Jump to content

mbamchameleon Event ID 61703 spam


Recommended Posts

My system is reporting a lot of information logs in event viewer for Mbamchameleon. I have about 70-80k until the older logs are deleted. Two new logs are generated  between every 10-20 seconds. I am not sure if this is normal. I have added every every exclusion for my AV and firewall I can think of. These reports do not stop generating even with program closed. A example of a report as follows. The ???? is just hiding my system name from the public.

 

Mbamchameleon Failed to obtain file name information - C0000034

 

- System
    - Provider
      [ Name] mbamchameleon
    - EventID 61703
      [ Qualifiers] 16384
      Level 4       Task 4352       Keywords 0x80000000000000     - TimeCreated
      [ SystemTime] 2014-06-17T09:28:06.895735600Z
      EventRecordID 10257074       Channel System       Computer ?????????       Security
- EventData
              C0000034       00000000020028000011000007F100404C020000340000C000000000000000000000000000000000

Binary data:

In Words

0000: 00000000 00280002 00001100 4000F107
0008: 0000024C C0000034 00000000 00000000
0010: 00000000 00000000

In Bytes

0000: 00 00 00 00 02 00 28 00 ......(.
0008: 00 11 00 00 07 F1 00 40 .....ñ.@
0010: 4C 02 00 00 34 00 00 C0 L...4..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

 

- <System>
  <Provider Name="mbamchameleon" />
  <EventID Qualifiers="16384">61703</EventID>
  <Level>4</Level>
  <Task>4352</Task>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2014-06-17T09:28:06.895735600Z" />
  <EventRecordID>10257074</EventRecordID>
  <Channel>System</Channel>
  <Computer>????????</Computer>
  <Security />
  </System>
- <EventData>
  <Data />
  <Data>C0000034</Data>
  <Binary>00000000020028000011000007F100404C020000340000C000000000000000000000000000000000</Binary>
  </EventData>
  </Event>
 
 

 

Link to post
Share on other sites

Hi:

 

Just curious -- perhaps this might explain what you're seeing?
 

This is normal and expected in some cases. Chameleon (mbamchameleon driver) is checking digital signatures/certificates of processes in memory. When it is unable to verify, it is logged as an Information event. It's not an issue of concern in this case.

As to why mbamchameleon is running, Firefox has the right idea. If you're using MBAM 2.0 and self-protection is enabled, that is the mbamchameleon driver.

https://forums.malwarebytes.org/index.php?/topic/145618-problem-in-event-viewer-source-mbamchameleon/#entry813011

and: https://forums.malwarebytes.org/index.php?/topic/143923-that-is-this/?hl=%2Bevent+%2Bviewer#entry801608

 

Just a thought,

Link to post
Share on other sites

  • 1 month later...

Sorry for the late reply.

 

 

Hi,Bogartbc, and :welcome:

 

Just to be clear, and before we start anything, is this the only problem you're having with MBAM?  Does it update correctly, scan correctly, etc?

 

This problem started after I had reinstalled the program due to a corruption issue. The program had crashed on the 16th of June. The program stopped responding but I could not kill mbam.exe *32. No scan was running at the time. The system started to lag/slow down a bit so I restarted the PC via Start > Restart. After booting into Windows the programs auto-start settings failed as did manual launching. I uninstalled the program using a method I found in another post which used Mbam clean with requied steps and reboots. I reinstalled as per direction.

 

Beyond the above issue I still have Mbamchameleon Failed to obtain file name information - C0000034 spam every week or so. I have 42 logs in the last 24 hours, 12 are from a Threat scan ran today. Other than noted issues I have not had any problems found in log files, everyday protection and weekly scans.

 

 

 

 

Hi:

 

Just curious -- perhaps this might explain what you're seeing?
 

and: https://forums.malwarebytes.org/index.php?/topic/143923-that-is-this/?hl=%2Bevent+%2Bviewer#entry801608

 

Just a thought,

 

This seems to line up with logs' time with the scan I ran today. I assume that other logs are part of the normal protection after booting into Windows.

 

72,000 in 48 hours seems excessive. Does this have any impact on the programs protection and detection capabilities?

Link to post
Share on other sites

Hi:
 
Thanks for the update.
 
We'll need to wait for AdvancedSetup, exile360 or one of the other staff members to provide a detailed answer to your technical question.

In order to assist them to better help you, I would suggest that you please read the following and post back attached to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt).

 

Thanks for your patience,

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.