Database Version?

[Guest]

I discovered this problem at 2:38AM  & reported at 7:30AM EST. The protection logs show failures to update, but not every time. Now I have one PC at 8.30.7 and another at 8.30.10. Both Win 7. McAfee Firewalls are all OK for MBAM & MBAE. Sometimes the database updates, sometimes it does not. Sometimes you get an 'unable to connect to the server' message but sometimes there is just no version change. This applies to both Manual & Scheduled updates. I see other forum users who use Norton & Kapersky and are troubleshooting without success. I have seen WIn 10 forum users troubleshooting without success. I have had no other program updated since 8/6/2016. I think this may be a MBAM issue; not an individual conflict. 

[Guest]

Pinged from command prompt

data-cdn.mbamupdates.com

No lost packets

[wildman424]

23 minutes ago, BBK said:

Pinged from command prompt

data-cdn.mbamupdates.com

No lost packets

Its online and responding. What does a tcpview log reveal?

I get the following:

	mbam.exe    1060    TCP    wildthang1.hsd1.wv.comcast.net    1705    ec2-23-21-118-177.compute-1.amazonaws.com    https    CLOSE_WAIT                                        
	mbam.exe    1060    TCP    wildthang1.hsd1.wv.comcast.net    2629    vip098.ssl.hwcdn.net    https    ESTABLISHED           
	

You may want to start your own topic so someone from the Malwarebytes Team can help you. If you append to my topic your post might accidentally get overlooked.

 

Edited August 30, 2016 by wildman424

[Guest]

Wildman; Call me the fool..how can I get the tcpview log? I see you are Comcast.

BTW- My scheduled scan at 3:40 was running and I opened the dashboard....it was checking for updates during Heuristic Analysis. My other PC, after a 'unable to connect to database' message, manually updated immediately after to 8.30.10 (was stuck at 8.30.7). I get a different result each time; it's driving my nutty. 

I sent info & logs for both PC's to Tech Support @7:30 AM; no reply yet.

[wildman424]

3 minutes ago, BBK said:

Wildman; Call me the fool..how can I get the tcpview log? I see you are Comcast.

 from Microsoft TechNet

https://technet.microsoft.com/en-us/sysinternals/tcpview

Comcast is my service provider.

I think my issues are resolved. Just waiting for an update to come through to be sure. Pretty sure it was the firewall.

[wildman424]

41 minutes ago, BBK said:

Update from MBAM? Update from Virus Protection? Microsoft?  I do know something changed between midnight last night and 2:38AM. If resolved could you please update? Thanks.

My issue was with my firewall. I had to uninstall and do a clean reinstall of Malwarebytes because I had forgotten my password for the access policies I had set. Somewhere during the process of reinstalling the settings in my firewall had gotten screwed up. So right after the reinstall of MBAM it wouldn't update. That's what I was troubleshooting.

The issue you're experiencing might be different or have a different cause. You mentioned that you have contacted support, so you might want to wait until they get back in contact with you, or start a new topic here: https://forums.malwarebytes.org/forum/41-malwarebytes-anti-malware-help/   so someone from the support team can work with you one on one about the issue.

You can try to do a clean removal & clean reinstall, that sometimes fixes a lot of problems. Instructions on how to do that are here:

https://forums.malwarebytes.org/topic/146017-mbam-clean-removal-process-2x/

 

Edited August 30, 2016 by wildman424

[daledoc1]

Hi, @BBK:

It looks as if the forum staff has split off your posts to a separate topic.

There are many possible reasons for updating issues, e.g. software conflicts, system configuration/networking issues, MBAM settings corruption, server issues, even malware.

Do you still need help?

If so, and if it's for more than one computer, can you please describe in detail the issues you're having, for one computer at a time?
The exact wording of any error messages and/or screen shots would also be helpful.

Thank you,

[Guest]

Hi Daledoc1: Actually I am a DaleMom. My Dale went to the Rainbow Bridge & I miss his comedy every day.

I need help. I have 2 PCs, identical except for Spotify, which is not on this PC. Sometimes the updates work, sometimes they fail. No continuity in the fails or successes.I have been sending logs and data to MBAM support. They sent me a MBAM Repair tool that doesn't work. Reported this, but never heard back,

For you, as an example, here is a Protection Log from this PC today. This PC was up all night. Updates failed in morning then.....suddenly updated to 9.4.6. I ran the MBAM Diagnostics yesterday (again, the Repair part of the tool doesn't work). Results attached.

My other PC was booted up this morning. I decided to try to run MBAR on my other PC this morning since it was stuck at 9.4.2. I tried to update MBAM manually & also ran a scan but it would not update the version either way.  My result was MBAR updated the database to 9.4.6 inside the MBAR tool but not in MBAM application (the tray icon bubble showed 9.4.2). During the rootkit database update, I got a HOST FAILED error. I have that screenshot on my other PC right now. I returned to MBAM still at 9.4.2. Rebooted & checked updates manually. It updated to 9.4.6.

Botton line: This problem started late night EST on 8/29/16. All protection logs on both PCs were perfect before that date. I uninstalled anything I think may conflict. My McAfee firewall is fine. The problem is on both Win7 PCs. I have not installed any new software. I also use Hitman Pro & CC Cleaner. 

Sometimes a reboot with a 2nd try manually works. Sometimes not. The manual & scan 'check updates' takes up to 4 minutes. I often get the same database version as I had before as a result of a manual update instead of the "no updates available" message. I can ping the database server with no loss of packets. 

So fellow Airedale Admirer...any ideas? 

ProtectionLog090416.txt

MBAMDiagnostics.zip

[Guest]

Hi Daledoc:  It appears  MBAR does not work on either PC. This is the PC from the above message. The database version updated to the version in bubble (lower right) of 9.4.7 and and then reverted to the database from August (the last time I ran the MBAR tool) after the fail.. 

When I was scanning around 7:00, I checked the dashboard while 'scanning files' (right before heuristics). I found 'check for updates' was still trying to load and the scan was almost done. 

I hope this info is not worthless. I don't know what to give you that may have more value.  Thank you.

[daledoc1]

Hi:

Thank you for the detailed update.

Yes, Airedales are TFAOTP***, a unique combination of style, brains and clownish wit. That is for sure.

I have escalated your case to the forum staff. Until someone has a chance to respond, I suggest the following:

• Please tell us your Help Desk Ticket number (and whether or not the ticket is still open); AND
• Please re-attach the 3 native logs as *.txt files, rather than in a zip archive (the 3 logs will be FRST.txt, Addition.txt and CheckResults.txt) (this is for safety).
  • I assume we are working on only 1 computer at a time (to reduce confusion)?
  • The underlying cause (and solution) may well apply to both computers, but it will be helpful to work on one at a time.

While we wait for staff assistance, one minor point of clarification.  Database updates are published 8 to 10 (sometimes more often) times a day.  So, even if your MBAM Premium is configured to check for updates every hour, there may or may not be an available update each time the program checks for one.  Update checks performed under the scheduler when there are no new databases available are not logged.  Only update checks with available new databases are logged.   IOW, it's not necessarily abnormal to get "no updates available" from time to time.

Thanks for your patience.
 

***

Spoiler

The Finest Animals On The Planet.

 

Edited September 5, 2016 by daledoc1
forum glitch > 2 spoilers

[Guest]

Thanks, Daledoc; Here you go...We will call this PC1.   I attached the MBAR 'Host Faii' screenshot in the other topic but will add a copy here for you. The still open case number (still no reply) is  Case #: 1095326  serviced by Tim E. I also have attached today's ProtectionLog where you can see the failures of earlier versions 9.5.2 &9.5.3 and a photo of my favorite AireMan.

Thank you for everything. Let me know what else is valuable.

FRST.txt

CheckResults.txt

Addition.txt

ProtectionLogToday.txt

[daledoc1]

Hi:

Thanks for the logs and photo. Sweet little dude. Did he have the 1-gallon-beard or the 2-gallon-beard? (Only people owned by Airedales will understand that question.)

Let's put the MBAR issue aside for now, to focus on MBAM.  As I mentioned in your other thread, MBAR really is not designed for DIY use.  For what it's worth, however, I just downloaded the program and updated it without issue.  So, the problem does seem to be on your end.  However, it's likely related to the MBAM issue....

OK, while we wait for more expert help and a detailed review of your logs, one giant factoid leaps out from your CheckResults.txt log:  the daily protection logs date all the way back to September 22, 2014.  That's nearly 2 years.  So, any MBAM reinstalls or upgrades you may have performed in the past 2 years were not "clean" installs/upgrades.
You also have some malware remnants in quarantine.  Both of these could be interfering with updating.

I cannot promise this will fix the problem, but a proper, "best practices" CLEAN reinstall ***might*** fix the immediate issue with updating.

To do that, please carefully follow all the steps in this pinned topic: MBAM Clean Removal Process 2x

• Please be sure you have your license info handy before you start
• Please deactivate your license before you start (dashboard > my account > deactivate)
• Please be sure to reboot when prompted by the removal tool (very important!) and again after the reinstall.

Please let us know how it goes.  We may advise you how to set mutual exclusions between MBAM and McAfee when you have reinstalled....

In the interim, please wait for a Malwarebytes staff member to review all of your logs in greater detail.  Someone will respond as soon as possible.

Thanks,

Edited September 8, 2016 by daledoc1
Fixed link

[AdvancedSetup]

Hello @BBK

 

Just to clarify. Are you having MBAM (Malwarebytes Anti-Malware) update issues or MBARW (Malwarebytes Anti-Ransomware) issues, or MBAR (Malwarebytes Anti-Rootkit BETA) updates ?

 

You mention MBAM but show an image for MBAR but you also talk about MBARW so knowing which one you're actually having issues with will help.

Thank you

 

 

[daledoc1]

Hi, @AdvancedSetup:

I could well be wrong (quite a few posts in at least 2 different threads), but I think the primary issue was/is with MBAM updates.

Then, having problems with MBAM, the OP tried MBAR-Beta (Anti-Rootkit Beta) and could not update that, either?

@BBK, is that correct?

Thanks for clarifying for us.
And, unless @AdvancedSetup disagrees, it does look as if a clean reinstall of MBAM might be a good starting point.

Cheers,

[AdvancedSetup]

I agree, a clean removal and reinstall often fixes issues like this.

 

[Guest]

Oh this is really bad.  I did the clean uninstall & reinstall of MBAM...3X.  I get a database 2.6.16 and cannot get any updates. I get the same version number or 'unable to access database'. I downloaded from the Malwarebytes site because the link from Root Admin in the Forum did not work. My ID & Keys entered OK, but I may have forgotten to deactivate the last attempt. I rebooted as instructed .

Please help me.  

[Guest]

Here is 'Check Results' after the last uninstall & reboot.

CheckResultsAfterUninstall Reboot.txt

[daledoc1]

Hi, @BBK:

There's definitely something going on with your system, given that you cannot update MBAM, cannot update MBAR, and cannot download the MBAM installer from the product page (I just tested the link HERE in THIS PINNED TOPIC and it works just fine.)

The last CheckResults log you posted shows that MBAM is uninstalled.  So, alas, it doesn't add much to the troubleshooting at this time.  That's OK.

There may be something like a hidden software conflict, OS corruption, networking problems, or even malware.
Please sit tight until @AdvancedSetup can return to further assist you. Please do not make any further changes to the system at this time.
He may move this thread into the malware removal section for deeper, one-on-one assistance, using additional tools.
I'm confident he'll get you straightened out.

>>While we wait for him, it may help to grab a fresh set of FRST logs.
>>Please delete the copy of the FRST tool that you have and grab a fresh copy.
>>Before you run it again, please be sure there is a checkmark in the "Addition.txt" option.
>>Please attach the new logs (FRST.txt and Addition.txt) to your next reply.

Sorry I could not help you -- this one has me stumped.  It's gonna take a bit of Terrier Tenacity to get this sorted.

Thanks for your patience.

[AdvancedSetup]

Hi @BBK

I see that you've opened a new ticket with the Helpdesk this morning. Since you have a new open ticket with them and they can assist you and fix any license issues as well it's probably best to stay with them for now, though if you do need further assistance please let me know.

You should be in good hands with the Helpdesk

Thank you

Ron

 

[daledoc1]

Ah, OK.

Thanks, @AdvancedSetup.

Good luck, @BBK.

 

[Guest]

Well, I don't feel I am in very good hands lately with the help desk because they just skim the text.... and didn't even respond in the last 2 cases. My husband thought I should do 'contact us' to see if I got any response.... and we didn't know if you work the forum every day.

But....after several more uninstall/reinstalls, the MBAM finally updated. I attached the Protection Log for today and the Check MBAM after the updates applied.  If the update failures continue, I'm going to need some help to exclude the database update IP from McAfee in case they are the culprit. Last year one of their updates crashed IE11 and it took some time for them to get that fixed.  Root & Daledoc1 ...you have been fantastic  to me & I am so very grateful to you both. Can someone verify the current rootkit version is still 8.15.01?

Many thanks.

ProtectionLog090616.txt

CheckResults.txt

[Guest]

I spoke a  little soon...I went to test the Anti-Rootkit and got the Host Not Found Failure again. So, maybe mostly fixed but........Sorry.

[AdvancedSetup]

Hello @BBK

I only see one open ticket on the Helpdesk under this email address. Your last one was from last year where Lisa helped you. If you believe you have others please provide me the case number or email address and I'll look them up, but as of now I'm only seeing the one from a couple hours ago.

The rootkit driver from the MBAM program is and always will be the most up to date but even that one is not often updated unless there is some new rootkit that requires it. Rootkits are not used as often as they used to be because the malware writers have found that encrypted attacks and holding users data at ransome has been much more profitable for them. The rules for the stand alone rootkit scanner are from 2014 and the database rules from 2015. Please note that the stand alone Anti-Rootkit scanner is not a tool that shold be needed or used on a daily basis. I would highly recommend that if you want to scan for rootkits that you use the setting with MBAM it'self.

If there is anything else we can do to assist you please let us know.

Thank you again.

Ron

 

 

[Guest]

The Help Desk Tech from the Case# I sent earlier requested FARBAR logs (done). I also sent him protection logs showing the update failures.. He did not find anything in the logs,but stated McAfee may be interfering. The firewall is OK or we would never get an update to any of the databases.  I reached out to McAfee. No knowledge of a MB conflict. FYI- failure also happened during a manual attempt to check for updates with McAfee disabled.

I decided to change the setting in the scheduler to 'check for updates' using Realtime. That has helped keep us more current.  I still cannot "check for updates' manually without getting the  same version (instead of 'no updates available') or 'Unable to access server'.  Any ideas, Daledoc? Root Admin?

Grateful for any help you have. I'm going to keep trying....

[AdvancedSetup]

Which program are you speaking of? MBAR Beta does not have any updates. If you mean MBAM then yes it gets updates every day.

If you're willing you could try to uninstall McAfee and run their cleanup tool to fully remove it. Then try to do manual updates with MBAM and let us know. After you've tested some make sure you reinstall your Antivirus.

After removal of McAfee, you can use this tool  to fully remove all McAfee files and settings.

Let me know please.

Thanks