Jump to content

MBAM error: SDKDatabaseLoadDefaults failed with code: 1812


Dymium

Recommended Posts

My previous topic is here

 


Whenever I try to run a scan, MBAM will ask to install database updates. Whether or not I let it install database updates, it will fail with either "SDKDatabaseLoadDefaults failed with code: 1812" or "SDKDatabaseLoadDefaults failed with code: 2".
 
This same issue happens in both Chameleon mode and in Windows Safe Mode.
 
I'm currently running Windows 7. (Ignore the Windows 8 theme)
747cfe6e17.png

 

I have no idea what is causing this error, and if it is malware or not and I was told that I can get better support here.

 

Some things to note:

  • My disk is not encrypted with TrueCrypt
  • I have no other installed AVs besides MBAM
  • A scan I did with Comodo Internet Security turned up clean
  • Clean uninstalling and then reinstalling MBAM doesn't fix this error
  • This error happens in Chameleon mode and Safe Mode

 

Attached are the FRST and MBAM logs.

Addition.txt

CheckResults.txt

FRST.txt

Link to post
Share on other sites
  • Replies 58
  • Created
  • Last Reply

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Please download Malwarebytes Anti-Rootkit from the following link:

 

https://malwarebytes.app.box.com/s/xiaxsbl4cjdyyqx5wp8q

 


Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

 

Kevin....

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

 

 

 

Next,

 

Please download Malwarebytes Anti-Rootkit from the following link:

 

https://malwarebytes.app.box.com/s/xiaxsbl4cjdyyqx5wp8q

  •  

     

  • Unzip the contents to a folder in a convenient location.

     

     

  • Open the folder where the contents were unzipped and run mbar.exe

     

     

  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

     

     

  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.

     

     

  • Wait while the system shuts down and the cleanup process is performed.

     

     

  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

     

     

  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

     

     

Kevin....
The link ( https://malwarebytes.app.box.com/s/xiaxsbl4cjdyyqx5wp8q)leads to a removed file, and I can't download MBAM anti-rootkit from it.
Link to post
Share on other sites

Okay, instead of using that link, I went ahead and downloaded MBAM Anti-Rootkit from http://www.malwarebytes.org/downloads/ .

Updating the database goes fine, but when MBAR tries to scan, I get this error:

9Lmn9Wb.jpg

I have tried restarting and then running the scan, and I get the same error.

It only left one log, not two. I have attached it to this post.

system-log.txt

Link to post
Share on other sites

See if you can run FRST from the recovery environment as follows:

 

Please download Farbar Recovery Scan Tool from here:                                                                   
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt Here: http://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/ to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.



On the System Recovery Options menu you may get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type  e:\frst64 or e:\frst depending on your version. Press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.



Type the following in the edit box after "Search:".

explorer.exe

Click Search button and post the log (Search.txt) it makes to your reply.

 

Kevin...

Link to post
Share on other sites

explorer.exe is patched we need to replace with FRST.. do the following:

 

Save the attached file fixlist.txt to your flash drive, same place as FRST.
Now please enter System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

Re-boot your PC to normal mode, see what happens when you give Malwarebytes a run...

Fixlist.txt

Link to post
Share on other sites

Run this please:

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
Post back the report which should also be located here:

 

C:\Programdata\RogueKiller\Logs <-------- W7/8

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

 

Kevin...

Link to post
Share on other sites

Go here: https://forums.malwarebytes.org/index.php?/topic/146017-mbam-clean-removal-process-2x/ follow those instructions for clean install of Malwarebytes,

 

When reinstalling the program please try the latest version from here:

http://www.malwarebytes.org/mwb-download/

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

Link to post
Share on other sites

Scan still won't run, same error as before.

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 11/22/2014Scan Time: 6:30:11 PMLogfile: Administrator: YesVersion: 0.00.0.0000Malware Database: v2014.11.22.15Rootkit Database: v2014.11.22.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: AdministratorScan Type: Result: FailedObjects Scanned: 0(No malicious items detected)Time Elapsed: 0 min, 0 secMemory: DisabledStartup: DisabledFilesystem: DisabledArchives: EnabledRootkits: DisabledHeuristics: DisabledPUP: DisabledPUM: DisabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end)
Link to post
Share on other sites

All settings are disabled, Open Malwarebytes, select "Settings" then select "General settings" then select "Restore default settings" >  then select "Detection and Protection" then select "Recommended Settings"

Will malwarebytes now run a threat scan?

Link to post
Share on other sites

All settings are disabled, Open Malwarebytes, select "Settings" then select "General settings" then select "Restore default settings" >  then select "Detection and Protection" then select "Recommended Settings"

Will malwarebytes now run a threat scan?

No, I still get the same error that I have been getting.
Link to post
Share on other sites

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

 

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

 


Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7/8, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
If the tool does not run from any of the links provided, please let me know.

 

Next,

 

Read the following link before we continue and run Combofix:

ComboFix usage, Questions, Help? - Look here

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.infospyware.net/antimalware/combofix/

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review



****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

*EXTRA NOTES*


  •    
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
       
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
       
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)



Post the log in next reply please...

Kevin
 

Link to post
Share on other sites

Thanks for the logs, continue please.....

 

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

ClearJavaCache::

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

Next,

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin.

 

(To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET SMART  Installer during the process)

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the following options are checked:
 
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
 
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Kevin...

 

Link to post
Share on other sites

Thanks for those logs, continus as follows and run a clean install of Malwarebytes:

 

Download and save mbam-clean.exe and save to your desktop from the following:

http://www.malwarebytes.org/mbam-clean.exe

Now do the following:

  •    
       
  • Click on Start and select Control Panel
       
  • Open Uninstall a Program for XP use Add/Remove Programs
       
  • Uninstall Malwarebytes' Anti-Malware
       
  • Restart your computer, very important to do that!!
       
  • Run mbam-clean.exe
       
  • It will ask to restart your computer, please allow it to do so, very important!!



Next, D/L and install Malwarebytes again and update as follows :-

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
  • Now select > Scan > Threat scan > Scan now
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart (If applicable) once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Kevin

Link to post
Share on other sites

We must have missed deep rooted malware/infection, continue please:

 

Re-run FRST make sure all boxes are checkmarked under "Whitelist" also make sure only "Addition.txt" is checkmarked under "Optional scan"

 

Post both logs, FRST.txt and Addition.txt

 

Next,

 

Please download Gmer from Here by clicking on the "Download EXE" Button.

 

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
     
            Sections
            IAT/EAT
            Show All ( should be unchecked by default )
     
  • Leave everything else as it is.
  • Close all other running Programs as well as your Browsers.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.

 

Please post the content of the ark.txt here.

 

 

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

**If GMER crashes** Follow the instructions here and disable your security temporarily…

 

Next,

 

Please download aswMBR from here: http://files.avast.com/files/rootkit-scanner/aswmbr.exe Save to your desktop.

 


Double click theaswMBR.exe icon, and click Run
There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
Click the Scan button to start the scan once the update has finished downloading
On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

 

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

 

Thanks,

 

Kevin...

Link to post
Share on other sites

GMER runs, but it gets this error partway through the scan:

------------------------------------------------------C:\Users\Administrator\ntuser.dat: The process cannot access the file because it is being used by another process.---------------------------OK   ---------------------------
It then says it has completed scanning, and the log it produces is empty.

All the other scans ran OK, I posted the logs.

Addition.txt

aswMBR.txt

FRST.txt

Link to post
Share on other sites

GMER should not show that error. was GMER running from an account with Admistrator status?

 

Run this please...

 

Please read carefully and follow these steps.

  • Download TDSSKiller from here  http://support.kaspersky.com/downloads/utils/tdsskiller.exe and save it to your Desktop.
  • Doubleclick on tdssk.jpg to run the application.
  • The "Ready to scan" window will open, Click on "Change parameters"  


    tda.png

  • Place a checkmark next to Verify Driver Digital Signature  and Detect TDLFS file system, (Leave "Service & Drivers" and "Boot Sectors" ticked. Click OK.
     


    td1.png

  • Select "Start Scan"


    tdb.png

  • If an infected file is detected, the default action will be Cure, click on Continue.


    td2.png

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    td3.png

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    td4.png

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


 

Thanks,

 

Kevin..

Link to post
Share on other sites

Select Windows key and R key together. Into the run box type regedit tap enter, Registry Editor will open.....

 

Expand the following key :-

 

HKEY_LOCAL_MACHINE >SOFTWARE > Policies > Microsoft > Windows > safer > codeidentifiers > 0

 

Do not expand the folder 0 Right click on that folder and choose "Export"

 

reg-2.png

 

A new widow will open, make sure to change "saved in" to Desktop.

 

reg2-1.png

 

From the desktop right click on the reg file > select > send to > compressed (zipped) folder....

 

Attach to next reply,

 

Kevin...

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.