Jump to content

[SOLVED] Malwarebytes Anti-Exploit 1.03.1.1220 won`t run


Kiana9

Recommended Posts

"Malwarebytes Anti-Exploit Protection is not started.The Anti-Exploit proccess will be terminated."

 

uninstalled from cp

deleted all program files and program data folders

theres no left over registry key

ccleaner

reboot

install again

 

:|

 

it looks like injection ("Error starting 64bit injection DLL") is failed and mbae service doesnt start so i tried to run the MBAE service manually it wont start!

 

its all ok @ windows 7 x64 but not 8.1 x64!both has same AV/FW (ESET SS + MBAM) @ 8.1 i get a message at the end of the installation to reboot i did that and nothing ...

mbae-default.log

Link to post
Share on other sites

  • Staff

Hi Kiana9, thanks for posting. Can you please attach all the files from the MBAE logs directory?

 

Also please attach mbae-uninstaller.log from C:\Program Files (x86)\Malwarebytes Anti-Exploit\ and a list of files from the same directory.

 

Thanks!!

Link to post
Share on other sites

  • Staff

I just noticed some weird entries in the log:

 

mbae-svc-MainSvc(524) - 2014/06/24 - 18:45:34 - #2# - CmdInstallService: 1.03.1.1220 - OS: Windows 8.0  - English - x64 -     213 - 4464
mbae-svc-MainSvc(116) - 2014/06/24 - 18:45:34 - #2# - ServiceMain: 1.03.1.1220 - OS: Windows 8.0  - English - x64 -     30 - 1268
mbae-svc-MainSvc(638) - 2014/06/24 - 18:46:25 - #2# - CmdDelService: 1.03.1.1220 - OS: Windows 7  - English - x64 -     213 - 5948

mbae-svc-MainSvc(524) - 2014/06/24 - 18:46:28 - #2# - CmdInstallService: 1.03.1.1220 - OS: Windows 7  - English - x64 -     213 - 3712
mbae-svc-MainSvc(116) - 2014/06/24 - 18:46:29 - #2# - ServiceMain: 1.03.1.1220 - OS: Windows 8.0  - English - x64 -     30 - 6756
mbae-svc-MainSvc(116) - 2014/06/24 - 18:50:10 - #2# - ServiceMain: 1.03.1.1220 - OS: Windows 8.0  - English - x64 -     30 - 4504
 

The fact it's reporting your OS differently at different points of the process is really weird, especially since the different detections are within very few seconds of each other.

 

Do you have any special configuration or OS version when you installed this computer?

Link to post
Share on other sites

i`v already got newer versions of visual c++ 2008/2010/2012 x64 and x86 (same as 7)

 

yes i have 2 windows as i said before 7 & 8.1 x64 maybe its because i tried to run the installed version(win 7) @ win 8.1 ?!

 

here is a new clean log:

mbae-svc-MainSvc(524) - 2014/06/25 - 17:20:01 - #2# - CmdInstallService: 1.03.1.1220 - OS: Windows 8.0  - English - x64 - 	213 - 7568mbae-svc-MainSvc(116) - 2014/06/25 - 17:20:02 - #2# - ServiceMain: 1.03.1.1220 - OS: Windows 8.0  - English - x64 - 	30 - 9204mbae-svc-SvcMisc(412) - 2014/06/25 - 17:20:02 - #1# - GetLicenseInfo:   - 	32 - 9204mbae-svc-SvcMisc(361) - 2014/06/25 - 17:20:02 - #1# - ValidateLicense:   - 	32 - 9204mbae-svc-MainSvc(199) - 2014/06/25 - 17:20:02 - #1# - ServiceStart: 32 - 	32 - 9204mbae-svc-SvcProtection(155) - 2014/06/25 - 17:20:03 - #1# - LoadProtectedApplications: 213 - 	213 - 9204mbae-svc-SvcProtection(289) - 2014/06/25 - 17:20:03 - #2# - SetDefaultProtectedApplications: 00000000 -  - 	213 - 9204mbae-svc-SvcMisc(223) - 2014/06/25 - 17:20:03 - #1# - LoadReportFile:   - 	9 - 9204mbae-svc-MainSvc(231) - 2014/06/25 - 17:20:03 - #1# - ServiceStart: 9 - 	9 - 9204mbae-svc-SvcProtection(777) - 2014/06/25 - 17:20:07 - #2# - InstallDriver: Malwarebytes Anti-Exploit Driver Installed successfuly - 	30 - 9204mbae-svc-SvcProtection(880) - 2014/06/25 - 17:20:08 - #2# - StartHookingFilter: Malwarebytes Anti-Exploit Driver is running - 	30 - 9204mbae-svc-SvcProtection(1082) - 2014/06/25 - 17:20:08 - #2# - StartInjection32: Starting Injection with: C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll - winhlp32.exe|wscript.exe|java.exe|javaw.exe|javaws.exe|opera.exe|opera_plugin_wrapper.exe|opera_wrapper_32.exe|iexplore.exe|chrome.exe|old_chrome.exe|firefox.exe|plugin-container.exe|FlashPlayerPlugin*.exe|helpctr.exe|mbae-test.exe - 	213 - 9204mbae-svc-SvcProtection(1089) - 2014/06/25 - 17:20:08 - #2# - StartInjection32: DLL Injection has been successfully started  C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll - 	30 - 9204mbae-svc-SvcProtection(908) - 2014/06/25 - 17:20:09 - #1# - StartHookingFilter: Error starting 64bit injection DLL: 1 - -1073741701 - 	30 - 9204mbae-svc-SvcProtection(740) - 2014/06/25 - 17:20:09 - #1# - InitializeHooks:   - 	213 - 9204mbae-svc-MainSvc(248) - 2014/06/25 - 17:20:09 - #1# - ServiceStart:   - 	213 - 9204mbae-svc-MainSvc(325) - 2014/06/25 - 17:20:09 - #2# - ServiceStop: Malwarebytes Anti-Exploit Service is stopping - 	213 - 9204mbae-svc-MbaeLog(448) - 2014/06/25 - 17:20:10 - #1# - GetSyslogConfig:   - 	32 - 9204mbae-svc-MbaeLog(536) - 2014/06/25 - 17:20:10 - #1# - MbaeSyslog:   - 	32 - 9204mbae-svc-MbaeLog(414) - 2014/06/25 - 17:20:10 - #1# - MbaeSystemLog: 32 - 	32 - 9204mbae-svc-SvcProtection(1099) - 2014/06/25 - 17:20:10 - #2# - StopInjection32: Stopping Injection with: mbae.dll - 	30 - 9204mbae-svc-SvcProtection(1108) - 2014/06/25 - 17:20:11 - #2# - StopInjection32: DLL Injection has been successfully stopped  C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll - 	30 - 9204mbae-svc-SvcProtection(980) - 2014/06/25 - 17:20:11 - #1# - StopHookingFilter: Error stopping 64bit injection DLL: 1 - -1073741701 - 	32 - 9204mbae-svc-SvcProtection(817) - 2014/06/25 - 17:20:11 - #2# - UninstallDriver: Malwarebytes Anti-Exploit Driver has been successfully stopped - 	30 - 9204mbae-svc-SvcProtection(827) - 2014/06/25 - 17:20:11 - #2# - UninstallDriver: Malwarebytes Anti-Exploit Driver has been successfully uninstalled - 	30 - 9204mbae-svc-MainSvc(369) - 2014/06/25 - 17:20:12 - #2# - ServiceStop: Malwarebytes Anti-Exploit Service is stopped - 	213 - 9204mbae-svc-MainSvc(602) - 2014/06/25 - 17:20:12 - #1# - CmdInstallService: Malwarebytes Anti-Exploit Service failed to start. - 	30 - 7568

after tried to manually run the mbae + service:

mbae-MainGui(90) - 2014/06/25 - 17:21:50 - #2# - WinMain: GUI (1.03.1.1220) - Start - 	213 - 2108mbae-MainGui(539) - 2014/06/25 - 17:21:50 - #2# - IsAdminRunning: SCM - Admin - 	35 - 2108mbae-MiscGui(126) - 2014/06/25 - 17:21:50 - #1# - GetRegistryIntegerValue:   - 	32 - 2108mbae-MbaeGui(177) - 2014/06/25 - 17:21:51 - #1# - LoadReportFile:   - 	9 - 2108mbae-svc-MainSvc(116) - 2014/06/25 - 17:21:56 - #2# - ServiceMain: 1.03.1.1220 - OS: Windows 8.0  - English - x64 - 	30 - 7456mbae-svc-SvcMisc(412) - 2014/06/25 - 17:21:56 - #1# - GetLicenseInfo:   - 	32 - 7456mbae-svc-SvcMisc(361) - 2014/06/25 - 17:21:56 - #1# - ValidateLicense:   - 	32 - 7456mbae-svc-MainSvc(199) - 2014/06/25 - 17:21:56 - #1# - ServiceStart: 32 - 	32 - 7456mbae-svc-SvcProtection(155) - 2014/06/25 - 17:21:57 - #1# - LoadProtectedApplications: 213 - 	213 - 7456mbae-svc-SvcProtection(289) - 2014/06/25 - 17:21:57 - #2# - SetDefaultProtectedApplications: 00000000 -  - 	213 - 7456mbae-svc-SvcMisc(223) - 2014/06/25 - 17:21:57 - #1# - LoadReportFile:   - 	9 - 7456mbae-svc-MainSvc(231) - 2014/06/25 - 17:21:57 - #1# - ServiceStart: 9 - 	9 - 7456mbae-svc-SvcProtection(777) - 2014/06/25 - 17:21:57 - #2# - InstallDriver: Malwarebytes Anti-Exploit Driver Installed successfuly - 	30 - 7456mbae-svc-SvcProtection(880) - 2014/06/25 - 17:21:58 - #2# - StartHookingFilter: Malwarebytes Anti-Exploit Driver is running - 	30 - 7456mbae-svc-SvcProtection(1082) - 2014/06/25 - 17:21:58 - #2# - StartInjection32: Starting Injection with: C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll - winhlp32.exe|wscript.exe|java.exe|javaw.exe|javaws.exe|opera.exe|opera_plugin_wrapper.exe|opera_wrapper_32.exe|iexplore.exe|chrome.exe|old_chrome.exe|firefox.exe|plugin-container.exe|FlashPlayerPlugin*.exe|helpctr.exe|mbae-test.exe - 	213 - 7456mbae-svc-SvcProtection(1089) - 2014/06/25 - 17:21:58 - #2# - StartInjection32: DLL Injection has been successfully started  C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll - 	30 - 7456mbae-svc-SvcProtection(908) - 2014/06/25 - 17:21:58 - #1# - StartHookingFilter: Error starting 64bit injection DLL: 1 - -1073741701 - 	32 - 7456mbae-svc-SvcProtection(740) - 2014/06/25 - 17:21:59 - #1# - InitializeHooks:   - 	213 - 7456mbae-svc-MainSvc(248) - 2014/06/25 - 17:21:59 - #1# - ServiceStart:   - 	213 - 7456mbae-svc-MainSvc(325) - 2014/06/25 - 17:21:59 - #2# - ServiceStop: Malwarebytes Anti-Exploit Service is stopping - 	213 - 7456mbae-svc-MbaeLog(448) - 2014/06/25 - 17:21:59 - #1# - GetSyslogConfig:   - 	32 - 7456mbae-svc-MbaeLog(536) - 2014/06/25 - 17:22:00 - #1# - MbaeSyslog:   - 	32 - 7456mbae-svc-MbaeLog(414) - 2014/06/25 - 17:22:00 - #1# - MbaeSystemLog: 32 - 	32 - 7456mbae-svc-SvcProtection(1099) - 2014/06/25 - 17:22:00 - #2# - StopInjection32: Stopping Injection with: mbae.dll - 	30 - 7456mbae-svc-SvcProtection(1108) - 2014/06/25 - 17:22:00 - #2# - StopInjection32: DLL Injection has been successfully stopped  C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.dll - 	30 - 7456mbae-svc-SvcProtection(980) - 2014/06/25 - 17:22:01 - #1# - StopHookingFilter: Error stopping 64bit injection DLL: 1 - -1073741701 - 	32 - 7456mbae-svc-SvcProtection(817) - 2014/06/25 - 17:22:01 - #2# - UninstallDriver: Malwarebytes Anti-Exploit Driver has been successfully stopped - 	30 - 7456mbae-svc-SvcProtection(827) - 2014/06/25 - 17:22:01 - #2# - UninstallDriver: Malwarebytes Anti-Exploit Driver has been successfully uninstalled - 	30 - 7456mbae-svc-MainSvc(369) - 2014/06/25 - 17:22:01 - #2# - ServiceStop: Malwarebytes Anti-Exploit Service is stopped - 	213 - 7456mbae-MainApi(163) - 2014/06/25 - 17:22:03 - #1# - CheckServiceRunning:   - 	15 - 2108mbae-MainApi(61) - 2014/06/25 - 17:22:03 - #1# - MbaeCreateSession:   - 	15 - 2108mbae-MbaeGui(47) - 2014/06/25 - 17:22:03 - #1# - StartMbae:   - 	15 - 2108mbae-MainGui(141) - 2014/06/25 - 17:22:03 - #1# - WinMain:   - 	15 - 2108mbae-MainGui(198) - 2014/06/25 - 17:22:06 - #2# - WinMain: Malwarebytes Anti-Exploit Protection is not started. The Anti-Exploit process will be terminated. - 	30 - 2108mbae-MainGui(615) - 2014/06/25 - 17:22:06 - #2# - Exit: GUI - Exit - 	213 - 2108mbae-MainApi(221) - 2014/06/25 - 17:22:06 - #1# - MbaeReleaseSession:   - 	8 - 2108

so whats blocking the injection?windows defender is off ESET SS + MBAM disabled (@ 7 installed fine with these enabled!)maybe security updates from MS?

does it need any specific windows service to start the mbae-svc.exe?

Link to post
Share on other sites

nop :) i installed MBAE in 8.1 and it wont  install completely (reboot message) then i installed it on 7 without any problems went back to 8.1 and give a try to run the installed version on 7 thats why there are different OSs in the log ...

 

i do know some apps could be shared between OSs but not if they got services to run!it was a long shot ...

 

so lets focus on 8.1 :

what may cause the injection failure?and does it need any specific windows service ?

 

thank you 

Link to post
Share on other sites

  • Staff

And how did you get both W7 and W8 detections from MBAE inside the same second? You can't be running them both simultaneously.

 

mbae-svc-MainSvc(524) - 2014/06/24 - 18:46:28 - #2# - CmdInstallService: 1.03.1.1220 - OS: Windows 7  - English - x64 -     213 - 3712
mbae-svc-MainSvc(116) - 2014/06/24 - 18:46:29 - #2# - ServiceMain: 1.03.1.1220 - OS: Windows 8.0  - English - x64 -     30 - 6756

Link to post
Share on other sites

i dont know that maybe because i ran the exe and service which installed in win 7 on win 8.1 ? does it really matter ?! as you could see in my first and last log problem is win 8.1 

 

here is a different path @ 8.1 D :\Program Files (x86)\Malwarebytes Anti-Exploit\

 

see the directory path or OSs drive letter are not the problem something is blocking the injection process/service in wind 8.1 i think ... 

mbae-default.log

mbae-default.log

Link to post
Share on other sites

  • Staff

The txt will normally be written to the same directory shown in the cmd prompt, which normally defaults to c:\windows\system32. Since you can't write to that dir type "mkdir c:\set" hit enter and then "cd c:\set" and then the following:

1- type "set >SetW7.exe" without the quotes and hit enter.

4- Reboot into Win8 and repeat with "set >SetW8.txt".

The txt files to attach here will be in c:\set.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.