Jump to content

mwac.sys BSoD


Recommended Posts

Hi,

 

Just had a BSoD (technically a Green Screen of Death) out of nowhere, with the file mwac.sys being the culprit, so thought I'd report it here so should anyone else get this it can be looked at.

 

I am running Windows 10 Build 2004 (Fast-track insiders build) and the Malwarebytes Premium version 4.0.4.49. Update version 1.0.17453 and Component package version 1.0.793 

 

I have attached the required mb-check file

mb-check-results.zip

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column

    mbst_get_started.jpg
     
  7. Click the Gather Logs button

    mbst_advanced_gather_logs.jpg
     
  8. A progress bar will appear and the program will proceed with getting logs from your computer

    mbst_getting_logs.jpg
     
  9. Upon completion, a file named mbst-grab-results.zip will be found on your Desktop. Click OK

    mbst_log_saved_desktop.jpg
     
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:

     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

Link to post
Share on other sites

Here are the mbst-grab-results as well.

 

Please note that I first ran the Repair part of the Malwarebytes Support Tool accidentally, which reinstalled MBAM and rebooted the machine. I then gathered the results by running the tool again. This may have skewed the logs for you if the repair function removed the previous issue logs.

 

 

mbst-grab-results.zip

Link to post
Share on other sites

1 hour ago, TheGift73 said:

Here are the mbst-grab-results as well.

Do not if it related or not, Are using any firewall controls to block "ig.exe"?

Quote

FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4
MB IG2Prot ALE Resource Assignment Filter PID and Path: [00000000000023E0]"\Device\HarddiskVolume6\Users\Dickie\AppData\LocalLow\IGDump\bldqhnsugkuajcfqjncylhgqsqqswvxj\ig.exe"    Add rule to block socket bind attempts by App PID and Path, even in raw mode.

FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V6
MB IG2Prot ALE Resource Assignment Filter PID and Path: [00000000000023E0]"\Device\HarddiskVolume6\Users\Dickie\AppData\LocalLow\IGDump\bldqhnsugkuajcfqjncylhgqsqqswvxj\ig.exe"    Add rule to block socket bind attempts by App PID and Path, even in raw mode.

 

Link to post
Share on other sites

@Porthos I'm not seeing anything related to ig.exe in my current firewall rules.

 

I'm running Windows Defender Firewall, and haven't ever made any specific changes to this with the exception of letting certain programs though. Those changes though would have been made a while ago now.

Link to post
Share on other sites

Just now, TheGift73 said:

@Porthos I'm not seeing anything related to ig.exe in my current firewall rules.

 

I'm running Windows Defender Firewall, and haven't ever made any specific changes to this with the exception of letting certain programs though. Those changes though would have been made a while ago now.

Just asking. There have been people looking on how to block that and MB needs it for the cloud component .

 

Link to post
Share on other sites

Hi @TheGift73,

Thanks for the report. Those WFP filters involving ig.exe are normal.

When the GSOD occurred, what sort of activities were currently being performed on the computer?
To confirm, has this only occurred once?

Could you zip up and provide us with the following file please: C:\WINDOWS\MEMORY.DMP
You will unlikely be able to attach the file to a forum post. In which case, please upload the file to a file hosting service of your choice (Google Drive, Dropbox, WeTransfer, etc) and provide a download link.

Thank you!

Link to post
Share on other sites

Hi I'm having the same blue screen.After the reboot, MBAM comes back with the layer "malware and PUP protection" turned off. I can turn it back on and the blue screen happens again a couple of hours later. So far I have downloaded the support tool and ran repair which removes then reinstall MBAM, but the issue persists. 

The first BSOD happened yesterday (Thursday) morning. and so far it has happened 4 times. 

Thanks

BSOD GSOD MWAC.sys

Link to post
Share on other sites

You could either disable Web Protection in your current version, revert to an earlier Malwarebytes version 4 component package version (download URL) or revert to Malwarebytes version 3.x (download URL).

If you disable Web Protection, you may want to also prevent the real-time protection disabled notifications from showing (until you re-enable Web Protection). The option can be found in Settings -> Notifications.

If you revert to a previous Malwarebytes version, you will need to disable the "Application updates" settings found in Settings -> General. Once we release a fix, you will need to update to the fixed version manually.

Edited by LiquidTension
Link to post
Share on other sites

1 hour ago, justforup said:

What the...I was planning to install it again after two months without MBAM lol. I'm done with this app. For paid product ppl shouldn't be beta testers. I would expect flawless product.

Can delete my post or account if want. GL.

Good luck in your search for a "flawless" software product. Let us know if you ever find that unicorn.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.