Jump to content

Recommended Posts

I kept getting this runtime error 5 invalid procedure call or argument when I would try to run Malwarebytes. It would get to zipfldr.dll in the scanning and would present this error. I even tried telling malwarebytes to only scan the registry and this same error would happen at this same spot.

I tried running spybot and super antispyware and while they did find things and removed them I still had the same problems.

Note - I found the following files in step one and then also found another post that was talking about removing them so I knew I was on the right track.

Step 1 (this is most likely what fixed it)

So I booted into bartpe from a CD and started exploring the c:\windows\system32\drivers folder and found the following suspect files

.sys - (this was suspect because it had no file name before the extension)

(.sys - (this had a weird name so that's why I assumed it suspect)

Internet Explorer.sys - (I didn't feel this should be there so it was suspect)

rootmdm.sys - (this I think is legitimate from another rootkit scanner but I wanted to be safe)

I renamed the files as the following:

~.sys

~(.sys

~Internet Explorer.sys

~rootmdm.sys

Step 2 (I don't think this helped but I wanted to let people know what I did)

I also found the following files in the c:\windows\system32\ folder:

atifglpf.xml - (I think this has something to do with dell installing software on new computers but better safe than sorry)

KGyGaAvl.sys - (I believe this has to do with Divx but again safe than sorry)

l_except.nls - (this is probably fine but I thought I saw it mentioned in another scan as bad so I picked up on it)

Again I renamed the files as the following:

~atifglpf.xml

~KGyGaAvl.sys

~L_except.nls

Also while I was in there I deleted and .tmp files I found in the Windows directory and the windows\system32 directory.

I rebooted into windows and ran a malwarebytes scan and it completed successfully (it didn't find anything though)

Maybe this will be useful for others.

Link to post
Share on other sites

Step 1 (this is most likely what fixed it)

So I booted into bartpe from a CD and started exploring the c:\windows\system32\drivers folder and found the following suspect files

.sys - (this was suspect because it had no file name before the extension)

(.sys - (this had a weird name so that's why I assumed it suspect)

Maybe this will be useful for others.

Great! This is exactly the problem I've been having and had given up. So had the guys here.

http://www.malwarebytes.org/forums/index.p...19088&st=20

The problem is just the one file:

.sys

This makes a great deal of sense now because the error was a VB error and it's obvious that VB didn't like an extension with no name being passed to it.

FIW. There is no need to dip out of windows or go into safe mode, just delete or rename the file and Mbam runs again.

Perhaps this is worth a sticky as the developers didn't track this one down and others may be having this problem.

thanks for your post.

Link to post
Share on other sites

  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.