Jump to content
spurkza

Win7 BSOD *immediately* upon clean install of MBAM 3.6.1

Recommended Posts

MBAM 3.5.1 Premium for Windows 7 on a 32-bit Dell laptop worked fine.  Tried to install MBAM 3.6.1 days ago first without clean install and BSOD upon reboot.  Did a clean install today using the MBAM Support Tool and after rebooting and almost at the end of the reinstalling, a blue screen of death again.  I have attached logs.  I also have the MEMORY.DMP file zipped, but its 139 MB, so if you need, please let know how to send.  I also ran a full drive security scan with MBAM v3.5.1 just prior to the 3.6.1 clean install and no malware found.

Other security software on this machine Zone Alarm Firewall and Anti-Virus Pro v15.3.060.17669 and SpyShelter Premium v11.2, both latest versions.  

I have reverted back to MBAM v3.5.1 until this issue is resolved.

mbst-grab-results.zip

mbst-clean-results.txt

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Download Malwarebytes Support Tool
  • Once the file is downloaded, open your Downloads folder/location of the downloaded file
  • Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  • Place a checkmark next to Accept License Agreement and click Next
  • You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!"
  • Click the Advanced Options link

    welcome mbst.png
     
  • Click the Gather Logs button

    gatherlogs.png
     
  • A progress bar will appear and the program will proceed to gather troubleshooting information from your computer
  • Upon completion, click OK
  • A file named mbst-grab-results.zip will be saved to your Desktop
  • Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:

     notify me.jpeg  


    Click "Reveal Hidden Contents" below for details on how to attach a file:
     
    Spoiler

    To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

    mb_attach.jpg.220985d559e943927cbe3c078b
     

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Share this post


Link to post
Share on other sites

Hi @spurkza - Can you upload the zipped memory dump to wetransfer.com and use the "send as link" option from Add your files > settings

Once uploaded, can you send the link to me via Private Message please?

Also, the FRST logs captured by the Malwarebytes Support tool seem incomplete. Would you mind running it separately and attaching those logs to a reply here?

Create and obtain Farbar Recovery Scan Tool (FRST) logs

  1. Download FRST and save it to your desktop
    Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
  2. Double-click to run FRST and when the tool opens click "Yes" to the disclaimer
  3. Press the "Scan" button
  4. This will product two files in the same location (directory) as FRST: FRST.txt and Addition.txt

 

Share this post


Link to post
Share on other sites

@tetonbob just sent you by private message the wetransfer link to the memory dump file (zipped), and the Farbar Recovery Scan Tool (FRST) logs

 

 

Share this post


Link to post
Share on other sites

Hi spurkza - thanks for uploading the files. I've forwarded the crash dump to our Dev team for detailed analysis. At first glance in my own cursory analysis of the dump, it looks to me like SpyShelter.sys is implicated in the crash.

If you temporarily uninstall or disable SpyShelter, does the crash still happen? I understand that what changed most recently on your system was Malwarebytes but our drivers are not in the stack trace, from what I can see.

Thanks,

Bob

Something I noticed while reviewing the FRST logs is that there are some Trend Micro drivers installed; two are running but not all are. Have you recently uninstalled Trend Micro Titanium? If so, you may want to run their uninstall tool:

https://esupport.trendmicro.com/en-us/home/pages/technical-support/maximum-security/1115650.aspx?referral=1104855

I'm not saying this is related to the BSOD you reported, but it could help clear the decks of unnecessary drivers.

 

Thanks Tetonbob - I did have Trend Micro on the machine years ago, though uninstalled then, your link cleanly uninstalled it.  With that gone after a reboot, I was able to install MBAM 3.6.1.  On next reboot, blue screen of death, but on following reboot I quickly disabled and exited SpyShelter prior to MBAM loading which then loaded normally.  The prior one-time disabling and exiting of SpyShelter I surmise must have allowed something to set properly in MBAM.  A few reboots later, no blue screens of death and MBAM loading normally, so keeping my fingers crossed and monitoring for next few days.

Share this post


Link to post
Share on other sites

Hi spurkza - thanks for the update. Please do keep me informed as you monitor over the next few days.

For what it's worth, I tried replicating the issue locally, with SpyShelter, ZoneAlarm and Malwarebytes, upgrading from 3.5.1 to 3.6.1, and so far have been unable to.

Kind regards,

Bob

Share this post


Link to post
Share on other sites

Had a couple of blue screen of death crashes yesterday.  What done since was a clean uninstall of MBAM, rebooted, then deleted all security rules in SpyShelter and ZoneAlarm firewall which were related to MBAM prior version or versions installed and used, then reinstalled MBAM 3.6.1.  A number of reboots later, fingers crossed, all is well.

Share this post


Link to post
Share on other sites

Hi Tetonbob - again the dreaded blue screen of death.  I have reverted back to MBAM 3.5.1 which is at least stable on my system.  With all done above, I am at a loss how to remedy to upgrade to 3.6.1.  Removing SpyShelter anti-logging software permanently which encrypts keystrokes and data transmissions is not an option as this is protection as perceive the greater security threat - key loggers and screen capture which can readily steal your identity.  Until now, MBAM and SpyShelter acted nicely together.  I am sending to you in the next minutes a private message with the wetransfer link to the latest zipped version of MEMORY.DMP for your and your team's further analysis.  Thanks.

Share this post


Link to post
Share on other sites

Hi spurkza. Thanks, I'll get this to the developers. Again, SpyShelter is the driver involved in the crash and our drivers are not in the stack. Have you reported this to their team as well?

If you add exclusions for SpyShelter into Malwarebytes, does that resolve the issue?

Does this crash happen during a scan, or when Windows loads, or at some other time?

Thanks,

Bob

Hi Tetonbob - The crash happens when Windows is nearly finished loading, that is the screen where you have the system and personal icons on the screen and in the system tray.  In loading, SpyShelter loads early on, and Malwarebytes is the one of the last to load.  MBAM 3.6.1 does not crash while scanning, at least not in the initial scan after installing before any reboots.

When I install MBAM, rules are Automatically added to SpyShelter so it is a program it recognizes.  I do not see anywhere for exclusions.  I will open a support ticket with SpyShelter and refer them to the Malwarebytes forum thread on this issue and providing them also the Memory dump file.

Share this post


Link to post
Share on other sites

Thanks for that additional detail. For exclusions, I meant adding SpyShelter files into Malwarebytes exclusions from the Settings > Exclusions tab as detailed here:
https://support.malwarebytes.com/docs/DOC-1130

Something else we might try if you don't mind, when you get time, would be to delay the protection start of Malwarebytes to see if letting it load later will help. That can be done from the Settings > Protection tab > Delay Real-Time Protection when Malwarebytes starts.

I understand BSOD can be disruptive, but so far I've been unable to reproduce this issue, so any additional steps you'd be willing to try with 3.6.1 installed would be greatly appreciated.

  On 10/17/2018 at 10:34 AM, spurkza said:

Tetonbob - I added folder C:\Program Files\SpyShelter Premium to the Malwarebytes exclusions list.  I tried toggling from Off to On the setting for Delay Real-Time Protection when Malwarebytes starts, but every time leave the Protection settings screen, that setting unsets.  Nonetheless, first reboot after reinstalling 3.6.1, no BSOD.  But other troubleshooting, it took several reboots for the BSOD appears.  I will be more comfortable if no BSOD appears after 48 hours, but no so far not yet in all the troubleshooting.

As far as SpyShelter tech support, they are in Poland, several hours difference than USA time, so it may be tomorrow before hear back from them.

OK, the exclusions added cover the SpyShelter.sys file being implicated in the crashes, which is the main file I was wanting to exclude.

Interesting about the delay start setting. That should not happen. I wonder if you Quit Malwarebytes via the tray icon, relaunch and try again, if it remains in the On position.

Another possible step to try to isolate if there is something in the new version of Malwarebytes causing the bad interaction between the 2 programs would be to disable Malware Protection for a time. Of course, that leaves the machine not as well protected, so I leave that decision in your hands.

With regards the protection delay start setting, my colleagues noted there is a known issue where if you slide the toggle rather than click on it, the setting is not retained.

Hi Tetonbob - SpyShelter tech support provided me a unofficial test updated version of their software.  So far so good after two reboots, but will continue to monitor the next day or so.  p.s. While using their test version, I undid the MBAM exclusion and other setting change you mentioned above.

Hi spurkza. Thanks for the continued updates. Please do keep me apprised of your status over the next few days.

Hi spurkza. I wanted to check in with you about the stability of your system, with the test version of SpyShelter alongside Malwarebytes 3.6.1

Our developers have not seen any indications implicating our drivers in the crash dumps.

Thanks,

Bob

Hi Bob / tentonbob - As of today, I am testing a new test build from SpyShelter with MBAM 3.6.1.  Three reboots so far, no BSODs, but giving this 24-36 hours until later tomorrow Thursday and let you know then.  Thanks, Scott

Great, thanks Scott. You might also be interested to know, we have a new Component Update which is currently in Beta, and should be shipped later today. Version is 1.0.482 and it will be delivered in a metered fashion, or the metering can be bypassed by using the Settings > Application > 'Install Application Updates' button

Kind regards,

Bob

Hi Bob - After two days of testing a new test build from SpyShelter with MBAM 3.6.1, no BSODs.

  • Drag files here to attach, or choose files... 
    Accepted file types doc, csv, docx, dmp, gif, gz, jpg, log, mp3, mp4, png, pdf, psd, rar, wmv, xls, xlsx, zip, txt, 7zip, 7z, jpeg, mov, po · Max total size 58.59MB
  • Insert other media 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.