Jimmaki Posted April 26, 2017 ID:1119998 Share Posted April 26, 2017 I've just downloaded MBAM for my computer and works perfectly fine (scan for rootkits disabled), however, when rootkits scan is enabled it brings up a BSoD and restarts. Running a scan in safe mode (scan for rootkits enabled) works fine. Thanx in advance MB-CheckResult.txt Addition.txt logs.zip FRST.txt Link to post Share on other sites More sharing options...
1PW Posted April 26, 2017 ID:1120000 Share Posted April 26, 2017 (edited) Hello @Jimmaki: Thank you for the data files. Please attach "C:\Windows\Minidump\042617-14071-01.dmp" to your next reply before an aggressive cleaning utility deletes it. If this forum's software appears to seemingly reject the .dmp attachment, please use the Windows 7 built-in utility to compress the dump file to a .zip archive. Thank you. Edited April 26, 2017 by 1PW Link to post Share on other sites More sharing options...
Jimmaki Posted April 26, 2017 Author ID:1120002 Share Posted April 26, 2017 Here it is! 042617-14071-01.dmp Link to post Share on other sites More sharing options...
1PW Posted April 26, 2017 ID:1120005 Share Posted April 26, 2017 (edited) Hello @Jimmaki: Thank you for the attached dump file. Hopefully, a Malwarebytes staffer will be able to weigh-in soon with an analysis & action plan. KERNEL_DATA_INPAGE_ERROR 0x7a Thank you again. Edited April 26, 2017 by 1PW Link to post Share on other sites More sharing options...
Jimmaki Posted April 26, 2017 Author ID:1120011 Share Posted April 26, 2017 Thanx mate! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 27, 2017 Root Admin ID:1120240 Share Posted April 27, 2017 Hello @Jimmaki Are you running any type of Encryption software or is your hard drive compressed? Please read the following article concerning the use of MSCONFIGMsconfig Is Not A Startup Manager Next, Please download the attached fixlist.txt file and save it to the Desktop.NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. fixlist.txt Link to post Share on other sites More sharing options...
Jimmaki Posted April 27, 2017 Author ID:1120269 Share Posted April 27, 2017 I'm running a private webserver (VM). Fixlog.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 27, 2017 Root Admin ID:1120271 Share Posted April 27, 2017 Please read the following topic and then run the Malwarebytes Clean Removal tool mb-clean https://forums.malwarebytes.com/topic/196955-malwarebytes-mb-clean-tool/ The download link for the tool is: https://downloads.malwarebytes.com/file/mb_clean Restart the computer when done and reinstall Malwarebytes 3 with the latest build again. Here is the link for the latest installerhttps://downloads.malwarebytes.com/file/mb3 Thank you Ron Link to post Share on other sites More sharing options...
Jimmaki Posted April 27, 2017 Author ID:1120293 Share Posted April 27, 2017 Hi Ron I have followed the instructions in the first link you've sent me above up until the 6th step. I then selected YES in order to download, install and activate the latest version (after reboot) and it did nothing at all. I made the decision to download MB3 anyway through the link you provide me in your latest response and ran a scan including rootkit ( enabled) check. The result is described in my 1st post. Still receiving BSoD Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 27, 2017 Root Admin ID:1120295 Share Posted April 27, 2017 No, a web server shouldn't cause an issue. Are you using a RAM drive? Let's see if the stand alone has the same issue or not. Please download Malwarebytes Anti-Rootkit from HERE If needed there is a self help tutorial here: MBAR tutorial Unzip the contents to a folder in a convenient location. Open the folder where the contents were unzipped and run mbar.exe Follow the instructions in the wizard to update and allow the program to scan your computer for threats. Click on the Cleanup button to remove any threats and reboot if prompted to do so. Wait while the system shuts down and the cleanup process is performed. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process. When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt Link to post Share on other sites More sharing options...
Jimmaki Posted April 27, 2017 Author ID:1120305 Share Posted April 27, 2017 No, I'm not using a RAM drive. I did all the steps prescribed above, no malware found! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 27, 2017 Root Admin ID:1120306 Share Posted April 27, 2017 Can you post the logs please. Will have to check with QC and see what they say. Link to post Share on other sites More sharing options...
Jimmaki Posted April 27, 2017 Author ID:1120307 Share Posted April 27, 2017 Ups! Sorry. system-log.txt mbar-log-2017-04-27 (18-11-34).txt Link to post Share on other sites More sharing options...
Jimmaki Posted April 30, 2017 Author ID:1121034 Share Posted April 30, 2017 Hi @AdvancedSetup Is there anything for my case? Thank you Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 1, 2017 Root Admin ID:1121175 Share Posted May 1, 2017 Haven't heard back yet. Let me ask again. Link to post Share on other sites More sharing options...
Jimmaki Posted May 1, 2017 Author ID:1121217 Share Posted May 1, 2017 Cool, thanks Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 2, 2017 Root Admin ID:1121435 Share Posted May 2, 2017 Hi @Jimmaki - are you running any type of drive or file encryption on this system? Like Truecrypt, Bitlocker, Verycrypt, etc. ? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 2, 2017 Root Admin ID:1121617 Share Posted May 2, 2017 Also, please note we have posted a new 3.1 beta which has some changes to the anti-rootkit detection driver. If interested you could download and install that version and reboot and then scan again and let me know. NEW BETA! Malwarebytes 3.1.0.1716https://forums.malwarebytes.com/topic/200230-new-beta-malwarebytes-3101716/ Ron Link to post Share on other sites More sharing options...
Jimmaki Posted May 2, 2017 Author ID:1121624 Share Posted May 2, 2017 (edited) No @AdvancedSetup, I'm not! With regards to encrypted files or folders, I have attached the .txt file below after ran "cipher /s:c:\ >" in CMD and it's negative. I personally, clean installed W7pro/64 (former W7pro/32) a few months ago and never encrypted anything. No files, neither folders nor drives, nothing & never! I'll try the B version, hoping will solve the issue Thank you for getting back to me encryption.txt Edited May 2, 2017 by Jimmaki Link to post Share on other sites More sharing options...
Jimmaki Posted May 2, 2017 Author ID:1121635 Share Posted May 2, 2017 @AdvancedSetup Install and ran B version with no luck Link to post Share on other sites More sharing options...
Jimmaki Posted May 2, 2017 Author ID:1121644 Share Posted May 2, 2017 @AdvancedSetup I forgot to mention that it works as expected (scan for rootkit enabled) when in safe mode! No BSoD, no errors! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 3, 2017 Root Admin ID:1121753 Share Posted May 3, 2017 It's very indicative of a security tool blocking our driver, but just don't really see anything like that on the system that would be causing an issue. Let me have you run the following, please. Please download and run the following Kaspersky tool to remove any found threats Kaspersky Virus Removal Tool Link to post Share on other sites More sharing options...
Jimmaki Posted May 3, 2017 Author ID:1121801 Share Posted May 3, 2017 Hi @AdvancedSetup I'm running (as well with MSE) the Glary Utilities software. Is there any possibility for GU to conflict with MB3? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted May 3, 2017 Root Admin ID:1121952 Share Posted May 3, 2017 No conflict running it, but if you've used the registry cleaning portion of it you could have seriously damaged your system. Do I need a Windows Registry Cleaner? Were you able to run the Kaspersky tool? Link to post Share on other sites More sharing options...
Jimmaki Posted May 4, 2017 Author ID:1122094 Share Posted May 4, 2017 Kaspersky, as expected, didn't find anything. Usually, I'm running Glary manually and I don't remember it interacting with the registry. Link to post Share on other sites More sharing options...
Recommended Posts