Jump to content

BSOD with Malwarebytes and Truecrypt


Recommended Posts

I posted a problem at Wilders Security and they suggested I post it here. A person on that site was having problems with a Dell i5 running Win 7 Pro, when running Malwarebytes on Truecrypt containers (encrypted logical drives). This was causing the "blue screen of death" when when scanning with Malwarebytes. I posted that I was having a similar problem. It is very repeatable if you want more information. I understand in advance that Truecrypt is a special case, so thanks for your time.

 

Here is the post on the other site (Mod: delete URL, it is FYI):

http://www.wilderssecurity.com/threads/malwarebytes-and-truecrypt-bsod.365207/#post-2388841

 

 

Here is the text from the original post (referral cross post):

 

 

 

I am consistently getting the BSOD with Malwarebytes 2.0.2.1012 Premium scanning Truecrypt 7.1a containers (NTFS and FAT, new or old), also on a Dell, Studio XPS with i7 running Win 7 Pro, so a few things in common with the OP.

With no other apps running but Truecrypt and MB (No AV or other) it fails 100% of the time when scanning an encrypted container, with either blue screen or looping to the point of having to hit the power. If you try to "Cancel Scan" it goes dormant, and you can't even bring up task manager... and again you have to hit the power to restart...

With other containers open, I can scan unencrypted C: without problems, only the encrypted drives cause problems. This is after doing the MB recommended "clean install" and using the recommended "mbam-clean.exe" tool. This happens with or without the Root Kit scan. Been a user of TC and MB for years...

 

 

 

 

Thanks. Love the product. In addition to the above post at the other forum, I can supply logs that might help. The good news is that I know how to reproduce the problem!

 

Link to post
Share on other sites

Hello npcomplete and :welcome:
 
I am the person who answered your post at Wilders. :)

Please attach two of your most recent dump files likely located within the C:\WINDOWS\Minidump folder. You may individually zip the dump files if this forum's software won't permit attaching the originals.
 
In addition to your dump files, it would also be helpful if you also attached the following diagnostic logs:
 
Please read the following and individually attach the 3 requested logs in a reply to this thread: Diagnostic Logs.
 
The 3 files are: 1) CheckResults.txt 2) FRST.txt 3) Addition.txt. Please do not Copy and Paste them into a reply.

 

You may also wish to consult Common Questions, Issues, and their Solutions, Program Information: item #5.
 
Thank you.

Link to post
Share on other sites

Is there some way to email the logs? You are asking people to post things about their PC's operation on a forum that is open to the world for read access. I appreciate the help, but listing the machine config in clear text perhaps might not be the best way to deal with encryption problems. You don't even need to be logged in to see some of the other user's config.

 

Re: Item 5:

"Malwarebytes Anti-Malware only supports scanning of drives encrypted with TrueCrypt when using the rootkit scanner.  Other encryption methods are not supported at this time. You can do a regular threat scan with other encryption methods but you need to disable the rootkit scanning option."

 

I get these errors on scanning whether the root kit scan is enabled OR disabled. Both get blue screen.

Link to post
Share on other sites

Hello npcomplete:
 
Your concerns have already been well thought out by Malwarebytes management and the information gathering tools used here have been written accordingly, and because nothing is published that links the information in the logs and dumps requested of you, with your browser histories, cookies, bookmarks, email, identity, location, financial data or WAN IP address, you need not fear unwarranted access. Hence, your anonymity remains.
 
However, as a paying customer, you may initiate MBAM Consumer Support through the Malwarebytes Helpdesk Portal. Please be very patient if you choose this path as the current "response times can be as long as three to four business days." After the initial web form request is successfully sent, subsequent interactions with the Helpdesk are via email.
 
Thank you.

Link to post
Share on other sites

thanks again 1PW. PM sent. Let me run your tools, cleanup/uninstall as necessary, and then post the logs in clear.

 

Like I said, I am a big fan of both products, acknowledging that Truecrypt has been under discussion lately wrt security.

Link to post
Share on other sites

I opened up a support ticket, and then uploaded the log files yesterday. Let me know if you need more logs, or need me to rerun the logs. This one is fairly predictable, so easy to repeat even after fresh reboot with no other major apps running.

Link to post
Share on other sites

  • Staff

Hi npcomplete. We'll handle everything in the Support ticket now. I'll go ahead and close this topic, so we don't have multiple points of reply for the same issue.

This is a reproducible issue that only occurs when scanning an encrypted container (non-OS drive).

TrueCrypt Encrypted OS drives are not affected by this issue, from what I have observed.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.