Jump to content

Recommended Posts

In June there was a 29 message thread on this problem.

 

I'm remotely helping a friend using TeamViewer who has MBAM premium which won't update.  Its current datbase is 2015.06.03.03.  I have reinstalled and the problem persists.  I can provide the results of a PingTraceCDN as well as access the suggested webpage at http://data-cdn.mbamupdates.com/v1/database/rules/version.chk 2015.09.12.04

 

Sat 09/12/2015 

06:43 PM

 

Pinging vip0x062.ssl.hwcdn.net [205.185.208.98] with 69 bytes of data:

Reply from 205.185.208.98: bytes=69 time=46ms TTL=52

Reply from 205.185.208.98: bytes=69 time=44ms TTL=52

Reply from 205.185.208.98: bytes=69 time=46ms TTL=52

Reply from 205.185.208.98: bytes=69 time=45ms TTL=52

Reply from 205.185.208.98: bytes=69 time=44ms TTL=52

Reply from 205.185.208.98: bytes=69 time=44ms TTL=52

Reply from 205.185.208.98: bytes=69 time=53ms TTL=52

Reply from 205.185.208.98: bytes=69 time=45ms TTL=52

Reply from 205.185.208.98: bytes=69 time=46ms TTL=52

Reply from 205.185.208.98: bytes=69 time=46ms TTL=52

 

Ping statistics for 205.185.208.98:

    Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 44ms, Maximum = 53ms, Average = 45ms

 

Pinging 69.16.175.10 with 69 bytes of data:

Reply from 69.16.175.10: bytes=69 time=47ms TTL=52

Reply from 69.16.175.10: bytes=69 time=47ms TTL=52

Reply from 69.16.175.10: bytes=69 time=48ms TTL=52

Reply from 69.16.175.10: bytes=69 time=47ms TTL=52

Reply from 69.16.175.10: bytes=69 time=48ms TTL=52

Reply from 69.16.175.10: bytes=69 time=53ms TTL=52

Reply from 69.16.175.10: bytes=69 time=48ms TTL=52

Reply from 69.16.175.10: bytes=69 time=48ms TTL=52

Reply from 69.16.175.10: bytes=69 time=50ms TTL=52

Reply from 69.16.175.10: bytes=69 time=48ms TTL=52

 

Ping statistics for 69.16.175.10:

    Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 47ms, Maximum = 53ms, Average = 48ms

 

Tracing route to vip0x062.ssl.hwcdn.net [205.185.208.98]

over a maximum of 30 hops:

 

  1    <1 ms    <1 ms    <1 ms  vip098.ssl.hwcdn.net [205.185.208.98] 

  2     8 ms     9 ms     8 ms  10.136.88.1 

  3    20 ms    21 ms    21 ms  172.30.96.49 

  4    21 ms    21 ms    21 ms  172.30.32.69 

  5    32 ms    34 ms    33 ms  12.250.158.17 

  6    34 ms    33 ms    35 ms  12.122.29.18 

  7    69 ms   146 ms   202 ms  ggr3.attga.ip.att.net [12.122.141.145] 

  8     *        *        *     Request timed out.

  9    46 ms    44 ms    46 ms  205.185.217.194 

 10    46 ms    46 ms    63 ms  vip098.ssl.hwcdn.net [205.185.208.98] 

 

Trace complete.

 

From your system's Administrator desktop, please attach the PingTraceCDN.txt file in a reply to the appropriate subforum topic's thread.

 

I can tell the difference in the appearance of the progress bar which is acquiring from one which is not from having watched successful updates.

 

Link to post
Share on other sites

Hello and :welcome: :
 

In June there was a 29 message thread on this problem.

 
That was a very specific problem with a portion of the CDN that was long ago resolved. :)
 
There are many reasons for updating failure.
It would help to know the specific error message you are seeing (or a screen shot). :)
 
If the system date and time are correct and if rebooting the computer does not resolve the issue, then we would need a bit more information in order to better help you.

Please read the following and attach to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)

 

Thank you,

Link to post
Share on other sites

Hi:
 
Thanks for the logs.
 
I am just a home user and forum volunteer, but -- all I can say is -- WOW!!!
That CheckResults.txt log *might* be some kind of record for most items in Quarantine.
 
Seriously, though, a couple of observations:
The logs suggest that MBAM was reinstalled on Sept 12, but it was NOT a proper "clean" reinstall -- the protection logs date back to November 2014.
There are a TON of items in quarantine and there may be other malware remnants on the system.
 
So, I suggest the following as a first step:

  • Please follow all the steps in this pinned topic to uninstall your current version of MBAM and reinstall the latest build - MBAM Clean Removal Process 2x -- be sure to have the license ID/Key handy before you start and be sure to reboot when prompted after running the removal tool and then again AFTER the reinstall.
    • NOTE: The clean reinstall will permanently remove all of the items in MBAM Quarantine. So, if you're not 100% sure about doing that, please proceed to the next step, below, for expert help.
  • If that does not correct the issue, then I suggest that you might want to please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
    • It explains the options for free, expert help >>AND<< the suggested, preliminary steps to expedite the process.
    • A malware analyst will assist you with looking into your issue.

Thanks,

Link to post
Share on other sites

I've removed mbam with the clean removal process and rebooted.  This is a problem with TeamViewer, there is something wrong with the way I have it set up to be able to reconnect after reboot.  I reinstalled mbam premium which resulted in a free version which I fixed with the credentials.

 

MBAM still cannot update. Stuck at v.2015.06.03.03

 

What next?

Link to post
Share on other sites

Hi:
 
Bummer.
 
It would be nice to know the exact error message (or a screen shot thereof).
 
But if the system date and time are correct, and if rebooting the system doesn't resolve the issue, then the best bet might be to head over to the malware removal section of the forum.
The combination of the many, many items in quarantine and some of the other log entries suggests that deeper work will be needed.
Such work cannot be performed here, in this particular section of the forum.

So, for expert assistance, I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
It explains the options for free, expert help >>AND<< the suggested, preliminary steps to expedite the process.

 

>>>As you have already run FRST, I would read that pinned topic to see how things work.

>>>Then I would attach the original 3 logs to a new post in the malware removal section.

>>>I'm quite certain that the malware helpers will need a new set of fresh logs, at some point.  But the original ones will give them an idea of what's going on.

 

A malware analyst will assist you with looking into your issue - the helper will assist with scanning, cleanup and repair, and with getting MBAM up and running properly.

Thanks,

Link to post
Share on other sites

Did you reboot the computer after reinstalling?

 

Is the system date and time correct?

 

What happens when you click on the blue "update now" link in the dashboard?

(The database version that ships with the installer is always out of date.  One needs to update after a reinstall.)

 

Having said all that, there may be hidden malware and/or damage therefrom (based on the previous logs).

 

So, if you are stuck on this, I suggest heading over to the other forum section for a deeper look and additional, expert assistance.

 

 

Thanks,

Link to post
Share on other sites

He has a netbook that we worked with bleeping to clean up.  I need to tune-up TeamViewer to handle reboots more gracefully before I start working on difficult problems with the desktop.  Also, his resources for backup are very limited.  Before I get too deep into deep cleaning I like to have a good backup strategy which is missing here.  This is a difficult problem from this distance and with the owner's physical condition.

Link to post
Share on other sites

Did you reboot the computer after reinstalling?

 

 

Is the system date and time correct?

 

What happens when you click on the blue "update now" link in the dashboard?

(The database version that ships with the installer is always out of date.  One needs to update after a reinstall.)

 

Having said all that, there may be hidden malware and/or damage therefrom (based on the previous logs).

 

So, if you are stuck on this, I suggest heading over to the other forum section for a deeper look and additional, expert assistance.

 

 

Thanks,

 

I'm unfamiliar with this webforum interface and I don't like it.  I can't put my replies inline in the quote.  Personally I much prefer newsgroups.  It's too bad there isn't an mbam nntp newsgroup.  They are very easy to setup; but the moderation isn't the same.

 

The computer has been rebooted.  Yes; the date is correct, you can see that date and time for yourself in both the frst files.  I didn't think it was necessary to include a video of what happens when I click the update now or the Fix Now functions in the mbam management.  There is a continuous progress bar which consists of broken elements which runs for quite a while before it quits unsuccessfully.

Link to post
Share on other sites

Hi:

Thanks for the additional information.

 

I understand your frustration.

I am just a home user and forum volunteer.

I have been trying my best to help you (and the computer owner), just as you have been trying to help the computer owner.

 

I'm unfamiliar with this webforum interface and I don't like it.  I can't put my replies inline in the quote.  <snip>


Click the "More Reply Options" radio button in the lower right corner, and then the BB Code icon to toggle to BB Code for editing, as per the attached screen shot.  That will allow you to edit to put quotes in line, as I have done.

 

 

 Personally I much prefer newsgroups.  It's too bad there isn't an mbam nntp newsgroup.  They are very easy to setup; but the moderation isn't the same.

 

 

That's a good idea, but implementation would be up to Malwarebytes management.
 

The computer has been rebooted.  Yes; the date is correct, you can see that date and time for yourself in both the frst files.  I didn't think it was necessary to include a video of what happens when I click the update now or the Fix Now functions in the mbam management.  There is a continuous progress bar which consists of broken elements which runs for quite a while before it quits unsuccessfully.

 

Updating problems can be caused by: corrupted installation; failure to reboot; wrong system date/time; software conflict; incorrect MBAM setttings; PUPs and/or malware; system damage or configuration issues; server glitches; networking or connectivity problems; etc.

 

>>In most cases on an uninfected, undamaged system, a clean reinstall solves the problem.

 

So, when it did not, the reason for asking about the specific message is that different error messages connote different possible reasons for the update failure, with different solution.  "You must be connected to the internet" vs. "unable to contact the update server" vs. "no updates available" vs. a silent failure all mean something different.  I was merely trying to exclude certain problems in an attempt to identify the problem.

 

Again, I understand that you are frustrated.

I would be, too.

 

I suggest that you may wish to wait here for additional assistance from a Malwarebytes staff member; or obtain free, one-on-one help in the malware removal section; or log a ticket at the help desk HERE for free, one-on-one help via email.

 

Thank you again for your patience and understanding,

 

 

post-29793-0-38978200-1442192331_thumb.p

Link to post
Share on other sites

Hi:

Thank you for the update.

I'm VERY glad that you were able to resolve the updating problem. :)
 

I used the old database condition and initiated a scan which involved an update process and which eliminated 25 pups.


Yes, the program will attempt to update before performing a manual scan.

That's to be sure the program scans with the current database, to minimize the chance of false-positives or false-negatives.

 

This screenshot is after that scan which shows current database.


That is EXCELLENT news. :)

 

>>Some PUPs can be rather pesky to fully remove

If you wish a bit of additional free, expert assistance with checking the system for remnants, please feel free to take advantage of the options listed in my previous reply.

 

Thanks again,

Link to post
Share on other sites

  • 3 weeks later...

Hello: :)
 
Sorry you are having trouble again.

 

Until a staff member has a chance to review the new logs....
 
The logs still show a lot of PUPs in quarantine and other evidence of possible malware damage.
 
Deeper work will be needed to help resolve the problem.

We are not permitted to work on possible malware-related issues here in this section of the forum.
Such work is conducted in a special forum area reserved for that purpose, or at the help desk.

So, for expert assistance, I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.

As you have already run FRST, after reading the pinned topic, you just need to attach the same logs to a new separate post in the malware removal section.

A malware analyst will assist you with looking into your issue - the helper will guide you, one-on-one, for free, through scanning, cleanup and repair.

Thanks,

Link to post
Share on other sites

  • Staff

Just to mention,

 

 

Loaded Profiles: Jack (Available Profiles: Jack & logan)

 

 

 

Jack (S-1-5-21-2108881583-117912961-3019965817-1000 - Administrator - Enabled) => C:\Users\Jack
logan (S-1-5-21-2108881583-117912961-3019965817-1003 - Limited - Enabled) => C:\Users\logan

 

 

The update issue may be related to the aka*.ref files issue on Limited User Accounts, which we addressed in the short term using our mbam2-rules.exe

 

You may want to consider installing the 2.2 Beta release, which has that fix built into the installer, detailed here:

https://forums.malwarebytes.org/index.php?/topic/173443-malwarebytes-anti-malware-220-beta-1-now-available/

 

If you do, I'd recommend a clean uninstall and reinstall as detailed here:

https://forums.malwarebytes.org/index.php?/topic/122284-mbam-clean-removal-process/

Link to post
Share on other sites

Yes, @tetonbob is definitely on to something. (Thanks for adding that!)

 

I had noticed your limited/standard user accounts on the system.

So that might be what you are seeing.

I was going to post his previous workaround (which is no longer needed, with the availability of the 2.2.1.x BETA).

But then I saw that you had run mbam-check from an Admin account.

So, I wasn't sure if you were really having the LUA issue updating or not?? :unsure:

 

In any event, it won't hurt to try the new build.

If the problem *was* the LUA updating problem, the new build should fix it, I would think. :)

 

Having said that, the logs DO show a lot of PUPs in quarantine.

It might still be worthwhile to get some free, expert help with a deeper scan/cleanup, even after the 2.2.1.x upgrade.

 

<just a suggestion>

 

Please let us know how it goes.

 

 

Thanks!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.