Jump to content

BSOD when starting MBAR


Recommended Posts

Have been using MBAR 1.8.3.1004 with no problems for a while now.  I've been running it every 10 days or so. 

Today I forgot to stop MBAM before starting MBAR; I immediately got the BSOD with this announcement  "A driver has overrun a stack-based buffer...)  STOP:F7.  Listed at the bottom was the driver mbamchameleon.sys.

 

I restarted the computer and tried MBAR again. I got another BSOD with the same announcement, same stop error but the listed driver was mbamswissarmy.sys.

 

I restarted the computer, stopped MBAM malware protection and malicious website protection. Started MBAR.  I got the same BSOD with the same announcement, same stop error but this time no driver was listed.

 

I've reinstalled MBAR and MBAM but problem persists.

 

Next steps?

Link to post
Share on other sites

Hello TripodBob:

  • Please locate and individually zip the latest two dump files which are very likely located within the C:\WINDOWS\Minidump directory.
  • Then, please read Diagnostic Logs and individually attach the requested files only from Log Set 1 and the zipped dump files in a reply to this thread. Please do not copy/paste nor zip the Farbar output diagnostic text files.

Thank you. :)

Link to post
Share on other sites

Hello TripodBob:

 

Thank you for the perfect Farbar report files. The FRST.txt report reveals a recent .DMP file at:

2015-02-14 21:35 - 2013-09-22 05:52 - 00000000 _____ () C:\WINDOWS\MEMORY.DMP
If the above date and time coincides with any MBAR related BSOD, then please use either of your currently installed 7-Zip, or WinRAR apps, to compress that .DMP file and attach it in a reply to this thread.

If that compressed file is not compatible with the IP.Board software that supports this Malwarebytes Community Forum, you may be requested to temporarily alter your XP's settings for processing BSOD dumps.

Thank you. :)

Link to post
Share on other sites

Hello TripodBob:

 

Thank you for your good effort. :)

 

If you are willing to invest a bit more time and effort, a minimal amount of crash information may still be gleaned.

 

1. If you have super easy access to any digital camera, please photo the next BSOD display such that you crop the image to yield the most focused/readable result of the entire blue screen's content.

 

e.g. http://www.pcstats.com/articleimages/200409/BSOD_2.gif

 

or

 

2. Please manually record the blue screen's most relative variable information (usually in the top-most 25%, and the bottom-most 25%) and include this, or an image from above, in your next reply.

 

Thank you for your continued patience and understanding. :)

Link to post
Share on other sites

  • Staff

TripodBob, does the BSOD occur if you run a scan in Safe Mode?

 

Also, can you avoid BSOD by running MBAR this way?

•Please run Malwarebytes Anti-Rootkit (MBAR), but we need to run it a special way. Open a command prompt, and CD to the \mbar folder.
You can copy/paste this command assuming mbar folder is on desktop as expected:

cd "%userprofile%\desktop\mbar"

•In the black command prompt box, type in the following and press Enter:
mbar.exe /z

(note - there is a space between mbar.exe and /z)

•MBAR will launch. Update as usual, then click 'Next.

Click Scan.
•If malware is found, do NOT press the Cleanup button when the scan completes. Click EXIT.

Please send me the system-log.txt for review by our developers. You can just attach that log as well. It's in the mbar folder on your desktop.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.