Jump to content

BSOD caused by MWAC.sys

cybot
 Share

Recommended Posts

cybot

cybot

Posted
Posted

i was prompted to upgrade to the latest version of MBAM Premium the other night, and then today as i was sitting in front of my PC doing something else, my system suddenly went BSOD. or would that be GSOD (green screen of death)?

the error on the crash screen, was "System scan at raised IRQL caught improper driver unload. caused by: MWAC.SYS

 

it hasn't happened again, yet. but this seemed like an unusual enough error that i should report it.

Link to post
Share on other sites
  • Staff
Malwarebytes

Malwarebytes

Posted
  • Staff
Posted

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven't done so already, please run these two tools and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Farbar Recovery Scan Tool (FRST)
    1. Download FRST and save it to your desktop
      Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
    2. Double-click to run FRST and when the tool opens click "Yes" to the disclaimer
    3. Press the "Scan" button
    4. This will produce two files in the same location (directory) as FRST: FRST.txt and Addition.txt
      • Leave the log files in the current location, they will be automatically collected by mb-check once you complete the next set of instructions
  • MB-Check
    1. Download MB-Check and save to your desktop
    2. Double-click to run MB-Check and within a few second the command window will open, press "Enter" to accept the EULA then click "OK" 
    3. This will produce one log file on your desktop: mb-check-results.zip
      • This file will include the FRST logs generated from the previous set of instructions
      • Attach this file to your forum post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites
exile360

exile360

Posted
Posted

Greetings,

Are you running version 3.4.4 of Malwarebytes?  If so, please post the requested diagnostic logs mentioned in the above automated reply, but if not, then please go ahead and open Malwarebytes and navigate to Settings>Application and click the Install Application Updates button and follow the prompts to download and install the latest version, rebooting if necessary to complete the installation process.

Link to post
Share on other sites
exile360

exile360

Posted
Posted

Thanks, could you also please check to see if there is a .dmp file created from the incident?  If there is, it should either be in C:\Windows\Minidump or possibly a file C:\Windows\MEMORY.DMP.  If you find either, copy the file to your desktop (right-click the file and select Copy then right-click on the background of your desktop and select Paste) then ZIP and attach the file to your next post.  To zip the file(s), right-click on the copy you placed on your Desktop and hover your mouse over Send to... and select Compressed (zipped) folder then attach the resulting ZIP file to your next reply here.

Link to post
Share on other sites
cybot

cybot

Posted
  • Author
Posted

oddly enough, even though i let the computer sit and make the dumps (or whatever it does) at the crash screen, there is no Memory.dmp and there is nothing in the Minidump folder. I even dropped to cmd prompt and check for the files using dir memory.dmp /a and dir *.* /a in the minidump folder. I had let the computer sit and let it restart my system when it was ready too, so i would have thought that at least some kind of dump would be generated.

Link to post
Share on other sites
exile360

exile360

Posted
Posted

It could be that Windows isn't configured to create them.  You can enable that feature as shown here so that if it does happen again the dump files will be created.

In the meantime, we'll see if anyone has any other ideas for troubleshooting the issue, though a clean install might be a good idea just to make sure there aren't any problems with it that may have caused this to happen.  To perform a clean install, just follow the instructions in this support article.

Once that's done, go ahead and create a new set of logs via the above instructions so that we may compare the old installation to the new to see if anything stands out as odd.

Thanks

Link to post
Share on other sites
cybot

cybot

Posted
  • Author
Posted

windows is indeed set to make dumps. It should have mad an active memory dump when things went south. according to windows advanced settings, the dumps should be in %SystemRoot%\MEMORY.DMP, but there isn't any that i could find...... this is odd since it spent like 10 minutes sitting there with a percentage counter counting upto 100%.

Link to post
Share on other sites
cybot

cybot

Posted
  • Author
Posted

the only cleaner i ever run is the disk cleanup utility included with windows, but i have not run it yet this month, and the error only occurred this afternoon. so i'm going with "some kind of error caused the file not to be written."

I ran the mbam cleaner thingie you linked too, and i have attached the log generated, just in case.

mb-clean-results.txt

Link to post
Share on other sites
exile360

exile360

Posted
Posted

Well done :)

Hopefully it doesn't happen again, but if it does then go ahead and post up a fresh set of diagnostic logs as you did before (along with the crash dump if one gets created of course) and we'll take a look to see what's going on, but hopefully it was just a one-off occurrence.

For now I think we should just wait to see how it goes since it has only happened the one time, and hopefully the incident won't repeat itself but if it does or if you have any other problems, issues or questions please don't hesitate to let us know.  I'll keep an eye on this thread in case anything new comes up.

Link to post
Share on other sites
plb4333

plb4333

Posted
Posted
2 hours ago, cybot said:

windows is indeed set to make dumps. It should have mad an active memory dump when things went south. according to windows advanced settings, the dumps should be in %SystemRoot%\MEMORY.DMP, but there isn't any that i could find...... this is odd since it spent like 10 minutes sitting there with a percentage counter counting upto 100%.

Do you have hidden files set to be seen, in folder properties, globally?

Link to post
Share on other sites
Breach

Breach

Posted
Posted (edited)
6 hours ago, cybot said:

i was prompted to upgrade to the latest version of MBAM Premium the other night, and then today as i was sitting in front of my PC doing something else, my system suddenly went BSOD. or would that be GSOD (green screen of death)?

the error on the crash screen, was "System scan at raised IRQL caught improper driver unload. caused by: MWAC.SYS

 

it hasn't happened again, yet. but this seemed like an unusual enough error that i should report it.

Same issue  (see below). I see you're also running ESET like me, so that seems related. It doesn't happen on my laptop where I don't have ESET.

 

Edited by Breach
Link to post
Share on other sites
cybot

cybot

Posted
  • Author
Posted

issue happened again this morning, i have a dump this time, but it's 3.53 Gb in size. i don't think the forum will allow me to attach a file of that size. 

Should I try to post the file to my onedrive and then post a link?

And, @breach, yes.... I am indeed running ESET. You must have found some of my previous posts or something. currently I have ESET EIS 11 no problems with it though

 

 

Link to post
Share on other sites
nikhils

nikhils

Posted
Posted

Hello  @cybot

You ca use filemail to send the file : https://www.filemail.com/

The best way to send that file is to first copy it from it's current location to your desktop. Then, zip it before sending. If you use a third party archive tool such as WinRAR or 7zip, it can usually compress quite a bit more than with Windows' native zip utility.

I'll send you a Private Message with an email address you can use with Filemail.

Thank you for your help.

Link to post
Share on other sites
Firefox

Firefox

Posted
Posted

You can use WeTransfer for uploading crash dumps

Upload File(s) to WeTransfer:

  • Visit WeTransfer.com
  • Click on I Agree
    4ENbg3P.png
  • Click on the icon on the lower left indicated in the below image
    qKOjzXD.png
  • Select the Link option
    Cyzhcx1.png
  • Click on +Add Files
    CvZMyrC.png
  • Browse to the location of the file and double-click on it or click once on it and select Open
    S5Ty834.png
  • Click on Transfer
    8eYfZGi.png
  • Once the transfer completes, click on Copy link
    fkb0tkR.png
  • Once you receive the Copied! message as indicated below, paste the link into your next reply (or PM the link to @nikhils )
    ndpEstA.png

Link to post
Share on other sites
cybot

cybot

Posted
  • Author
Posted (edited)

also sending the dump, even compressed, to the email you pm'ed me will not work. My ISP only allows attachments of 15Mb's. I know this because i once tried to send a 30 second video i took to my dad via email

Edited by cybot
Link to post
Share on other sites
cybot

cybot

Posted
  • Author
Posted

i can split the files if that's ok, I always try to avoid doing that since, it increases the chance imo of losing the file to corruption.

I clicked the link for the we transfer thing, but the only thing that came up was to sign up for the service, not what was described in the post. please advise.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.