Jump to content

BSOD running a certain program after 1.1.18 update


Recommended Posts

We have an application that we use in our office that we created using PowerBuilder. Today on 3 computers with Windows 7 it started causing a BSOD every time we tried running it. It turned out that those 3 (mine is one of them) all had one thing in common - the Malwarebytes Anti-Ransomware Beta, which apparently just received update 1.1.18. Reinstalling our app fixed it on mine, but not the others. We disabled the anti-ransomware program on theirs and the problem went away. On mine, I have now set our program to be on the Exclusions list.

Link to post
Share on other sites

Information displayed on the BSOD: system_service_exception related to fltmgr.sys

And just after submitting that, I tried running our app again, and got another BSOD. So putting it on the Exclusions list didn't help, and my "fix" of replacing the files was only temporary.  I guess I'll have to uninstall the anti-ransomware program for now.

Link to post
Share on other sites
  • Staff

Hello @atariguy and :welcome:

Before uninstalling MBARW, Using the native Windows built-in zip utility, please create the following .zip (not .7z or .rar) archive container for MBARW developer team analysis:

                                                          "%ProgramData%\MalwarebytesARW"

Please attach the .zip archive to your next reply.  Thank you for testing the MBARW Beta.

Link to post
Share on other sites
  • Staff

Hi @atariguy,

Do you happen to have MEMORY.DMP from a BSOD?

It's typically located in %SystemRoot% if you have the OS setting enabled.

If not enabled, here is how to enable it.

Configure your system for Complete Memory Dump:

Open File Explorer (click the folder icon in the left part of the taskbar).

Right-click This PC and select Properties from the menu.  

In the left part of the System window, click Advanced system settings.

In the System Properties window, go to the Advanced tab. In the Startup and Recovery section, click Settings.

In the Startup and Recovery window, select Complete or Kernel memory dump from the drop-down list.

Uncheck Automatically restart

Click OK and OK your way out of the dialog box. Allow the computer to restart.

After this is enabled, please reproduce the BSOD again, and send us the MEMORY.DMP file itself to here https://wetransfer.com/ and give us the link?

The memory dump will give us more details of the root cause.

Many thanks for this.

Nobu@malwarebytes

 

Link to post
Share on other sites

I also have BSOD related to fltmgr.sys and doubleclicking calibre-portable.exe (ebook-Reader calibre) on several installations  of windows 10 on the same hardware (1511 and 1607 versions). Disabling Anti-Ransomware 0.9.17.661 solves this for now. Exclusions with calibre-portable.exe and fltmgr.sys are without success.

Link to post
Share on other sites

I am experiencieng the same Problem. Had BSOD with system_service_exception related to fltmgr.sys today.

Windows-Updates KB kb3210139, kb3207752, kb3210131 were automatically installed on Friday. After a reboot of the System, while logging in the BSOD happened.

After System-Restore to the day before the Installation of the Windows-Update everything was ok.

I had 5 other PCs experiencing the same Problem. I think, this is a combination of the KBs mentioned above and 1.1.18 update

Link to post
Share on other sites
7 hours ago, Dietmar said:

I am experiencieng the same Problem. Had BSOD with system_service_exception related to fltmgr.sys today.

Windows-Updates KB kb3210139, kb3207752, kb3210131 were automatically installed on Friday. After a reboot of the System, while logging in the BSOD happened.

After System-Restore to the day before the Installation of the Windows-Update everything was ok.

I had 5 other PCs experiencing the same Problem. I think, this is a combination of the KBs mentioned above and 1.1.18 update

We have Windows updates set to not install automatically, so they were not a factor for us, since they hadn't been applied. So they most likely are not related.

Link to post
Share on other sites

I had problems with this last week and troubleshooting the issue led to the computer becoming unbootable, so I restored from an image.  The problem returned this morning and again caused the system to be unbootable after troubleshooting and getting a few BSODs.  I ran the Macrium recover disk this time and let it fix the boot record, MBR, etc and was able to boot again.  The BSODs were all System Service Error in fltmgr.sys, but the boot error notification named mb3swissarmy.sys which put me on the track of the anti-ransomware.  Uninstalling fixed it, and reinstalling it even stayed fixed for an hour or two, then back to the BSODs.  Mine is completely reproducible.  I have a NAS hooked to my network and a drive shared from the server.  Both are mapped drives on the main machine.  Working with the drives causes no issues, copying to or from them is fine.  Running an executable though would BSOD the machine every time once it started doing it.  Any executable, either drive.  As someone else mentioned in this thread, I excluded the whole drive from ant-ransomware, but no luck.  Nothing else I've done triggers the bluescreens except actually executing a file off the shared drive.

Link to post
Share on other sites

Hello @CassK and :welcome:

Malwarebytes' staffers would appreciate your assistance in identifying the source of the BSoD(s) your system has experienced.  Please attach the following data to your next reply:

1.)  Using the native Windows built-in zip utility, attach the archived contents of the "%ProgramData%\MalwarebytesARW\” directory in a .zip file.
2.)  Post the most recent Complete or Kernel Dump (.dmp) file, from the "%SystemRoot%\Minidump\" directory to a free file sharing service such as https://www.dropbox.com/ and reply with the .dmp file's URL.  Otherwise, attach the Small Memory Dump (.dmp) file in your next reply.
3.)  Attach (do not compress/copy/paste) the separate FRST.txt and the Addition.txt output diagnostic reports from only Log Set 1.

Soon after the requested data is posted, the Malwarebytes' QA & Developer Teams, and staffers can commence their analysis.  Thank you always for your assistance.

Link to post
Share on other sites

I'm not really needing help with this since I solved it by uninstalling.  I was just adding my experiences to this thread to hopefully help you guys troubleshoot.  I don't have the application logs anymore since I uninstalled, but I'll attach the relevant mini-dumps which is all I have.  I installed the latest MB trial with anti-ransomware real time protection and so far the problem hasn't recurred.

Minidump.zip

Link to post
Share on other sites

Since last week we have the same problem that certain PCs get a bluescreen with STOP-Code 8E when starting a certain program.

We had this with a banking software and with a program used in a doctor´s office. The banking software brought the error code 8E with the file fltmgr.sys.

After ending Malwarebytes Antiransomware Beta (the latest version) everything is fine.

 

Thank you

Paul

 

Attached you can find some files (Malwarebytes and mindump)

MalwarebytesARW.zip

MalwarebytesARW.zip

121516-5257-01.dmp

Addition.txt

FRST.txt

MalwarebytesARW.zip

Link to post
Share on other sites

We had this issue too at a law firm client. We are running MBARW on 3 users that are high-risk Internet users in the past.

Everything was fine until Friday morning - 12/16/16

The issue is:

Whenever they launch a .exe from a mapped drive on a server, they get BSOD and reboots.

Doesn't matter which executable or which mapped drive. Everything worked fine before - all the way back to February 2016 when first beta version was installed.

All we had to do was uninstall MBARW and the problem goes away.

I am owner of I.T. company and Senior Tech/Engineer for 23 years, and I know it is an antiquated way to run program executables off a server drive...... Unfortunately in the legal industry, Credit Union industry, etc... the leading apps in some specialty areas require that users do this. The apps cannot be run locally.

So... We love this program and it has already saved 2 clients from RW attacks.

The update last week needs to be tweaked so we can exclude .exe on mapped drives. We have tried excluding the .exe file, the mapped location, the shortcut location on the local PC, etc...  - nothing worked. Still BSOD.

Hope this helps others to not spend an entire day troubleshooting.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.