Jump to content

Recommended Posts

I'm getting the same error messages with the protection module too, everything else works fine.

if I start up the module again, I get the icon in the tray, then the "unexpected termination" message.

Here is a list of error messages, the event log and the apps running in my tray.

Nick

[openevent] failed to perform desired action, error code 2

Mbam service terminated unexpectedly; see event log for details.

event log:

Event Type: Error

Event Source: MBAMService

Event Category: None

Event ID: 1

Date: 6/18/2009

Time: 8:46:55 PM

User: N/A

Computer: DOWNSTAIRS

Description:

The description for Event ID ( 1 ) in Source ( MBAMService ) cannot be found.

The local computer may not have the necessary registry information or

message DLL files to display messages from a remote computer. You may be

able to use the /AUXSOURCE= flag to retrieve this description; see Help and

Support for details. The following information is part of the event:

MBAMService, mbamservice.exe: CreateFile failed with error code 5.

Windows XP home edition ver. 5.1 build 2600 service pack 3

Zone Alarm Security Suite version:8.0.298.035

Shadow for windows version 3.7.1.37

Link to post
Share on other sites

  • Root Admin

Hi Nick,

Have you attempted the procedures posted here: http://www.malwarebytes.org/forums/index.php?showtopic=17605

Shown in your Event Log: CreateFile failed with error code 5.

Error 5 means: Access is denied

Since I have not been able to duplicate this error myself I have to assume that some other process or permission on the system is blocking it from being created. That is what this other posting is about.

Link to post
Share on other sites

Hi Nick,

Have you attempted the procedures posted here: http://www.malwarebytes.org/forums/index.php?showtopic=17605

Shown in your Event Log: CreateFile failed with error code 5.

Error 5 means: Access is denied

Since I have not been able to duplicate this error myself I have to assume that some other process or permission on the system is blocking it from being created. That is what this other posting is about.

I had been running ZoneAlarm with MBAM set to super trusted, now I've changed the setting to "do not enforce" and the code 5 no longer comes up...

but the "Start protection button is black and above it says "Protection module is disabled"

but clicking the button brings up the two error messages, but with the button grayed out.

[CreateService] failed to perform desired action, error code 1073

then another box comes up saying " the protection module is already running"

but closing MBAM, then restarting it shows protection disabled again.

the event viewer shows:

Event Type: Information

Event Source: gusvc

Event Category: None

Event ID: 0

Date: 6/19/2009

Time: 4:47:03 PM

User: N/A

Computer: DOWNSTAIRS

Description:

The description for Event ID ( 0 ) in Source ( gusvc ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.

Link to post
Share on other sites

[CreateService] failed to perform desired action, error code 1073

then another box comes up saying " the protection module is already running"

but closing MBAM, then restarting it shows protection disabled again.

the event viewer shows:

Event Type: Information

Event Source: gusvc

Event Category: None

Event ID: 0

Date: 6/19/2009

Time: 4:47:03 PM

User: N/A

Computer: DOWNSTAIRS

Description:

The description for Event ID ( 0 ) in Source ( gusvc ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.

An addendum,

On bootup, mbam appears in the tray for a few seconds before the message "Mbam service terminated unexpectedly"

then the icon disappears.

I've tried everything in the link with no change...

Could the service be looking for something in the registry that was not added during the Mbam install?

could I manually add it?

I've been unable to find out how to give a program permission to change the registry in ZoneAlarm.

Nick

Link to post
Share on other sites

Hi Nick, Can you look in Zone Alarm, Program Control, Programs, See if you can find Malwarebytes (or any of Malwarebytes files) and it is not blocked -- It should have a Green checkmark next to the Malwarebytes programs/files

EDIT: Please see this thread: http://www.malwarebytes.org/forums/index.php?showtopic=10138 In regards to error 1073.. Post no. # 3

Link to post
Share on other sites

Hi Nick, Can you look in Zone Alarm, Program Control, Programs, See if you can find Malwarebytes (or any of Malwarebytes files) and it is not blocked -- It should have a Green checkmark next to the Malwarebytes programs/files

EDIT: Please see this thread: http://www.malwarebytes.org/forums/index.php?showtopic=10138 In regards to error 1073.. Post no. # 3

In the program/program section of zonealarm, All three mbam*.exe files have green checks in all columns and supertrust level set.

I have also added the three exe files from the mbam directory to the antivirus exception list as shown in the link.

After rebooting the computer, when I bring up mbam and click the protection button, I get the message box that the protection module is now protecting your computer. Then another box pops up saying "[openevent] failed to perform desired action, error code 2" and the icon disappears from the tray.

closing mbam, then reopening it and clicking the button shows no icon in the tray, just the message box

that says "[CreateService] failed to perform desired action, error code 1073"

then 20 seconds later another box "[openevent] failed to perform desired action, error code 2"

The registry shows a questionable (in my opinion) key value,

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMProtector

Imagepath has the value "\??\C:\WINDOWS\system32\drivers\mbam.sys"

Nick

Link to post
Share on other sites

The registry shows a questionable (in my opinion) key value,

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMProtector

Imagepath has the value "\??\C:\WINDOWS\system32\drivers\mbam.sys"

Nick

One more thing:

I disabled zonealarm at boot up and when I checked the Processes to make sure it wasn't running, I noticed that MbamService was running.

but after starting the module (and it erroring out)

I noticed MbamService was no longer running

Link to post
Share on other sites

OK Nick, thank you for the report on zone alarm. I would like you to try this: go the the link below please:

http://www.malwarebytes.org/forums/index.php?showtopic=10138

Go to Post # 3 in the thread.

When I try to Start Protection I get an error code 1073! Help!

I would like you to follow those instructions please & report back. Step by Step 1 thru 9

Make sure you can find your email with your license key you will have to re-register the program.

no. 3 you will do a total removal of mbam, and no. 5 is the 1.38 download mbam link.

Let me know if theres any questions? Post back to us with how thing went.

Link to post
Share on other sites

OK Nick, thank you for the report on zone alarm. I would like you to try this: go the the link below please:

http://www.malwarebytes.org/forums/index.php?showtopic=10138

Go to Post # 3 in the thread.

When I try to Start Protection I get an error code 1073! Help!

I would like you to follow those instructions please & report back. Step by Step 1 thru 9

Make sure you can find your email with your license key you will have to re-register the program.

no. 3 you will do a total removal of mbam, and no. 5 is the 1.38 download mbam link.

Let me know if theres any questions? Post back to us with how thing went.

Mbam deleted, but running Mbam-clean gave me an error box "Failed to delete MbamProtector: error code 1072"

then the reboot box.

Should I reinstall after reboot, given the failure?

Link to post
Share on other sites

If you reinstall I think you may come up with the same prob. Try doing a re-boot then go into the safe mode (most pc's F8)

and run the clean tool in there in safe mode. & please post back if there any errors or anything thats not right. If there are we may have to scan & post hiJackLogs. but try it in the safe mode?

Link to post
Share on other sites

If you reinstall I think you may come up with the same prob. Try doing a re-boot then go into the safe mode (most pc's F8)

and run the clean tool in there in safe mode. & please post back if there any errors or anything thats not right. If there are we may have to scan & post hiJackLogs. but try it in the safe mode?

when run under safe mode I get the Message "SHgetValue failed with error code "

Link to post
Share on other sites

wait one Nick I'm reading all your posts. will post back in a min.

All of these are in your ZA & Trusted right

C:\WINDOWS\system32\drivers\mbam.sys

C:\WINDOWS\system32\drivers\mbamswissarmy.sys

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref (Windows 2000/XP)

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref (Windows Vista)

EDIT: Nick, reboot the pc & reinstall mbam, report back any errors please.. lets see what happens. I'll be here

Link to post
Share on other sites

wait one Nick I'm reading all your posts. will post back in a min.

All of these are in your ZA & Trusted right

C:\WINDOWS\system32\drivers\mbam.sys

C:\WINDOWS\system32\drivers\mbamswissarmy.sys

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref (Windows 2000/XP)

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref (Windows Vista)

EDIT: Nick, reboot the pc & reinstall mbam, report back any errors please.. lets see what happens. I'll be here

Install went OK (no errors)

all of the above are excepted in za antivirus

on reboot the protector icon appeared in the tray

Message: "Mbam service terminated unexpectedly; see event log for details"

Icon disappeared.

clicked Protect button.

Message: "[openevent] failed to perform desired action, error code 2"

MbamGui still running in prcess box.

20 secs later: gone.

Clicked protect again.

message: "[CreateService] failed to perform desired action, error code 1073"

Then 2nd message: "Mbam protection already running"

but no Mbams in the process box.

Link to post
Share on other sites

At this point I'll need you to follow these instructions please: you will move up to where they can read your logs, I'll post the instructions. and you'll be off to another forum. If you have any questions, ask now. Let the know you had error 1073 & 1072 and what ever other error you have & a brief rundown of your prob.

Scan and post logs - read note at bottom in green

If you're having Malware related issues with your computer that you're unable to resolve.

  1. Please read and follow the instructions provided here: I'm infected - What do I do now?
  2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
  3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.
  • Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
  • Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
  • Using these other tools often makes the cleanup task more difficult and time consuming.
  • If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
  • Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
  • There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review
  • NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.