Jump to content

BSOD because Malwarebytes Anti-Malware


Recommended Posts

Good day,

 

I get random once a day some times once in a few days the blue screen of death as INVALID_PROCESS_DETACH_ATTEMPT.

Analyzing it with debugging tolls of windows receives:

 

Microsoft ® Windows Debugger Version 6.12.0002.633 X86

Copyright © Microsoft Corporation. All rights reserved.

 

 

Loading Dump File [C:\WINDOWS\Minidump\Mini091214-01.dmp]

Mini Kernel Dump File: Only registers and stack trace are available

 

Symbol search path is: http://msdl.microsoft.com/download/symbols

Executable search path is:

Windows XP Kernel Version 2600 (Service Pack 3) MP (4 procs) Free x86 compatible

Product: WinNt, suite: TerminalServer SingleUserTS

Built by: 2600.xpsp_sp3_qfe.130704-0421

Machine Name:

Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720

Debug session time: Thu Sep 11 20:30:48.312 2014 (UTC + 3:00)

System Uptime: 3 days 4:30:29.271

Loading Kernel Symbols

...............................................................

................................................................

........................

Loading User Symbols

Loading unloaded module list

..................................................

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************

 

Use !analyze -v to get detailed debugging information.

 

BugCheck 6, {0, 0, 0, 0}

 

Unable to load image mbam.sys, Win32 error 0n2

*** WARNING: Unable to verify timestamp for mbam.sys

*** ERROR: Module load completed but symbols could not be loaded for mbam.sys

Probably caused by : mbam.sys ( mbam+1cf8 )

 

Followup: MachineOwner

---------

 

2: kd> !analyze -v

*******************************************************************************

*                                                                             *

*                        Bugcheck Analysis                                    *

*                                                                             *

*******************************************************************************

 

INVALID_PROCESS_DETACH_ATTEMPT (6)

Arguments:

Arg1: 00000000

Arg2: 00000000

Arg3: 00000000

Arg4: 00000000

 

Debugging Details:

------------------

 

 

CUSTOMER_CRASH_COUNT:  1

 

DEFAULT_BUCKET_ID:  DRIVER_FAULT

 

BUGCHECK_STR:  0x6

 

PROCESS_NAME:  mbamservice.exe

 

LAST_CONTROL_TRANSFER:  from 804f885d to 804f9f7e

 

STACK_TEXT: 

b84ebb6c 804f885d 00000006 8ad257f8 00000000 nt!KeBugCheck+0x14

b84ebb8c 805a880c b84ebba4 8ad257f8 00000000 nt!KeUnstackDetachProcess+0x119

b84ebbdc b7e2a64d 89ec3ac8 8aa604e0 00000001 nt!MmProbeAndLockProcessPages+0x6a

b84ebce0 b4232cf8 8a0302b8 b423611c e5011ef8 fltmgr!FltSendMessage+0x1db

WARNING: Stack unwind information not available. Following frames may be wrong.

b84ebd18 b4232873 00000001 0000005a e5011ef8 mbam+0x1cf8

b84ebd48 b4232a10 89ce8f50 00002fcc 8ae743a0 mbam+0x1873

b84ebd64 b7e3cdec 897bfc00 e9676f54 89f5f638 mbam+0x1a10

b84ebd7c 80538923 897bfc00 00000000 8ae743a0 fltmgr!FltpProcessDeferredIoWorkItem+0x16

b84ebdac 805cffee 897bfc00 00000000 00000000 nt!ExpWorkerThread+0xef

b84ebddc 8054620e 80538834 00000000 00000000 nt!PspSystemThreadStartup+0x34

00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

 

 

STACK_COMMAND:  kb

 

FOLLOWUP_IP:

mbam+1cf8

b4232cf8 ??              ???

 

SYMBOL_STACK_INDEX:  4

 

SYMBOL_NAME:  mbam+1cf8

 

FOLLOWUP_NAME:  MachineOwner

 

MODULE_NAME: mbam

 

IMAGE_NAME:  mbam.sys

 

DEBUG_FLR_IMAGE_TIMESTAMP:  52712fbc

 

FAILURE_BUCKET_ID:  0x6_mbam+1cf8

 

BUCKET_ID:  0x6_mbam+1cf8

 

Followup: MachineOwner

---------

 

 

 

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

  1. Please uninstall your current version of MBAM and reinstall the latest version. MBAM Clean Removal Process 2x
  2. If that does not correct the issue then please read the following and post back the requested logs. - Diagnostic Logs
  3. NOTE: There is an FAQ section with valuable information located here: - Common Questions, Issues, and their Solutions


Thank You
 

Link to post
Share on other sites

  • 1 month later...

Hello aresler:

 

Unfortunately the attached CheckResults.txt file was truncated near the end.

 

The last line of a good report should state: END OF FILE

 

Please resend if mbam-check ran properly or rerun mbam-check, verify and attach in a new reply.

 

Thank you.

Link to post
Share on other sites

Hello aresler:

 

If while trying to generate a complete CheckResults.txt output text report file you did delete all previous copies of mbam-check-2.1.1.1001.exe and you downloaded a fresh copy from here to an Administrator's desktop and ran as Administrator, and the full report still fails to generate, that could be a sign of system corruption or malware intrusion in association with the system's originally reported issue..

 

Staffer AdvancedSetup will make the next determination.

 

Thank you.

Link to post
Share on other sites

Hello,

I am the only user that can enter in windows after restart.

My OS is Windows XP Pro. I suppose that my user is the Administrator.

At previous run I did not run the programs from desktop.

This time to be sure I downloaded them to Desktop and run from there.

But no END OF FILE.

Before mbam-check-2.1.1.1001_2.exe ended it produced on Desktop a file named ErrorFileText but this file disappeared after program completion.

Thanks

CheckResults.txt

FRST.txt

Addition.txt

Link to post
Share on other sites

Good day,

 

I tried to fulfill your instructions but in this link:

https://forums.malwarebytes.org/index.php?/topic/119858-available-assistance-for-possibly-infected-computers/

In this line:

  • Please read and follow the directions here, skipping any steps you are unable to complete.

 

The link "direction here" is broken or does not point to an existing page.

 

Thanks,

Link to post
Share on other sites

Hi:

 

 

I tried to fulfill your instructions but in this link:

https://forums.malwarebytes.org/index.php?/topic/119858-available-assistance-for-possibly-infected-computers/

In this line:

  • Please read and follow the directions here, skipping any steps you are unable to complete.

 

The link "direction here" is broken or does not point to an existing page.

 

You are quite right! :o

The forum hosting was moved to new servers a week or so ago, so perhaps something went awry.

 

I'm sure AdvancedSetup will correct the link when he gets back....

 

Until then, here is the correct link for the "directions here" pinned topic: I'm infected - What do I do now?

 

Thanks very much for pointing that out -- you are the first and only person to do so among the many 10s of people whom we have sent to that pinned topic in the past week or so.

 

Cheers,

Link to post
Share on other sites

Let's try these: :)
 
1. Start here: Available Assistance for Possibly Infected Computers
2. It includes advice to go here: I'm infected - What do I do now?
3. And then the NEW topic (with the scan logs attached) needs to be created here: Malware Removal Help
 

>>As you have already run FRST, you just need to start a new topic in the malware removal section, attaching the same logs you posted here.

>>If you wish, you may use this clickablecjfj.png button to start that new topic in the other forum section.

 

Sorry about all the broken links -- thanks for letting us know.

 

Thanks,

Link to post
Share on other sites

  • 3 weeks later...

Hi:

 

It appears that your post may have been inadvertently overlooked, as the forum is quite busy.

 

I would suggest that you please send a Private Message to AdvancedSetup, asking that he look into it.

It would help if you would please copy and paste this link into your PM:

https://forums.malwarebytes.org/index.php?/topic/161676-bsod-because-malwarebytes-anti-malware/

Thanks for your patience and understanding,

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.