Jump to content

Problem with mwac.sys


Recommended Posts

Hello, In the event log I see  Audit failure event 5038 it relates to  mwac.sys 

and says

Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

I have tried a

reinstall no change still corrupt

reinstall of the os still the same problem

sfc/scannow nothing wrong there

scanned the hd for errors none found

scanned the memory for error none found

It is the same for both pc's using this network and I no longer see the odd block of bad sites mbam once did.

How would i fix this problem please and thank you for any help provided.

Link to post
Share on other sites

Hello and Welcome back....

Lets get some logs to see if we can help the team in finding out what's going on here (as well as the code error number your getting).

Please read the following and in your next reply ATTACH the 3 requested logs - Diagnostic Logs
(the three files should be CheckResults.txt, FRST.txt and Addition.txt)

Thank You,

Firefox

Link to post
Share on other sites

Thanks for the reply Firefox more weirdness happened while scanning mbam deactivated and went to a free version and would not reactivate I had to use a second copy I have to make it work again I get error code 403. this all smells iffy as farbar hangs and keeps hanging.

I have got what I can from farbar and mabam diag tool.

Problem signature:
  Problem Event Name:    AppHangB1
  Application Name:    FRST.exe
  Application Version:    25.9.2016.0
  Application Timestamp:    57e7f104
  Hang Signature:    8727
  Hang Type:    6144
  OS Version:    6.0.6002.2.2.0.768.3
  Locale ID:    2057
  Additional Hang Signature 1:    6ddb5e72fa1e7da46845fa853a409bb4
  Additional Hang Signature 2:    4187
  Additional Hang Signature 3:    e369beb6dfdc3c3538464caa12dc9981
  Additional Hang Signature 4:    8727
  Additional Hang Signature 5:    6ddb5e72fa1e7da46845fa853a409bb4
  Additional Hang Signature 6:    4187
  Additional Hang Signature 7:    e369beb6dfdc3c3538464caa12dc9981

CheckResults.txt

Addition.txt

FRST.txt

Link to post
Share on other sites

Hi Firefox I did what you said and heres the result still the same

Event Viewer
Code integrity determined that the image hash of a file is not valid.  The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name:    \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys    

Audit Failure 27/09/2016 18:04 
source: microsoft windows security auditing.
Event id:5038
Task category: System integrity

Link to post
Share on other sites

I managed to get a full run of farbar done after a bit of repairing what looks like to me either damage done by a hacker or malware as everything security related has been tamperd with, I'm no expert but looks that way to me, 1 machine i'd edge on the side of caution saying this but every one on this network with the same problems. Also when I done a scan disk only security descriptors had been messed with it repaired them. S0 I scanned the network and found an ongoing mitma also to double check it wasn't a false reading i was getting i checked finger printing of sites and a lot had fake thumb prints a sure sign something is hooky again I'm far from an expert so please feel free to correct me.

 

FRST.txt

Addition.txt

Link to post
Share on other sites

  • Root Admin

I would recommend you open a new Topic in the malware removal section and post those logs there.

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.