Jump to content

MBAM error: SDKDatabaseLoadDefaults failed with code: 1812


Recommended Posts

  • Replies 58
  • Created
  • Last Reply

Top Posters In This Topic

Select > Start > All Programs > Malwarebytes` Anti-Malware > Tools folder > Malwarebytes Anti-Malware Chameleon:

 

 

Cha.png

 

 

A new window will open with Chameleon Tabs CHb.png to CHc.png

 

Select tabs in turn until you get a successful run by double click on the tab,

Vista and Windows 7 user will have to accept UAC prompt. If successful you will see the following:

 

 

MBa.png

 

 

As instructed press any key to continue, you will now see the following as Malwarebytes attempts to run:

 

 

MBa1.png

 

 

Do nothing, let MB continue, it will try to update:

 

 

MBa2.png

 

 

You may see the following:

 

 

MBa6-1.png

 

 

Then.....

 

 

MBa7.png

 

 

MB will prompt if successful, do nothing; let it continue.

 

 

MBa3.png

 

 

MB will try to kill known malicious processes, do nothing; let it continue.

 

 

MBa4.png

 

 

MB will try to start a quick scan, if successful the following will open; do nothing the scan will run automatically.

 

 

MBc.png

 

 

When complete MB will produce a log, save that and copy to next reply.

 

MB will continue and remove the protective driver, you will then be given the option to "Press any key to continue" do that.

 

 

MBa5.png

 

 

Let me see the log from Malwarebytes in your reply,

Link to post
Share on other sites

Run the following, let me know if anything is removed...

 

  • Download Norton Power Eraser from here: https://security.symantec.com/nbrt/npe.aspx? and save direct to your Desktop.
     
  • Double click on NPE.exe to start the tool. Vista, Windows 7/8/8.1 right click, select "Run as Administrator" accept UAC.
     
     
    NPE1.png
     
     
  • The EULA will open, accept that to move on...
     
     
    NPE2.png
     
     
  • The tool will check for updates/latest version
     
     
    NPE3.png
     
     
  • The GUI will open, select "Scan for Risks"
     
     
    NPE4.png
     
     
  • Rootkit scan alert will open, select "Restart"
     
     
    NPE5.png
     
     
  • Rootkit scan preparations will time out and Reboot the system.
     
     
    NPE6.png
     
     
  • Tool will will restart and check for update, do nothing.
     
     
    NPE7.png
     
     
  • System scan will start, do nothing.
     
     
    NPE8.png
     
     
  • If infections are found a list will be produced, make sure to checkmark "Create System Restore Point" then select "Fix Now" if nothing is found select "Exit" to close out the tool.
     
     
    NPE9.png
     
     
  • To remove "found entries" the system will need to restart, select that option.
     
     
    NPE10.png
     
     
  • If applicable select "Locate Log" attach to reply. Select "Done" when complete....

Link to post
Share on other sites

MD5 information for winrar is coming up as not recogized in a general google search, maybe that means nothing but is still odd. Can you upload winrar executable to VirusTotal to be checked out..

 

Upload a File to Virustotal
Go to http://www.virustotal.com/

  • Click the Choose file button
  • Navigate to the file c:\program files\winrar\winrar.exe
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.

 
Next,
 
Read the following link before we continue and run Combofix:

ComboFix usage, Questions, Help? - Look here

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.infospyware.net/antimalware/combofix/

  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review



****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

*EXTRA NOTES*


  •    
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
       
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
       
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)



Post the log in next reply please...

Kevin
 

 

Thanks,

 

Kevin....
 

Link to post
Share on other sites

Winrar was probably detected as malicious because I had modified its executable to change up a menu in its interface, which would have changed its MD5 hash. I got Winrar from its official website. Unfortunately, during Norton's scan, the executable was corrupted, and I uninstalled Winrar before getting your message. I've redownloaded and installed Winrar again (From the official site) and scanned its executable. Here's the results: https://www.virustotal.com/en/file/c5b0b3639aa04b4b43136d9b6dd79f45cbc25b2b9483d7969cbe27feb29e6dcc/analysis/

 

I have also attached the ComboFix log.

ComboFix.txt

Link to post
Share on other sites

Still no malware or infection showing in the scan we`ve run, Try another clean install of Malwarebytes, ensure to run the clean up tool as instructed in link..

 

Go here: https://forums.malwa...val-process-2x/ follow those instructions for clean install of Malwarebytes,

 

When reinstalling the program please try the latest version from here:

 

http://www.malwareby...g/mwb-download/

 

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Let me know the outcome,

Link to post
Share on other sites

Download Portable Windows Repair (all in one) from one of the following:

 

http://www.tweaking.com/content/page/windows_repair_all_in_one.html

http://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html

http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/

 

Unzip the contents into a newly created folder on your desktop.

 

Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"

 

 

tweak1.jpg

 

From the main GUI do the following:

 

 

Select Tab 5 and Create System Restore Point

 

 

tweak4.jpg

 

Select Start Repairs tab => Click the Start

 

 

tweak5.jpg

 

The repairs window will open, Check the boxes as indicated, also the "Restart" option, then select Start...

 

 

tweak6.jpg

 

DON'T use the computer while each scan is in progress.

 

Post the log, to access select "settings" tab > "open log folder" tab, log will be named _Windows_Repair_Log

 

 

tweak7.jpg

 

 

Let me see that log,

 

Try Malwarebytes one more time after the repair tool has completed...

 

Thanks,

 

Kevin

Link to post
Share on other sites

Yep this is frustrating for sure, I do not believe this is a malware issue. Try the following:

 

Go to the following link: http://support.microsoft.com/kb/865219 follow the manual instructions and unhide file extensions...

 

Next,

 

Navigate to an open this folder C:\Program Files (x86)\Malwarebytes Anti-Malware scroll to mbam.exe right click on that file and rename it explorer.exe

 

When complete double click on the renamed file, accept UAC if offered. Will MB open, if so try a threat scan see what happens..

 

If it fails again, try renaming to any of the following:

 

  • mbam.com
  • iexplore.exe
  • userinit.exe
  • winlogon.exe

If we have no success name back to mbam.exe, re-hide file extensions. Let me know what happens..

 

Kevin

Link to post
Share on other sites

Download mbam-check.exe from here: http://downloads.malwarebytes.org/file/mbam_check and save it to your desktop

Double-click on mbam-check.exe to run it, it should then open a log file

Please DO NOT copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop.

 

Thanks,

 

Kevin

Link to post
Share on other sites
  • Root Admin

Hello, I will go ahead and take over this topic for Kevin. Go ahead and run the check Kevin asked you to run and post that log back. Then do the following.
 
 
Click on START and type in CMD.EXE and when it shows on the menu right click over it and choose "Run as administrator" then type in the following exactly as shown.
 
CHKDSK C: /R
 
It will say it cannot lock the drive and ask if you want to run it after restart. Press the Y key and then the Enter key and restart the computer and let it run. It should take a least 10 minutes to run but could take hours to run and complete.
 
 
 
On Windows 7 the disk check log is in the Event Logs under Application with a heading source of  Wininit



How to Read the Event Viewer Log for Check Disk (chkdsk) in Vista, Windows 7, and Windows 8

 

 

Then go into your Event Logs and copy/paste back the results of the disk check.

 

Link to post
Share on other sites

Chkdisk log:

Checking file system on C: The type of the file system is NTFS. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 172544 file records processed. File verification completed. 339 large file records processed. 0 bad file records processed. 0 EA records processed. 10 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 215208 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 172544 file SDs/SIDs processed. Cleaning up 589 unused index entries from index $SII of file 0x9. Cleaning up 589 unused index entries from index $SDH of file 0x9. Cleaning up 589 unused security descriptors. Security descriptor verification completed. 21333 data files processed. CHKDSK is verifying Usn Journal... 36231368 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... 172528 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 46601845 free clusters processed. Free space verification is complete. Adding 16389 bad clusters to the Bad Clusters File. Correcting errors in the Volume Bitmap. Write failure with status 0xc0000015 at offset 0x3b98055e00 for 0x200 bytes. The second NTFS boot sector is unwriteable. Internal Info: 00 a2 02 00 66 f8 01 00 dd d0 03 00 00 00 00 00 ....f........... d8 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts.

I have also attached the mbam-check log

CheckResults.txt

Link to post
Share on other sites
  • Root Admin

Chkdisk log:

Checking file system on C: The type of the file system is NTFS. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 172544 file records processed. File verification completed. 339 large file records processed. 0 bad file records processed. 0 EA records processed. 10 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 215208 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 172544 file SDs/SIDs processed. Cleaning up 589 unused index entries from index $SII of file 0x9. Cleaning up 589 unused index entries from index $SDH of file 0x9. Cleaning up 589 unused security descriptors. Security descriptor verification completed. 21333 data files processed. CHKDSK is verifying Usn Journal... 36231368 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... 172528 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 46601845 free clusters processed. Free space verification is complete. Adding 16389 bad clusters to the Bad Clusters File. Correcting errors in the Volume Bitmap. Write failure with status 0xc0000015 at offset 0x3b98055e00 for 0x200 bytes. The second NTFS boot sector is unwriteable. Internal Info: 00 a2 02 00 66 f8 01 00 dd d0 03 00 00 00 00 00 ....f........... d8 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts.

I have also attached the mbam-check log

 

 

This is a good indication that your hard drive is failing. Normally bad sectors are automatically added to the sector map by the firmware of the hard drive. When the OS is having to do it then it's not normal. No way to know if the drive will fail soon or last years. I would highly recommend though that you back up all your important data and either look at replacing the hard drive or keep a close eye on it and backup data frequently.

 

 

Let me have you do the following again now and let us know how it goes. 

 

Please uninstall your current version of MBAM and reinstall the latest version. MBAM Clean Removal Process 2x

Link to post
Share on other sites

Hello, sorry for the delay, I've been pretty busy.

 

I ran the clean install process exactly as described but I still get the "1812" error.

I doubt it's related to a possibly-failing hard disk, since this same error occurs when MBAM is installed only to my primary SSD.

Link to post
Share on other sites
  • Root Admin

Please run the following MBAM clean but DO NOT reinstall the program just yet.

 

. MBAM Clean Removal Process 2x

 

 

 

Then run the following.

 

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

 

Restart the computer. Then run a NEW Full Disk check as you did before and post back the new results from the Event Logs

Then run a new FRST scan and make sure you place a check mark in the Additions.txt check box and post back both new logs.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.

 

 

 

 

 

 

Also run this

 

Please create an mbam-check log:
 

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post

 

 

 

 

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.