Share on other sites

part 2

Save the attached file Fixlist.txt to the same location where you have FRST.exe ---- the Desktop

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite an existing one please allow)

Run FRST64.exe again but this time press the "Fix" button just once and wait.

When finished, it will make a log (fixlog.txt) next to FRST.
Please attach the Fixlog.txt into a reply.

 

After the completion of this task, please restart Windows.

Fixlist.txt

Link to post
Share on other sites

> this file
> C:\Users\Isaac M\AppData\Local\Temp\WER3295.tmp.WERInternalMetadata.xml

 

I could not find that file. I verified no system hidden files, but the file named above is not there.  I attached a zip of a doc with a screen shot of the temp folder and you can see no file of this name.

> C:\Users\Isaac M\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_mbam.exe_ee6b9617caee94958672fcb369bbde3f5e1dcb0_10b75d5c

 

This one I found and it is attached.
 

local.temp-folder.docx.zip

AppCrash_mbam.exe_ee6b9617caee94958672fcb369bbde3f5e1dcb0_10b75d5c.zip

Link to post
Share on other sites

I appreciate that you sent the zip files.

 

And the frst fix run was as planned.   Now then, do a Threat Scan.

 

Start the Anti-Malware program.
on the Dashboard, click the Scan Now >> ( link)  button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In some cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.



Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

If good fortune is on our side, it should do ok.   If not, let me know all detail, and in which case, I'll be asking for another set of files.

Link to post
Share on other sites

I initiated the scan and when it prompted for updates it again crashed with the windows error message "Malewarebytes Anti-Malware has stopped working". I found I wasn't fast enough to click the skip update button on my second attempt and it crashed again. On my third try I disabled the network adapter first, and then Malwarebytes actually initiated the scan. When it is complete I will post the results as requested.

 

-- Frank

Link to post
Share on other sites

Malwarebytes scan results (note that database is not updated):

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/7/2014
Scan Time: 8:56:52 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.03.04.09
Rootkit Database: v2014.02.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Isaac M
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 297977
Time Elapsed: 8 min, 4 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

It's quite interesting and also perhaps fortuitous that you went and turned off the network adapter.  How did you happen to think to do that?

 

Obviously now, you need the adapter back on.

 

Lets please do this:

I'd like us to try a different manual fix to see if we can overcome the current update-failure-issue.
First, lets shutdown the realtime Malwarebytes Anti-Malware. Go to the desktop Taskbar. See the blue-color MBAM icon in the notification area.
Do a Right-click on it with your mouse, and select EXIT.

I've attached a file for Malwarebytes configuration named **netconf.zip**

Save it.

Unzip the content.  You will see a net.conf file


Please see if replacing the existing net.conf with this one works or not.

It needs to be copied to here

C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration

That location is normally hidden in Windows so you will need to be able to see hidden files and folders.

See here if you need instructions
http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Before replacing your existing file, please copy it to another location and attach it when you reply.

When you copy the one I have attached, Windows will prompt you that another file with that name already exists - select to replace it.
When you have done the above, you will need to manually start the program to get it going.
Right-click on the desktop icon for MBAM and select Run as Administrator.

Please let me know if this helps to fix the issue.

 

Now then, start the Anti-Malware.  Do an Update run.   Let me know if that succeeds.

Do a new Threat scan and report on new results.

 

Later on, I'll need the previous ( last) dump file from Windows.

Thank you

 

netconf.zip

Link to post
Share on other sites

> It's quite interesting and also perhaps fortuitous that you went and turned off the network adapter.  How did you happen to think to do that?

 

Struck me as kind of obvious. I do not have your expertise in Malwarebytes and virus/malicious software. But I do have 36 years experience in IT in various rolls, be it field service, software development (3 patents), network engineering, consulting, etc.

 

 

> Obviously now, you need the adapter back on.

 

Done.

 

 

> Lets please do this:

> I'd like us to try a different manual fix to see if we can overcome the current update-failure-issue.

> First, lets shutdown the realtime Malwarebytes Anti-Malware. Go to the desktop Taskbar. See the blue-color MBAM icon in 

> the notification area.

> Do a Right-click on it with your mouse, and select EXIT.

 

Reminder - free edition - trial not enabled. The realtime protection is not active.

 

 

> I've attached a file for Malwarebytes configuration named **netconf.zip**

...

> C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration

 

Done.

 

 

> Before replacing your existing file, please copy it to another location and attach it when you reply.

 

Done. Net.zip attached.

 

 

> Right-click on the desktop icon for MBAM and select Run as Administrator.

 

Done.

 

 

> Please let me know if this helps to fix the issue.

 

It worked!

 

 

> Now then, start the Anti-Malware.  Do an Update run.   Let me know if that succeeds.

> Do a new Threat scan and report on new results.

 

It ran.  Results attached as txt file (scan_results.txt). It looks clean. Not sure why Malwarebytes wouldn't update but I suspect if I had deleted the contents of ProgramData\Malwarebytes when I removed/restarted/reinstalled, then I probably would not have had this issue.

 

Please let me know if you want anything else from this computer.

 

-- Frank

scan_results.txt

net.zip

Link to post
Share on other sites

Hello Frank,

 

That's great.  I do appreciate all the information you have provided to us.

And I personnaly salute you for this.   And just so you know, we probably share a similar background.  ^_^

 

Let me know if you need something else.

But for this box here, it should be good to go now.  And you can simply delete the tools that you and I had used.

 

And you can add this free anti-exploit tool to this computer --- to provide an added edge of protection.

our Anti-Exploit ( free )
http://www.malwarebytes.org/products/antiexploit/

 

Obviously this student would be better off having the realtime protection of the Anti-Malware.

 

Best regards to you, sir.   4-clap.gif

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.