Jump to content

Recommended Posts

mbam reports the AVZ scan driver as bagel. The driver is peculiar to each machine and appears only during a scan. However, even as this is a free utility, I believe the user has the option available to enable the guard to run on system startup. If mbam is also on board and running it's real time protection, the action comes to a screaming halt.

This morning, only during the AVZ scan, mbam halted the process and reported:

uti2mzm2.sys as bagel...this is the same AVZ kernel driver that can be enabled to run on startup.

Don't bother googling that file as it is peculiar to only my machine much like if you would install and run AVZ, the kernel driver for your installation would be a different name, also unique to that particular scan.

Not having tested these settings, I suspect this would create a bsod on boot up since the mbam warning notice requires user interaction. I doubt the boot sequence would get that far before a bsod would occur...And having no idea how much (if any) AVZ (Russian) users make up your customer base, I wouldn't know if one may want to test this to see...since I've not noticed this before.

I have no idea if it is because of mbam's latest update to the data base or not. The probability is that you may not even be concerned but I thought you might at least be interested to know about this.

Link to post
Share on other sites

Uhmm...mbam was not running a scan when this happened, only it's active protection. It was the AVZ scan that was running. As soon as I clicked the AVZ scan button, mbam popped up the warning box that I mentioned previously. If I run mbam in developer mode, I suppose I need also to disable it's active protection? I'm thinking, what this would mean is that I would have to run the AVZ scan again, and while it is running, I should run mbam in developer mode?

Link to post
Share on other sites

Here we go:

Malwarebytes' Anti-Malware 1.39

Database version: 2518

Windows 5.1.2600 Service Pack 3

7/28/2009 8:34:58 PM

mbam-log-2009-07-28 (20-34-51).txt

Scan type: Quick Scan

Objects scanned: 87431

Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

d:\WINDOWS\system32\drivers\uti2mzm2.sys (Rootkit.Bagle) -> No action taken. [41345241302219216925692122172319196967216624252422671818186819262666242367]

Link to post
Share on other sites

Its unfortunate that a new version of this cant be created to allow us to deal with the very real majority of the time its occurrence is malware related .

Ill fix this in my next update .

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.