Jump to content
Lycanfox

MBAM BSoD when running any scan

Recommended Posts

Hello and thanks in advance for any assistance :). I've been using Malwarebytes for quite some time now as part of my toolkit of antivirus/antimalware software. I have never had a problem with it until I got to one of the latest releases, when the layout changed dramatically to the new layout. Since then, I cannot complete a scan without getting a BSoD. I have tried disabling my firewall when scanning, to no avail. 

 

Sometimes the BSoD occurs when scanning Filesystem Objects and sometimes during Heuristic Analysis. The First BSoD occurs generally when it happens during scanning Filesystem Objects and the second when performing Heuristic Analysis (the one with the SwissArmy file in the image). Both of these happen even with just a basic Threat Scan. I have tried scanning in safe mode and this works perfectly, finding no malware. Hope you can help as this is really annoying, I would like to go back to having no problems with this great piece of kit.

 

Thanks in advance,

 

Adam

post-172612-0-86829900-1409880100_thumb.

post-172612-0-90392300-1409880105_thumb.

Share this post


Link to post
Share on other sites

Hello and :welcome: :
 
BSOD are usually caused by hardware issues, drivers issues or certain serious malware infections (rootkits).

If the scan finishes OK in Safe Mode, that would probably suggest some sort of driver conflict.
 

In any event....
Until one of the staff members or experts arrives to analyze your stop codes, it would help to collect a bit of basic system info.

Please read the following and post back attached to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)

If you could also post back with the minidumps, that would be great.

 

Additional scans with other tools may be needed, as well.

But those 3 logs and the minidumps will provide a starting point for troubleshooting.

 

Thanks,

Share this post


Link to post
Share on other sites

 

If you could also post back with the minidumps, that would be great.

 

 

A quick question, is there any other way to post minidumps other than to attach them as it says I am not permitted to post that type of file to the forum. The files I have are in .dmp format.

Share this post


Link to post
Share on other sites

Hi:

 

Thanks for the logs.
 
It looks as if you have several minidump logs:
 

2014-09-05 02:07 - 2010-03-31 23:21 - 00301806 ____N () C:\Windows\Minidump\090514-18345-01.dmp
2014-09-05 02:07 - 2010-02-26 17:04 - 00000000 ____D () C:\Windows\Minidump
2014-09-05 01:12 - 2010-03-31 23:21 - 00301806 ____N () C:\Windows\Minidump\090514-19172-01.dmp
2014-09-05 01:01 - 2010-03-31 23:21 - 00306174 ____N () C:\Windows\Minidump\090514-18876-01.dmp
2014-09-04 16:56 - 2010-03-31 23:21 - 00301822 ____N () C:\Windows\Minidump\090414-18361-01.dmp
2014-09-04 14:20 - 2010-03-31 23:21 - 00306118 ____N () C:\Windows\Minidump\090414-27440-01.dmp


It would probably help quite a bit if you could zip one of them and attach it here -- let us know if they are too large (in which case the staff will provide instructions for uploading them to a file-sharing site).

 

Thanks,

Share this post


Link to post
Share on other sites

Hi:

 

Thanks for the logs.

 

It looks as if you have several minidump logs:

 

It would probably help quite a bit if you could zip one of them and attach it here -- let us know if they are too large (in which case the staff will provide instructions for uploading them to a file-sharing site).

 

Thanks,

Just uploaded those :). Thanks

Share this post


Link to post
Share on other sites

Super!

(Well, it's NOT super that you're getting a BSOD.  That stinks. I meant that it was good that you could provide the logs so quickly.)

 

Now we just need to wait for AdvancedSetup or another staffer to review everything.

 

Thanks!

Share this post


Link to post
Share on other sites

Super!

(Well, it's NOT super that you're getting a BSOD.  That stinks. I meant that it was good that you could provide the logs so quickly.)

 

Now we just need to wait for AdvancedSetup or another staffer to review everything.

 

Thanks!

 

Thanks for being so friendly and helping me get the right data ready for the staffers. Also thanks to the staff in advance :). It's really annoying to get the BSoD but at least it isn't like some other posts I read where they get it randomly, at least it only happens when I run MBAM. I'm off to bed now, thanks for the assistance :).

Share this post


Link to post
Share on other sites

I've alerted the QA Team to take a look at the logs but in the mean time you can try a couple things.

One try disabling your TrueCrypt temporarily.

Try an MBAM CLEAN removal and reinstall.

Then try a new scan at first without rootkit scanning enabled. Then with and see if you get the same results.

On a side note (not the cause of your issue)

You have software from iObit installed so just wanted to point this out for you.

The company behind this product was found to be stealing our database.

Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product.

Please see the following links and make up your own mind if you want to keep this on your system. If needed I can help you remove it.

Share this post


Link to post
Share on other sites

Hi Advanced Setup,

 

Thanks for the tips. First of all, do you think Truecrypt could be the problem? Disabling it would cause me a few problems as my data and games drives are encrypted. However I will unload them and disable it and just scan my C:\ drive only and see if that helps. Will closing the program itself be enough or do I have to remove any instances in task manager?

 

If this still gives me a BSoD ill try the clean uninstall. I did reinstall the program but will admit I did not try the clean uninstall process so will try that out next.

 

Lastly it is disturbing that IObit would steal code from you for their own services and of course I do not want to support any company (or trust any company) who would steal from another. However I am not certain what piece of software I have of theirs. I don't think it is any of the antivirus or malware stuff but I am not certain. At the moment I use Eset Smart Security as my AV and Firewall, for anti malware I use: EMSISOFT Anti Malware, Spybot search and destroy 2, Spyware blaster, windows defender and of course Malware bytes. For anti junkware I use both JRT and AdwCleaner and finally I use the anti rootkit scanner in Spybot to scan for root kits but have also now got the MBAR as well. I don't know if all of these are overkill or not enough but personally I have found items on each of these that others have not so perhaps not bad at all.

 

If you can recommend any addition regular scans other than the ones I use mentioned above I would be very greatful. Also if you tell me what IObit software is used and how to uninstall the piece of rubbish I will get onto that as well. Thanks again.

 

 

I've alerted the QA Team to take a look at the logs but in the mean time you can try a couple things.

One try disabling your TrueCrypt temporarily.

Try an MBAM CLEAN removal and reinstall.

Then try a new scan at first without rootkit scanning enabled. Then with and see if you get the same results.

On a side note (not the cause of your issue)

You have software from iObit installed so just wanted to point this out for you.

The company behind this product was found to be stealing our database.
Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product.
Please see the following links and make up your own mind if you want to keep this on your system. If needed I can help you remove it.

 

Share this post


Link to post
Share on other sites

Until Ron returns... just to answer your question about IObit....

this is from your logs...

C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys

Share this post


Link to post
Share on other sites

No you don't have to go overkill on removing processes. Just stop TrueCrypt and see if a scan dies. If it does try without rootkit scanning. If it still dies then try the MBAM CLEAN routine and let us know. We can help you remove the iObit if needed.

Thanks

Share this post


Link to post
Share on other sites

First of all for iObit game booster I found the folder specified, there were no programs in there, it just looks like a leftover few files from when I had their stupid game booster software. I removed it but when using FRST again it still shows the following, even though the folder and files specified do not exist anymore, I have windows set to show hidden files and protected system files so if it's there I should see it:

 

In FRST-     S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]

In Addition-    Task: {2CA13563-58F7-40D5-9D38-58C8420FCBF8} - System32\Tasks\Game_Booster_Startup => C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe

                      Task: {DD2F7305-141E-4610-BF9B-6978A5E63285} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe 

 

As for Truecrypt, that does seem to be the problem. I'll go through my process with you.

  1. Dismounted my D and E drives (games and data) and turned off Truecrypt. Ran a Threat scan- No BSoD.
  2. With Truecrypt still closed, ran a full custom scan of C drive with rootkits and everything possible- No BSoD.
  3. Loaded Truecrypt but did not mount any encrypted volumes- No BSoD.
  4. Loaded my Encrypted Data and Games drives- BSoD with the IRQL_NOT_LESS_OR_EQUAL code as shown above.

So it clearly is Truecrypt that is the problem. It's really weird as i've scanned inside and with Truecrypt containers before in the past with Malwarebytes and never ever had a problem. This is problematic as I need to be able to scan my data files for any malware as well. Some additional information: when I ran the MBAM in safe mode, it ran perfectly. Then after rebooting the PC truecrypt had somehow possibly lost permissions and thought it was in "portable mode" and thus would not load my favourite volumes until I reinstalled it. 

 

I will try the MBAM clean uninstall method anyway to see if that solves the problem and will let you know how that gets on.

Share this post


Link to post
Share on other sites

No unfortunately there is a bug (that has been corrected) that you're running into with TrueCrypt. This fix won't be available until the next release though. Sorry.

Share this post


Link to post
Share on other sites

No unfortunately there is a bug (that has been corrected) that you're running into with TrueCrypt. This fix won't be available until the next release though. Sorry.

 

Ahh I see, for now then I guess it's best to just run the scan with no truecrypt drives loaded. I assume it's way more likely that any malware be located in my C:\ drive than any data drives? 

 

Do you have an estimate on when the next release will be out roughly? As obviously i'd like to be able to scan my truecrypt volumes.

 

Lastly i'd just like to ask if I am having problems when scanning a truecrypt volume, if I got the Malwarebytes premium version do you think the real-time protection would also have issues and just crash randomly? I would like to support malwarebytes so would like to get the premium version if it would work. Can I ask exactly what the real time stuff does, is it just like antivirus which checks for downloads and running processes for any signs of malware. Would it clash with my antivirus real-time and application processes (I am using ESET) or with spybot if I decide to also use that real-time protection. I know you should not use more than 1 antivirus but i'm not sure about anti malware real-time stuff.

 

Thanks again!

Share this post


Link to post
Share on other sites

Oh and if you could help me completely remove the IOBIT thing from my pc, as I have removed the program and files but the registry things or tasks still seem to remain. I would be very grateful. 

Share this post


Link to post
Share on other sites

The free vs Premium scans are the same engine. It would certainly help to prevent infections but scans would need to be run the same way without scanning for rootkits.

 

To remove the iObit please start a new topic in this forum and ask for me and/or send me a PM with a link to your new topic and I'll help you out.

 

https://forums.malwarebytes.org/index.php?/forum/7-malware-removal-help/

 

Thanks

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.