cybot Posted March 14, 2018 ID:1224045 Share Posted March 14, 2018 i was prompted to upgrade to the latest version of MBAM Premium the other night, and then today as i was sitting in front of my PC doing something else, my system suddenly went BSOD. or would that be GSOD (green screen of death)? the error on the crash screen, was "System scan at raised IRQL caught improper driver unload. caused by: MWAC.SYS it hasn't happened again, yet. but this seemed like an unusual enough error that i should report it. Link to post Share on other sites More sharing options...
Staff Malwarebytes Posted March 14, 2018 Staff ID:1224046 Share Posted March 14, 2018 ***This is an automated reply*** Hi, Thanks for posting in the Malwarebytes 3 Help forum. If you are having technical issues with our Windows product, please do the following: Spoiler If you haven't done so already, please run these two tools and then attach the logs in your next reply: NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Farbar Recovery Scan Tool (FRST) Download FRST and save it to your desktopNote: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run FRST and when the tool opens click "Yes" to the disclaimer Press the "Scan" button This will produce two files in the same location (directory) as FRST: FRST.txt and Addition.txt Leave the log files in the current location, they will be automatically collected by mb-check once you complete the next set of instructions MB-Check Download MB-Check and save to your desktop Double-click to run MB-Check and within a few second the command window will open, press "Enter" to accept the EULA then click "OK" This will produce one log file on your desktop: mb-check-results.zip This file will include the FRST logs generated from the previous set of instructions Attach this file to your forum post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area One of our experts will be able to assist you shortly. If you are having licensing issues, please do the following: Spoiler For any of these issues: Renewals Refunds (including double billing) Cancellations Update Billing Info Multiple Transactions Consumer Purchases Transaction Receipt Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 Thanks in advance for your patience. -The Malwarebytes Forum Team Link to post Share on other sites More sharing options...
exile360 Posted March 14, 2018 ID:1224051 Share Posted March 14, 2018 Greetings, Are you running version 3.4.4 of Malwarebytes? If so, please post the requested diagnostic logs mentioned in the above automated reply, but if not, then please go ahead and open Malwarebytes and navigate to Settings>Application and click the Install Application Updates button and follow the prompts to download and install the latest version, rebooting if necessary to complete the installation process. Link to post Share on other sites More sharing options...
cybot Posted March 14, 2018 Author ID:1224052 Share Posted March 14, 2018 yes i am. the logs are in the process of being created Link to post Share on other sites More sharing options...
cybot Posted March 14, 2018 Author ID:1224058 Share Posted March 14, 2018 here are the logs requested Addition.txt FRST.txt mb-check-results.zip Link to post Share on other sites More sharing options...
exile360 Posted March 14, 2018 ID:1224063 Share Posted March 14, 2018 Thanks, could you also please check to see if there is a .dmp file created from the incident? If there is, it should either be in C:\Windows\Minidump or possibly a file C:\Windows\MEMORY.DMP. If you find either, copy the file to your desktop (right-click the file and select Copy then right-click on the background of your desktop and select Paste) then ZIP and attach the file to your next post. To zip the file(s), right-click on the copy you placed on your Desktop and hover your mouse over Send to... and select Compressed (zipped) folder then attach the resulting ZIP file to your next reply here. Link to post Share on other sites More sharing options...
cybot Posted March 14, 2018 Author ID:1224067 Share Posted March 14, 2018 oddly enough, even though i let the computer sit and make the dumps (or whatever it does) at the crash screen, there is no Memory.dmp and there is nothing in the Minidump folder. I even dropped to cmd prompt and check for the files using dir memory.dmp /a and dir *.* /a in the minidump folder. I had let the computer sit and let it restart my system when it was ready too, so i would have thought that at least some kind of dump would be generated. Link to post Share on other sites More sharing options...
exile360 Posted March 14, 2018 ID:1224069 Share Posted March 14, 2018 It could be that Windows isn't configured to create them. You can enable that feature as shown here so that if it does happen again the dump files will be created. In the meantime, we'll see if anyone has any other ideas for troubleshooting the issue, though a clean install might be a good idea just to make sure there aren't any problems with it that may have caused this to happen. To perform a clean install, just follow the instructions in this support article. Once that's done, go ahead and create a new set of logs via the above instructions so that we may compare the old installation to the new to see if anything stands out as odd. Thanks Link to post Share on other sites More sharing options...
cybot Posted March 14, 2018 Author ID:1224071 Share Posted March 14, 2018 windows is indeed set to make dumps. It should have mad an active memory dump when things went south. according to windows advanced settings, the dumps should be in %SystemRoot%\MEMORY.DMP, but there isn't any that i could find...... this is odd since it spent like 10 minutes sitting there with a percentage counter counting upto 100%. Link to post Share on other sites More sharing options...
exile360 Posted March 14, 2018 ID:1224074 Share Posted March 14, 2018 Yeah, it could have been some kind of error that caused the file not to be written, or if you run any sort of temp/junk file cleaner like CCleaner etc. then that could have deleted it also. Link to post Share on other sites More sharing options...
cybot Posted March 14, 2018 Author ID:1224078 Share Posted March 14, 2018 the only cleaner i ever run is the disk cleanup utility included with windows, but i have not run it yet this month, and the error only occurred this afternoon. so i'm going with "some kind of error caused the file not to be written." I ran the mbam cleaner thingie you linked too, and i have attached the log generated, just in case. mb-clean-results.txt Link to post Share on other sites More sharing options...
exile360 Posted March 14, 2018 ID:1224079 Share Posted March 14, 2018 Well done Hopefully it doesn't happen again, but if it does then go ahead and post up a fresh set of diagnostic logs as you did before (along with the crash dump if one gets created of course) and we'll take a look to see what's going on, but hopefully it was just a one-off occurrence. For now I think we should just wait to see how it goes since it has only happened the one time, and hopefully the incident won't repeat itself but if it does or if you have any other problems, issues or questions please don't hesitate to let us know. I'll keep an eye on this thread in case anything new comes up. Link to post Share on other sites More sharing options...
plb4333 Posted March 14, 2018 ID:1224096 Share Posted March 14, 2018 2 hours ago, cybot said: windows is indeed set to make dumps. It should have mad an active memory dump when things went south. according to windows advanced settings, the dumps should be in %SystemRoot%\MEMORY.DMP, but there isn't any that i could find...... this is odd since it spent like 10 minutes sitting there with a percentage counter counting upto 100%. Do you have hidden files set to be seen, in folder properties, globally? Link to post Share on other sites More sharing options...
cybot Posted March 14, 2018 Author ID:1224098 Share Posted March 14, 2018 in command prompt, the commands i used, even if they were hidden, would have been listed dir with the /a flag shows files regardless if they are hidden, system, or otherwise. Link to post Share on other sites More sharing options...
Breach Posted March 14, 2018 ID:1224114 Share Posted March 14, 2018 (edited) 6 hours ago, cybot said: i was prompted to upgrade to the latest version of MBAM Premium the other night, and then today as i was sitting in front of my PC doing something else, my system suddenly went BSOD. or would that be GSOD (green screen of death)? the error on the crash screen, was "System scan at raised IRQL caught improper driver unload. caused by: MWAC.SYS it hasn't happened again, yet. but this seemed like an unusual enough error that i should report it. Same issue (see below). I see you're also running ESET like me, so that seems related. It doesn't happen on my laptop where I don't have ESET. Edited March 14, 2018 by Breach Link to post Share on other sites More sharing options...
nikhils Posted March 14, 2018 ID:1224247 Share Posted March 14, 2018 Hi @Breach, We are tracking this issue internally. Thank you for proving the dumps to us. We will also try to reproduce this issue in house. Will keep you posted. Thank you. Link to post Share on other sites More sharing options...
cybot Posted March 14, 2018 Author ID:1224282 Share Posted March 14, 2018 issue happened again this morning, i have a dump this time, but it's 3.53 Gb in size. i don't think the forum will allow me to attach a file of that size. Should I try to post the file to my onedrive and then post a link? And, @breach, yes.... I am indeed running ESET. You must have found some of my previous posts or something. currently I have ESET EIS 11 no problems with it though Link to post Share on other sites More sharing options...
nikhils Posted March 14, 2018 ID:1224283 Share Posted March 14, 2018 Hello @cybot You ca use filemail to send the file : https://www.filemail.com/ The best way to send that file is to first copy it from it's current location to your desktop. Then, zip it before sending. If you use a third party archive tool such as WinRAR or 7zip, it can usually compress quite a bit more than with Windows' native zip utility. I'll send you a Private Message with an email address you can use with Filemail. Thank you for your help. Link to post Share on other sites More sharing options...
Firefox Posted March 14, 2018 ID:1224284 Share Posted March 14, 2018 You can use WeTransfer for uploading crash dumps Upload File(s) to WeTransfer: Visit WeTransfer.com Click on I Agree Click on the icon on the lower left indicated in the below image Select the Link option Click on +Add Files Browse to the location of the file and double-click on it or click once on it and select Open Click on Transfer Once the transfer completes, click on Copy link Once you receive the Copied! message as indicated below, paste the link into your next reply (or PM the link to @nikhils ) Link to post Share on other sites More sharing options...
nikhils Posted March 14, 2018 ID:1224285 Share Posted March 14, 2018 Thank you @Firefox @cybot I sent you a PM with some more information. Thank you. Link to post Share on other sites More sharing options...
cybot Posted March 14, 2018 Author ID:1224286 Share Posted March 14, 2018 the we transfer upload may not work for me, as the file, even when compressed, is over 3Gb Link to post Share on other sites More sharing options...
cybot Posted March 14, 2018 Author ID:1224287 Share Posted March 14, 2018 (edited) also sending the dump, even compressed, to the email you pm'ed me will not work. My ISP only allows attachments of 15Mb's. I know this because i once tried to send a 30 second video i took to my dad via email Edited March 14, 2018 by cybot Link to post Share on other sites More sharing options...
exile360 Posted March 14, 2018 ID:1224289 Share Posted March 14, 2018 You can use a tool such as one of the ones described on this page or WinRAR to split the file into smaller separate files that can be divided then uploaded as smaller files then once the guys download them, they can then merge them back into a single file for analysis. Link to post Share on other sites More sharing options...
cybot Posted March 14, 2018 Author ID:1224290 Share Posted March 14, 2018 i can split the files if that's ok, I always try to avoid doing that since, it increases the chance imo of losing the file to corruption. I clicked the link for the we transfer thing, but the only thing that came up was to sign up for the service, not what was described in the post. please advise. Link to post Share on other sites More sharing options...
exile360 Posted March 14, 2018 ID:1224291 Share Posted March 14, 2018 If you go here and click on the Take me to Free button on the left, it should allow you to go through the process to upload the file for free. Agree to the terms of use then click the ... button and select Send as Link then click the ... button again and it should give you a button to select and upload the file. Link to post Share on other sites More sharing options...
Recommended Posts