PaulAllen Posted September 27, 2016 ID:1064169 Share Posted September 27, 2016 Hello, In the event log I see Audit failure event 5038 it relates to mwac.sys and says Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. I have tried a reinstall no change still corrupt reinstall of the os still the same problem sfc/scannow nothing wrong there scanned the hd for errors none found scanned the memory for error none found It is the same for both pc's using this network and I no longer see the odd block of bad sites mbam once did. How would i fix this problem please and thank you for any help provided. Link to post Share on other sites More sharing options...
Firefox Posted September 27, 2016 ID:1064193 Share Posted September 27, 2016 Hello and Welcome back.... Lets get some logs to see if we can help the team in finding out what's going on here (as well as the code error number your getting). Please read the following and in your next reply ATTACH the 3 requested logs - Diagnostic Logs (the three files should be CheckResults.txt, FRST.txt and Addition.txt) Thank You, Firefox Link to post Share on other sites More sharing options...
PaulAllen Posted September 27, 2016 Author ID:1064219 Share Posted September 27, 2016 Thanks for the reply Firefox more weirdness happened while scanning mbam deactivated and went to a free version and would not reactivate I had to use a second copy I have to make it work again I get error code 403. this all smells iffy as farbar hangs and keeps hanging. I have got what I can from farbar and mabam diag tool. Problem signature: Problem Event Name: AppHangB1 Application Name: FRST.exe Application Version: 25.9.2016.0 Application Timestamp: 57e7f104 Hang Signature: 8727 Hang Type: 6144 OS Version: 6.0.6002.2.2.0.768.3 Locale ID: 2057 Additional Hang Signature 1: 6ddb5e72fa1e7da46845fa853a409bb4 Additional Hang Signature 2: 4187 Additional Hang Signature 3: e369beb6dfdc3c3538464caa12dc9981 Additional Hang Signature 4: 8727 Additional Hang Signature 5: 6ddb5e72fa1e7da46845fa853a409bb4 Additional Hang Signature 6: 4187 Additional Hang Signature 7: e369beb6dfdc3c3538464caa12dc9981 CheckResults.txt Addition.txt FRST.txt Link to post Share on other sites More sharing options...
PaulAllen Posted September 27, 2016 Author ID:1064220 Share Posted September 27, 2016 I found a completed scan from a few days ago might be useful it didn't hang then. farbar.txt Link to post Share on other sites More sharing options...
Firefox Posted September 27, 2016 ID:1064228 Share Posted September 27, 2016 Let's try this clean reinstall first (as the log shows that it was installed on 2016/08/31).... Please follow the steps in this pinned topic to uninstall your current version of MBAM and reinstall the latest build - MBAM Clean Removal Process 2x Please let us know how it goes. Thank You, Firefox Link to post Share on other sites More sharing options...
PaulAllen Posted September 27, 2016 Author ID:1064237 Share Posted September 27, 2016 I have done this a few times with a complete reinstall of the os along with a new install of mbam on both machines which both show the same file as corrupt/messed with. But I will give it a go thank you. Link to post Share on other sites More sharing options...
PaulAllen Posted September 27, 2016 Author ID:1064249 Share Posted September 27, 2016 Hi Firefox I did what you said and heres the result still the same Event Viewer Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error. File Name: \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys Audit Failure 27/09/2016 18:04 source: microsoft windows security auditing. Event id:5038 Task category: System integrity Link to post Share on other sites More sharing options...
PaulAllen Posted September 28, 2016 Author ID:1064369 Share Posted September 28, 2016 I managed to get a full run of farbar done after a bit of repairing what looks like to me either damage done by a hacker or malware as everything security related has been tamperd with, I'm no expert but looks that way to me, 1 machine i'd edge on the side of caution saying this but every one on this network with the same problems. Also when I done a scan disk only security descriptors had been messed with it repaired them. S0 I scanned the network and found an ongoing mitma also to double check it wasn't a false reading i was getting i checked finger printing of sites and a lot had fake thumb prints a sure sign something is hooky again I'm far from an expert so please feel free to correct me. FRST.txt Addition.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 28, 2016 Root Admin ID:1064514 Share Posted September 28, 2016 I would recommend you open a new Topic in the malware removal section and post those logs there. I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue. Link to post Share on other sites More sharing options...
PaulAllen Posted September 29, 2016 Author ID:1064571 Share Posted September 29, 2016 I have one open for that in geekstogo but no one has answered me it's been close to a week now I think. Should I close the geekstogo topic and open one here? or just keep waiting? I don't want to open 2 for the same thing Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 1, 2016 Root Admin ID:1064879 Share Posted October 1, 2016 I'd say close the one at Geeks To Go and start one here please if you've been waiting that long. Cheers Link to post Share on other sites More sharing options...
PaulAllen Posted October 1, 2016 Author ID:1064936 Share Posted October 1, 2016 I just closed it I will open one here now. Thank you Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now