1972vet Posted July 28, 2009 ID:103469 Share Posted July 28, 2009 mbam reports the AVZ scan driver as bagel. The driver is peculiar to each machine and appears only during a scan. However, even as this is a free utility, I believe the user has the option available to enable the guard to run on system startup. If mbam is also on board and running it's real time protection, the action comes to a screaming halt.This morning, only during the AVZ scan, mbam halted the process and reported:uti2mzm2.sys as bagel...this is the same AVZ kernel driver that can be enabled to run on startup. Don't bother googling that file as it is peculiar to only my machine much like if you would install and run AVZ, the kernel driver for your installation would be a different name, also unique to that particular scan.Not having tested these settings, I suspect this would create a bsod on boot up since the mbam warning notice requires user interaction. I doubt the boot sequence would get that far before a bsod would occur...And having no idea how much (if any) AVZ (Russian) users make up your customer base, I wouldn't know if one may want to test this to see...since I've not noticed this before. I have no idea if it is because of mbam's latest update to the data base or not. The probability is that you may not even be concerned but I thought you might at least be interested to know about this. Link to post Share on other sites More sharing options...
nosirrah Posted July 28, 2009 ID:103494 Share Posted July 28, 2009 If you can get me a sample or developers log from a system with this file I can process this a lot faster .We are slammed today .http://www.malwarebytes.org/forums/index.php?showtopic=3228 Link to post Share on other sites More sharing options...
1972vet Posted July 29, 2009 Author ID:103727 Share Posted July 29, 2009 Uhmm...mbam was not running a scan when this happened, only it's active protection. It was the AVZ scan that was running. As soon as I clicked the AVZ scan button, mbam popped up the warning box that I mentioned previously. If I run mbam in developer mode, I suppose I need also to disable it's active protection? I'm thinking, what this would mean is that I would have to run the AVZ scan again, and while it is running, I should run mbam in developer mode? Link to post Share on other sites More sharing options...
1972vet Posted July 29, 2009 Author ID:103746 Share Posted July 29, 2009 Here we go:Malwarebytes' Anti-Malware 1.39Database version: 2518Windows 5.1.2600 Service Pack 37/28/2009 8:34:58 PMmbam-log-2009-07-28 (20-34-51).txtScan type: Quick ScanObjects scanned: 87431Time elapsed: 3 minute(s), 42 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:d:\WINDOWS\system32\drivers\uti2mzm2.sys (Rootkit.Bagle) -> No action taken. [41345241302219216925692122172319196967216624252422671818186819262666242367] Link to post Share on other sites More sharing options...
B-boy/StyLe/ Posted July 29, 2009 ID:103754 Share Posted July 29, 2009 Look like these: http://www.malwarebytes.org/forums/index.p...84&hl=baglehttp://www.malwarebytes.org/forums/index.p...69&hl=baglehttp://www.malwarebytes.org/forums/index.p...mp;hl=brilliant Link to post Share on other sites More sharing options...
1972vet Posted July 29, 2009 Author ID:103762 Share Posted July 29, 2009 Yep...same issue. I see it was resolved once with an earlier update, then reappeared. Link to post Share on other sites More sharing options...
nosirrah Posted July 29, 2009 ID:103785 Share Posted July 29, 2009 Its unfortunate that a new version of this cant be created to allow us to deal with the very real majority of the time its occurrence is malware related .Ill fix this in my next update . Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now