MBAM Premium v2.2.0 Crashes at Boot-up if Self-Protection Enabled

[lmacri]

Is anyone aware of a known issue where MBAM Premium v2.2.0 (mbam.exe) can crash at boot-up when the self-protection module is enabled?  

I recently enabled the self-protection module (Settings | Advanced Settings | Enable self-protection module) of my MBAM Premium as recommended in the 01-Feb-2016 Malwarebytes Unpacked blog entry Malwarebytes Anti-Malware Vulnerability Disclosure (https://blog.malwarebytes.org/news/2016/02/malwarebytes-anti-malware-vulnerability-disclosure/).%C2'> Now mbam.exe crashes when I boot up my 32-bit Vista system (see attached APPCRASH errors - fault module is always kernel32.dll) regardless of whether self-protection early start (Settings | Advanced Settings | Enable self-protection module | Enable self-protection early start) is enabled or disabled.

MBAM APPCRASH Error Messages Feb 2016.txt

My Norton Internet Security always has early boot time protection enabled to ensure that my antivirus protection loads early in the boot process (Settings | Computer | Real-Time Protection | Enable Boot Time Protection | Aggressive), but this Norton setting does not prevent mbam.exe from loading correctly at boot-up as long as MBAM's self-protection is disabled. 

Creating mutual scan exclusions for both my MBAM v2.x executables and Norton installation folder doesn't help.
-------------
32-bit Vista Home Premium SP2 * Firefox v44.0 * NIS v.21.7.0.11 * MBAM Premium v2.2.0.1024
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

[1PW]

Hello lmacri:

At this time, all that can be gleaned from the information you provided is that Windows' kernel32.dll claims to have failed initialization. If you have records that have preserved that MBAM's license ID/Key, then deactivate MBAM's license and follow the instructions below followed by reactivation of MBAM to Premium licensing near the end of step 1 for functional testing:

• Please try the following and reply if this corrects your issue: MBAM Clean Removal Process 2.x.
• If that does not correct the issue, then please read the following and individually attach the 3 requested logs in a reply to this thread: Diagnostic Logs.
• The 3 files, from Step 2, to be individually attached from your desktop are: CheckResults.txt, FRST.txt and Addition.txt. Please do not Copy and Paste them into a reply.

Please update the status of your issue in a reply to this thread.

Thank You.

[lmacri]

Hi 1PW:

Thanks for your response.  I've attached the requested diagnostic logs, but unless you can see obvious evidence of a malware infection I don't want to waste your time, or mine, digging too deeply for the root cause of this problem.  At this point I'm just wondering if other users have reported a similar mbam.exe crashes when MBAM's self-protection module is enabled.
 

CheckResults.txtFRST.txtAddition.txt

 

I actually have a much more serious problem with MBAM Premium that started with v2.0.3.  When Malicious Website Protection (MWP) is enabled it causes important Norton Internet Security tasks such as Pulse Updates, Automatic LiveUpdates and Insight scans of downloaded files to fail because MWP prevents Norton from connecting to the backend Symantec servers.  If you're interested, trace routes to Symantec servers that I ran with MWP enabled are posted in my thread Norton Pulse Updates Fail when Malicious Website Protection Enabled at https://forums.malwarebytes.org/index.php?/topic/161955-norton-pulse-updates-fail-when-malicious-website-protection-enabled/?p=966377.

Several months after I first contacted the Malwarebytes Help Desk I was told that this conflict with Malicious Website Protection and Norton is likely specific to 32-bit Vista and related to a problem where Malwarebytes Web Access Control (MWAC) "can act oddly on occasion".  This problem hasn't been widely reported by other Norton/MBAM Premium v2.x users and would be a low priority for the software development team so I have been told that "there is no solution or workaround we can offer for you at the moment".

I suspect that this new issue with mbam.exe crashing at boot-up when MBAM's self-protection module is enabled is also related to my 32-bit Vista OS and/or another conflict with Norton.  I've been told by a Malwarebytes employee that "Vista is no longer supported even by Microsoft" (I respectfully disagree - extended support for Vista SP2, including monthly security updates, will not end until April 11, 2017) so I might just have to disable all my MBAM Premium real-time protection if Malwarebytes has this many problems running on Vista.

-------------
32-bit Vista Home Premium SP2 * Firefox v44.0 * NIS v.21.7.0.11 * MBAM Premium v2.2.0.1024
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

 

[1PW]

Hello lmacri:

 

I have asked a knowledgeable staffer to weigh-in with any other known insights.

 

Thank you for the log files too.

[lmacri]

Hi 1PW:

 

Cheers.  I should mention that I took a quick look through my diagnostic logs and noticed that Addition.txt listed multiple issues related to mwac.sys and chameleon.sys in the CodeIntegrity section.  Here's an excerpt:

 

CodeIntegrity:
===================================

 

  Date: 2016-02-06 20:26:04.556
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-06 20:26:03.620
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

I wonder if this could be connected to the current problems I'm having with Malwarebytes Web Access Control (MWAC) and Malwarebytes Self-Protection (a.k.a. Chameleon) on my 32-bit Vista system?  I checked in C:\Windows\System32\drivers and both drivers are signed by Malwarebytes Corporation and I can't see any obvious problems with the digital signatures or certificates.

-------------
32-bit Vista Home Premium SP2 * Firefox v44.0 * NIS v.21.7.0.11 * MBAM Premium v2.2.0.1024
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

[1PW]

Hello lmacri:

Since the Addition.txt log does indicate the computer is having an issue with at least one MBAM installed file, and corrective actions are not permitted in this subforum, please consider following the advice from the topic: Available Assistance for Possibly Infected Computers and have one of the Malware Removal Experts assist you with those issues. Please understand that system infection is not necessarily suspected at this point.

If, as recommended, you do open a topic in Malware Removal Help, please make reference to this thread.

If you would like to get off to a very fast start, the Malware Removal Experts would appreciate it if you would also attach (not copy/paste) both the FRST.txt, Addition.txt and CheckResults.txt output diagnostic reports from Log Sets 1 and 2 into your new topic. Please do not tick, nor untick, any pre-configured FRST categories.

Thank you.

[lmacri]

Hi P1W:

Thanks for the suggestion, but I provided multiple sets of diagnostic logs to the Customer Support Help Desk and also had my system checked for malware in the Malware Removal Help forum a few months ago to confirm that my system was clean, so I'm confident that my Norton conflict with Malicious Website Protection has nothing to do with a malware infection.  Malwarebytes has also been very clear that bug fixes for Vista users are not a priority.

For now I'll just disable my real-time protection and use MBAM sparingly as an on-demand scanner until the current spoofing vulnerability is patched in the upcoming v2.2.1 release.  I'll continue monitor this forum and see if anyone else reports a problem with mbam.exe crashing when the Self-Protection module is enabled.  If my problems still persist in v2.2.1 I'll reconsider opening another topic in the Malware Removal Help forum.
-------------
32-bit Vista Home Premium SP2 * Firefox v44.0 * NIS v.21.7.0.11 * MBAM Premium v2.2.0.1024
HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

[1PW]

Hello lmacri:

 

As was indicated above, malware itself has not actually been suspected/proven and running your system without MBAM's Self-protection module enabled could be problematic. Running without MBAM's real-time/on-access malware protection is most certainly dangerous.

 

I have asked a senior Malwarebytes staffer, who is separate from the Consumer Support Help Desk department and who is very MBAM knowledgeable, to weigh-in on your topic.

 

Thank you for your patience and understanding.

[AdvancedSetup]

I don't believe the computer is infected but it does have some things wrong with it that could be the cause. If you'd like I can attempt to help you clean it up and fix said items. Open a new topic in the removal forum as suggested by 1PW and just say that you're waiting for AdvancedSetup to help you in that new post. Then send me a private message or post here with the link to the new topic and I'll help you out with it.

 

 

 

Thanks

 

Ron

[lmacri]

I don't believe the computer is infected but it does have some things wrong with it that could be the cause. If you'd like I can attempt to help you clean it up and fix said items. Open a new topic in the removal forum as suggested by 1PW and just say that you're waiting for AdvancedSetup to help you in that new post.

 

Hi AdvancedSetup:

 

Thanks for the offer, but are you seeing any obvious problems in the logs I attached in post # 3 of this thread that weren't present when you checked my system a few months ago in the Malware Removal Help board at https://forums.malwarebytes.org/index.php?/topic/171640-cant-run-windows-update-after-pupoptionalspigota-removal/?p=984449.  The Addition.txt file I attached in that older thread also showed multiple Code Integrity errors for mwac.sys, and after you'd cleaned up some stray files and registry entries I confirmed that your tune-up hadn't solved the conflict with Norton background tasks and MBAM's Malicious Website Protection.

 

I believe it was Albert Einstein who said, "Insanity is doing the same thing over and over and expecting a different result."   I think it would make more sense for me to wait a few weeks and see how the upcoming MBAM v2.2.1 update behaves on my 32-bit Vista system before deciding how to proceed, unless you saw something that points to a serious problem in my latest set of logs.

-------------

32-bit Vista Home Premium SP2 * Firefox v44.0.1 * NIS v.21.7.0.11 * MBAM Premium v2.2.0.1024

HP Pavilion dv6835ca, Intel Core2Duo T5550 @ 1.83 GHz, 3 GB RAM, NVIDIA GeForce 8400M GS

[AdvancedSetup]

I don't know that we can correct conflicts between our blocker and Nortons. Its quite possible that we cannot and it would take software engineering changes to the program to possibly correct. What I'm saying is that currently the logs do show new issues where things are not working correctly. Would it fix it (possibly not) - the offer is more so to help you fix some obvious issue if possible (sometimes its not possible) regardless of our program. Offer still stands so you let me know

 

Thank you again

 

Ron