Jump to content

Malwarebytes Premium help needed


Recommended Posts

I have been having a couple of issues with Malwarebytes, and am not sure how to solve them.

1st issue

Is there anyway to reduce the amount the events posted to the system event logs in windows event viewer? the mbmamchameleon is generating so many events, it is completely drowning out all other events that are occurring on my system. ideally I would like to either have MBAM not generate the events unless I want it to, or a way to hide the events until I want to look at them

Problematic event listing:

Log Name:      System
Source:        mbamchameleon
Date:          10/4/2016 4:50:20 PM
Event ID:      61703
Task Category: (4352)
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      ChrisSolomon-PC
Description:
Mbamchameleon Failed to obtain file name information - C00000D4
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="mbamchameleon" />
    <EventID Qualifiers="16384">61703</EventID>
    <Level>4</Level>
    <Task>4352</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2016-10-04T23:50:20.726312900Z" />
    <EventRecordID>622462</EventRecordID>
    <Channel>System</Channel>
    <Computer>ChrisSolomon-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
    </Data>
    <Data>C00000D4</Data>
    <Binary>00000000020028000011000007F100400E020000D40000C000000000000000000000000000000000</Binary>
  </EventData>
</Event>

 

2nd Issue:

 

I have been dealing with an issue where all wireless connections disappear and I lose all internet. at first I thought it was a Windows 10 or a hardware issue. it wasn't. I eventually traced the problem back to MABAM's protection features. when I disable Malware Protection and Website Protection, Wifi and internet access is almost instantly restored. I can then re-enable MBAM's protection features, and then continue on with what I was doing, until at some random point in the future, it occurs once again.

Link to post
Share on other sites

Hello and Welcome Back!

The team is going to need a little more info on your system, so please run the tools below and provide the logs so they can better assist you.

We would need more info on the system....

Please read the following and in your next reply ATTACH the 3 requested logs - Diagnostic Logs
(the three files should be CheckResults.txt, FRST.txt and Addition.txt)

Thank You,

Firefox

Link to post
Share on other sites

I am trying to download both the programs that you said, and will post the FRST logs quoted in the link you provided. However, the mbam-check-2.3.2.0.exe download seems to be getting stuck at 1% downloaded. I will try and download it with internet explorer in the mean time. but it appears that M$ Edge has issues with the download (unless it's something on your guys end, in which case it will get stuck in IE too.)

Link to post
Share on other sites

[UPDATE]

IE got stuck at 2% downloaded, but next attempt it finished almost immediately, and did it's whole msart screen security scan thingie. the program ran, but a black window appears when i run the app. it did generate a check result.txt, but the window remained afterward. is it ok to terminate the window after I save the checkresult.txt file? also Edge won't let me attach the log files so I will have to open this post in IE in order to attach them

Link to post
Share on other sites

  • Root Admin

Hello @cybot

The issue you're having with the Event Logs being filled is due to the Self Protection module. Please uncheck and disable the Self Protection module, then restart the computer and the events should stop. This should be addressed in the next version of the program, but I don't have a specific date for when that will be at this time.

Is this a business computer? You have a few policies set on the computer is why I ask. Overall the logs look good though, no immediate threats shown.

 

Link to post
Share on other sites

No, this is not a business computer, which policies are you referring too? I recently did a repair install to get past a bug with installing 14393.222 update, but unless that re-enabled the policies, the processing of policies should be disabled. I will check the settings myself while I wait for an answer back on the second solution involving the loss of Wi-Fi  related to MBAM's protection features.

Edited by cybot
Link to post
Share on other sites

if you need more information about my second issue (the loss of Wi-Fi caused by MBAM's protection features) please let me know and ill go into further detail on the issue. I did spot an error event once stating that the mwac.sys was interfering with ndis.sys. but I have since lost track of how I found the error. I will look for it again while I await a response.

Link to post
Share on other sites

  • Root Admin

Yes they are cellular and most people don't know the difference but there is a big difference and there are some issues with those connections is why I asked.

The current logs are not showing a failure. What happens, what do you see ? Are you able to duplicate it ? Please disable the Self Protection module and restart and let me know if there is still a Wi-Fi issue or not.

 

 

Link to post
Share on other sites

no I can't reproduce it reliably. It seems to occur on it's own whenever it feels like doing it. basicly ill doing what ever (usually something that's connected to the internet) and suddenly lose my connection. when I go to check my connection in the windows tray network icon, no Wi-Fi access points will be shown. not even my networks. I eventually learned that if I turned off MBAM's malware protection and website protection that the hotspots were able to be detected and connected to once again. I am then able to connect to my network and re-enable the the two protection features until the next time it occurs. when I check on the wireless network adapter during the issue, Windows reports that there are no drivers installed for the device (which is flat out wrong), but there are drivers listed in the driver details button. attempting to reinstall the adapter drivers would cause the system to hang and would force me to force stop the driver update process. it could have very well been caused by the mbam self protection feature.

Link to post
Share on other sites

  • Root Admin

Okay, try a clean removal and reinstall again and keep the self protection module off and let me know if that seems to help or not.

Please uninstall your current version of MBAM and reinstall the latest version using the following guide. MBAM Clean Removal Process 2x


Thanks

 

Link to post
Share on other sites

It will take me a bit to locate my license information. the computer used to register MBAM is currently down due to a failing HDD. All information is currently backed up for the PC, but the replacement drive has been ordered but not shipped yet. I have been waiting two months on the drive. supposedly nov. 1 is when it will ship, but the before that it was supposed to be oct. 15, so I don't know when i'll be able to access the info on that computer. I will see if I have the info backed up to this pc or not. if I don't, I will have to wait on doing the 2x uninstall/reinstall of MBAM. If I don't happen to have the info, I will re-enable the self protection module, and wait for the issue to pop up again and I will try and capture the event that listed the MBAM .sys files that was interfering with Ndis.sys.

 

Also of note. I have only had the issue once under win10 14393.xxx. but under win10 10586.xxx it occurred frequently. I don't know if there was some sort of change between the two builds that made it less likely to occur, or what. If you desire, I can setup one of my spare drives with 10586.xxx and try and reproduce the issue. the only problem would be finding my registration information for MBAM.

 

Link to post
Share on other sites

I did the whole 2x uninstall thing and reinstalled MBAM and then entered my license info. everything still seems to be working. without the problem cropping up again so I can take not of the logs, I guess we are as far as we can get on this particular issue. since it is no happening anywhere near like it was in win 10 10586, I am guessing a change was made by M$ that fixed the issue for the most part. as for the 1st issue, I guess I will have to wait until you guys fix that bug in the self protect module.

Link to post
Share on other sites

  • 3 months later...
  • still getting occasional network interruptions that I was getting before. because M$ removed  some of the event logs in [computer managment>event viewer>application logs and services>Microsoft>Windows] that were available in the initial RTM release and in 10586 build of win10,. I am unable to access/find the event entry that I found before that lists the ndis.sys driver being blocked by one of the MBAM system drivers.
Edited by cybot
Link to post
Share on other sites

well, if I recall what I saw correctly the message said something like this "ndis.sys was not loaded because [MBAM related file] blocked the system file from loading" or something similar to that. I have been keeping a copy of that MBAM-check software on my desktop for when it happens, but the software finds nothing. but when I disable the malicious website blocking feature, the network connectiosn reappear and everything goes back to normal. and of course I can re-enable the malicious website protection afterward with out any issue.

Link to post
Share on other sites

I don't have a log currently, but the next time it happens I will keep the log and  post it here, for whatever good it will do. should I download the latest version of the MBAM check? I have 2.3.2.0 . I don't know how often this software is updated, so It might be out of date.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.