Jump to content

MBAM 2.2.1: No Definitions Updates after May 19


Recommended Posts

Hello, I'm still hanging onto the old MBAM 2.2.1.1043 esp. on my XP machines.  Have been successfully performed manual definitions updates daily, until after May 19.
It's May 23 as we speak and the Database version is still stuck at v2022.05.19.04.

I know there have been previous situations where the databases have not been updated for a few days, but after which things have gotten back to normal.  This time however, pressing "Updates" multiple times would still result in the "No updates available" message (see attached).  It's not like the program fails to access the update server resulting in the "Cannot connect to server" message and such...

What I fear is that database support for older version may have been discontinued without further notice.  At this moment I still have not decided on upgrading to the legacy v3.5.1 as this version seems to consume more system resources (when I tried that some years back).

Anyway can someone please investigate and tell me what's going on?  That would be much appreciated.

2022-05-23_172954.jpg

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

If you are having technical issues with our Windows product, please do the following:

Malwarebytes Support Tool - Advanced Options

This feature is designed for the following reasons:

  • For use when you are on the forums and need to provide logs for assistance
  • For use when you don't need or want to create a ticket with Malwarebytes
  • For use when you want to perform local troubleshooting on your own

How to use the Advanced Options:

Spoiler
  1. Download Malwarebytes Support Tool
  2. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  3. Place a checkmark next to Accept License Agreement and click Next
  4. Navigate to the Advanced tab
  5. The Advanced menu page contains four categories:
    • Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand.
    • Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot.
    •  Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent.
    • Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program.
  6. To provide logs for review click the Gather Logs button
  7. Upon completion, click OK
  8. A file named mbst-grab-results.zip will be saved to your Desktop
  9. Please attach the file in your next reply.
  10. To uninstall all Malwarebytes Products, click the Clean button.
  11. Click the Yes button to proceed. 
  12. Save all your work and click OK when you are ready to reboot.
  13. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows.
  14. Select Yes to install Malwarebytes.
  15. Malwarebytes for Windows will open once the installation completes successfully.

Screenshots:

Spoiler
 
 
 
 
Spoiler

 

 

01.png

02.png

03.png

04.png

05.png

06.png

 

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: Find my premium license key

 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

Just now, thanh22 said:

I'm not staff or anything here, but, version 2.0 has already reached end of life so that might be the reason why.image.png.5814085862e9d212929551ce65eb7943.png

Yes I know this version has been EOL'ed long ago, but that doesn't mean definitions updates has been ceased -- unless there's official notice on that.
And just to reiterate, I have been able to update the definitions on daily basis after this software version's EOL date.

Let's hope this is only a temporary glitch.....

Link to post
Share on other sites

There's a chance that the staff at malwarebytes didn't change the servers that the programs used to update their database and perhaps they've started using a different server or something may be intercepting the connection to the database eg. malware doing so

Link to post
Share on other sites

1 minute ago, thanh22 said:

There's a chance that the staff at malwarebytes didn't change the servers that the programs used to update their database and perhaps they've started using a different server or something may be intercepting the connection to the database eg. malware doing so

Yes that's possible.  The staff from the MB need to take care of this when they ever switch servers and such, I think they have done that before which resulted in defs database updates not able to be downloaded and resulted in the "Unable to connect to server" message (although this is not quite the case here).  Let's see......

Link to post
Share on other sites

Just now, anon743 said:

Yes that's possible.  The staff from the MB need to take care of this when they ever switch servers and such, I think they have done that before which resulted in defs database updates not able to be downloaded and resulted in the "Unable to connect to server" message (although this is not quite the case here).  Let's see......

I mean, the product is quite old, so you'll probably have to do this again if an incident like this happens. Anyways, the malwarebytes staff should probably be able to fix it.

Link to post
Share on other sites

Just now, thanh22 said:

I mean, the product is quite old, so you'll probably have to do this again if an incident like this happens. Anyways, the malwarebytes staff should probably be able to fix it.

Ah yes, if I remember correctly even the final legacy version for XP/Vista has been EOL'ed but that defs database updates are still being supported.

Truth is, it's not uncommon for customers running on (and still managing) legacy systems to stick to an older AV/security software version (regardless of brand) that has been EOL'ed.  By that I mean no more program updates are available (ie. use at own risk), but any valid subscriptions are still honored and as such definitions updates are (and should be) still supported.

Link to post
Share on other sites

  • Root Admin
17 hours ago, anon743 said:

Ah yes, if I remember correctly even the final legacy version for XP/Vista has been EOL'ed but that defs database updates are still being supported.

Truth is, it's not uncommon for customers running on (and still managing) legacy systems to stick to an older AV/security software version (regardless of brand) that has been EOL'ed.  By that I mean no more program updates are available (ie. use at own risk), but any valid subscriptions are still honored and as such definitions updates are (and should be) still supported.

There are no valid "subscriptions" running a 2.x product. We will check into the issue and see if it can be corrected or not, but at this point, there is zero support for any 2.x or 3.x of Malwarebytes Antimalware for Windows.

 

Malwarebytes Product Lifecycle policy
https://support.malwarebytes.com/hc/en-us/articles/360039022993-Malwarebytes-Product-Lifecycle-policy

image.png

 


Malwarebytes Anti-Malware Product Lifecycle
https://support.malwarebytes.com/hc/en-us/articles/360038521734-Malwarebytes-Anti-Malware-Product-Lifecycle

image.png

 

Malwarebytes for Windows v3 Product Lifecycle
https://support.malwarebytes.com/hc/en-us/articles/6003466611475-Malwarebytes-for-Windows-v3-Product-Lifecycle

Malwarebytes for Windows Product Lifecycle
https://support.malwarebytes.com/hc/en-us/articles/360038521474-Malwarebytes-for-Windows-Product-Lifecycle

 

Please provide the requested logs from Bob above

Thank you

 

 

Link to post
Share on other sites

  • Root Admin

Can we get another set of logs, please?

 

Please do the following so that we can get started and see what's going on.


The Farbar Recovery Scan Tool is a free Windows utility designed to create troubleshooting logs for your computer. These logs help our Support team to identify and resolve issues with your computer.

There are two versions of the Farbar Recovery Scan Tool available for download: 32-bit and 64-bit.
To find which operating system is installed on your computer, refer to Microsoft's article: 32-bit and 64-bit Windows: Frequently asked questions

Download and launch Farbar Recovery Scan Tool

  1. Download the Farbar Recovery Scan Tool
    Do not click on any Ads.
     
  2. Locate the file you downloaded on your computer.
    Downloaded files are often saved to the Downloads folder.
     
  3. Double-click the downloaded file to run the Farbar Recovery Scan Tool.

    DOC-1318-1.png
     
  4. Windows protected your PC notification may appear. This notification is from the Windows Defender SmartScreen Filter which prevents unfamiliar apps from running on your PC.
    Disable smart screen ONLY if it interferes with software we may have to use:  What is SmartScreen and how can it help protect me?

         a.  Click More info.

    https://support.malwarebytes.com/hc/article_attachments/360051190254/DOC-1318-2.png
         b.  Click Run anyway.

    https://support.malwarebytes.com/hc/article_attachments/360051190294/DOC-1318-3.png
  5. When the User Account Control window appears, click Yes.

    image.png

     
  6. To accept the Disclaimer of warranty, click Yes.

    image.png

     
  7. Ensure only the boxes listed below are checked

    image.png

    Registry  Services  Drivers
    Processes  Internet  One month
    Addition.txt

    image.png

     

  8. Disable any Antivirus software you have installed ONLY if it stops software we may use from working.
    Please remember to re-enable any Antivirus software when we are finished running scans

    Click Scan. The scan may take a few minutes to complete.

    image.png
     

  9. When the scan completes, Farbar Recovery Scan Tool shows two messages:

  • Scan completed. FRST.txt is saved in the same directory FRST is located.

    image.png

  • Addition.txt is saved in the same directory FRST is located.

    image.png
     

  • Click OK to close each message window

 

Please attach both of those logs on your next reply, DO NOT copy/paste the contents of the logs directly

https://content.invisioncic.com/Mmalware/monthly_2018_10/_mb_attach.jpg.dbd89b8e360d3763b3bbe33ce83d680d.jpg

 

 

Thanks

 

 

Link to post
Share on other sites

17 hours ago, tetonbob said:

@anon743 - please attach the protection-log from C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\logs

Sorry I wasn't in front of the desktop for the past 18 hours or so.

Anyway see attached archive for the logs between 5-16 to 5-24

Note especially the log protection-log-2022-05-20.xml where I find the following crucial lines
*********************************************************************
 <record severity="debug" LoggingEventType="1" datetime="2022-05-20T19:55:32.250000+08:00" source="Scheduler" type="Update" username="SYSTEM" systemname="PC1" code="Unable to access update server" last_modified_tag="c0416241-740b-47a5-8832-397e912f4ae2" message="Failed" fromVersion="2022.5.19.4" name="IP Database" toVersion="2022.5.20.3"></record>
*********************************************************************
Please compare it with protection-log-2022-05-19.xml and the ones after 5-20.  Thx

mbam_logs_220516_220524.rar

Edited by anon743
Link to post
Share on other sites

1 hour ago, AdvancedSetup said:

Can we get another set of logs, please?

 

Please do the following so that we can get started and see what's going on.


The Farbar Recovery Scan Tool is a free Windows utility designed to create troubleshooting logs for your computer. These logs help our Support team to identify and resolve issues with your computer.

There are two versions of the Farbar Recovery Scan Tool available for download: 32-bit and 64-bit.
To find which operating system is installed on your computer, refer to Microsoft's article: 32-bit and 64-bit Windows: Frequently asked questions

Download and launch Farbar Recovery Scan Tool

  1. Download the Farbar Recovery Scan Tool
    Do not click on any Ads.
     
  2. Locate the file you downloaded on your computer.
    Downloaded files are often saved to the Downloads folder.
     
  3. Double-click the downloaded file to run the Farbar Recovery Scan Tool.

    DOC-1318-1.png
     
  4. Windows protected your PC notification may appear. This notification is from the Windows Defender SmartScreen Filter which prevents unfamiliar apps from running on your PC.
    Disable smart screen ONLY if it interferes with software we may have to use:  What is SmartScreen and how can it help protect me?

         a.  Click More info.

    https://support.malwarebytes.com/hc/article_attachments/360051190254/DOC-1318-2.png
         b.  Click Run anyway.

    https://support.malwarebytes.com/hc/article_attachments/360051190294/DOC-1318-3.png
  5. When the User Account Control window appears, click Yes.

    image.png

     
  6. To accept the Disclaimer of warranty, click Yes.

    image.png

     
  7. Ensure only the boxes listed below are checked

    image.png

    Registry  Services  Drivers
    Processes  Internet  One month
    Addition.txt

    image.png

     

  8. Disable any Antivirus software you have installed ONLY if it stops software we may use from working.
    Please remember to re-enable any Antivirus software when we are finished running scans

    Click Scan. The scan may take a few minutes to complete.

    image.png
     

  9. When the scan completes, Farbar Recovery Scan Tool shows two messages:

  • Scan completed. FRST.txt is saved in the same directory FRST is located.

    image.png

  • Addition.txt is saved in the same directory FRST is located.

    image.png
     

  • Click OK to close each message window

 

Please attach both of those logs on your next reply, DO NOT copy/paste the contents of the logs directly

https://content.invisioncic.com/Mmalware/monthly_2018_10/_mb_attach.jpg.dbd89b8e360d3763b3bbe33ce83d680d.jpg

 

 

Thanks

 

 

See attached, thx

FRST_220524.txt Addition_220524.txt

Link to post
Share on other sites

2 hours ago, janonrawr said:

Really hope they get version 2 updating again. I do not like the resource usage of 3 or 4. Everything was working great until someone decided to change something on their end. Please fix this!

protection-log-2022-05-24.txtUnavailable

I agree on the resource usage regarding version 3.  Was forced to update to v3.x some years back so I tried it but the program gave me other issues; it just wans't a pleasant experience.  Eventually uninstalled it and reinstalled 2.2.1 which is more compact (and simple) and doesn't consume much system resource (which is crucial esp. on older system hardware).

No comment on version 4 though as I will not foresee myself even trying it.  Even with a (slightly more) modern system like w7 I'll probably remain in legacy 3.5.1 for a plethora of reasons.

Link to post
Share on other sites

  • Root Admin

Thank you for the logs @anon743 I've posted them to the internal team to have them reviewed.

I am going to laugh though in good nature. If you're running Norton Internet Security and worried about resource usage.

 

Uninstalling Bonjour and resetting your Winsock would potentially correct your issue.

Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll => No File  ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 02 %SystemRoot%\System32\winrnr.dll => No File  ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Winsock: Catalog5 03 %SystemRoot%\System32\mswsock.dll => No File  ATTENTION: LibraryPath should be "%SystemRoot%\system32\mswsock.dll"
Winsock: Catalog5 04 %SystemRoot%\system32\wshbth.dll => No File
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)

 

I would recommend you try the following. Temporarily disable Norton Antivirus then open an admin-level command prompt and type in each of the following, and press the Enter key after each line.

netsh int reset all
netsh int ip reset c:\resetlog.txt
netsh int ipv6 reset
netsh winsock reset

Then restart the computer and run Malwarebytes and check for updates

 

Link to post
Share on other sites

  • Root Admin

The computer does show signs of potentially being infected, or at least not set up and running things optimally

U3 a0vmqbhg; C:\Windows\System32\Drivers\a0vmqbhg.sys [0 0000-00-00] (Microsoft Corporation) <==== ATTENTION [zero byte File/Folder]

 

System errors:
=============
Error: (05/24/2022 03:19:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NDSPCIIO service failed to start due to the following error:
The system cannot find the file specified.


S3 NDSPCIIO; \??\C:\WINDOWS\system32\DRIVERS\NDSPCIIO.SYS [X]

 

Error: (05/24/2022 03:05:47 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Routing and Remote Access service terminated with service-specific error 340 (0x154).

 

Considering the age of the computer and the unlikely need of any of these scheduled tasks one could probably consider removing most if not all of them.

Task: C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Customer\LOCALS~1\Temp\djsnetcn.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\DOCUME~1\Customer\LOCALS~1\Temp\djsnetcn.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\DOCUME~1\Customer\LOCALS~1\Temp\djsnetcn.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\DOCUME~1\Customer\LOCALS~1\Temp\ncpsec.exe
Task: C:\WINDOWS\Tasks\DivXUpdate.job => C:\Program Files\Common Files\DivX Shared\DivX Update\DivXUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job => c:\Program Files\Microsoft IntelliType Pro\itype.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-117609710-630328440-1801674531-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-117609710-630328440-1801674531-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-117609710-630328440-1801674531-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-117609710-630328440-1801674531-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-117609710-630328440-1801674531-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-18.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-117609710-630328440-1801674531-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-117609710-630328440-1801674531-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-18.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-630328440-1801674531-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-630328440-1801674531-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\ReclaimerUpdateFiles_ALFRED.job => C:\Documents and Settings\ALFRED\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\ReclaimerUpdateXML_ALFRED.job => C:\Documents and Settings\ALFRED\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\RegCure Program Check.job => C:\Program Files\RegCure\RegCure.exeShowReminders C:\Program Files\RegCure\regcure.exe
Task: C:\WINDOWS\Tasks\RegCure Startup.job => C:\Program Files\RegCure\RegCure.exe-Tray C:\Program Files\RegCure\regcure.exe
Task: C:\WINDOWS\Tasks\RegCure.job => C:\Program Files\RegCure\RegCure.exe-t C:\Program Files\RegCure\regcure.exe
Task: C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_ALFRED.job => C:\Documents and Settings\ALFRED\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe

IE is probably the last web browser you'd want to run on an old End Of Life Windows XP

Link to post
Share on other sites

34 minutes ago, AdvancedSetup said:

Thank you for the logs @anon743 I've posted them to the internal team to have them reviewed.

I am going to laugh though in good nature. If you're running Norton Internet Security and worried about resource usage.

 

Uninstalling Bonjour and resetting your Winsock would potentially correct your issue.

Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll => No File  ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 02 %SystemRoot%\System32\winrnr.dll => No File  ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Winsock: Catalog5 03 %SystemRoot%\System32\mswsock.dll => No File  ATTENTION: LibraryPath should be "%SystemRoot%\system32\mswsock.dll"
Winsock: Catalog5 04 %SystemRoot%\system32\wshbth.dll => No File
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)

 

I would recommend you try the following. Temporarily disable Norton Antivirus then open an admin-level command prompt and type in each of the following, and press the Enter key after each line.

netsh int reset all
netsh int ip reset c:\resetlog.txt
netsh int ipv6 reset
netsh winsock reset

Then restart the computer and run Malwarebytes and check for updates

 

How would doing such resets affect my computer and my other program applications?
I may try, but I'm just not sure, as the defs update was working properly prior to the 19th...

BTW I've temporarily disabled Norton Smart Firewall and Antivirus Auto-Protect, but still to no avail.

 

27 minutes ago, AdvancedSetup said:

The computer does show signs of potentially being infected, or at least not set up and running things optimally

U3 a0vmqbhg; C:\Windows\System32\Drivers\a0vmqbhg.sys [0 0000-00-00] (Microsoft Corporation) <==== ATTENTION [zero byte File/Folder]

 

System errors:
=============
Error: (05/24/2022 03:19:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NDSPCIIO service failed to start due to the following error:
The system cannot find the file specified.


S3 NDSPCIIO; \??\C:\WINDOWS\system32\DRIVERS\NDSPCIIO.SYS [X]

 

Error: (05/24/2022 03:05:47 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Routing and Remote Access service terminated with service-specific error 340 (0x154).

 

Considering the age of the computer and the unlikely need of any of these scheduled tasks one could probably consider removing most if not all of them.

Task: C:\WINDOWS\Tasks\Adobe Flash Player NPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Customer\LOCALS~1\Temp\djsnetcn.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\DOCUME~1\Customer\LOCALS~1\Temp\djsnetcn.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\DOCUME~1\Customer\LOCALS~1\Temp\djsnetcn.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\DOCUME~1\Customer\LOCALS~1\Temp\ncpsec.exe
Task: C:\WINDOWS\Tasks\DivXUpdate.job => C:\Program Files\Common Files\DivX Shared\DivX Update\DivXUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job => c:\Program Files\Microsoft IntelliType Pro\itype.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-117609710-630328440-1801674531-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-117609710-630328440-1801674531-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-117609710-630328440-1801674531-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-117609710-630328440-1801674531-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-117609710-630328440-1801674531-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-18.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-117609710-630328440-1801674531-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-117609710-630328440-1801674531-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-18.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-630328440-1801674531-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-630328440-1801674531-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\ReclaimerUpdateFiles_ALFRED.job => C:\Documents and Settings\ALFRED\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\ReclaimerUpdateXML_ALFRED.job => C:\Documents and Settings\ALFRED\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
Task: C:\WINDOWS\Tasks\RegCure Program Check.job => C:\Program Files\RegCure\RegCure.exeShowReminders C:\Program Files\RegCure\regcure.exe
Task: C:\WINDOWS\Tasks\RegCure Startup.job => C:\Program Files\RegCure\RegCure.exe-Tray C:\Program Files\RegCure\regcure.exe
Task: C:\WINDOWS\Tasks\RegCure.job => C:\Program Files\RegCure\RegCure.exe-t C:\Program Files\RegCure\regcure.exe
Task: C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_ALFRED.job => C:\Documents and Settings\ALFRED\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe

IE is probably the last web browser you'd want to run on an old End Of Life Windows XP

Speaking of which, I'm having problems with NIS since March 24 as I cannot manually update my virus definitions.  (I cannot run Live Update due to other unfavorable circumstances regarding Norton LL's other issues)
See this thread for more detail
https://community.norton.com/en/forums/problem-intelligent-updater-file

And it's not just me.  Some other enterprise customers are affected as well
https://community.broadcom.com/symantecenterprise/communities/community-home/digestviewer/viewquestion?ContributedContentKey=1a43324e-c548-437f-af2a-1b83ea1262ee&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68

The NDSPCIIO.SYS seems to point to driver resources related to NEC monitor, which I'm indeed using and is also USB-connected.  Just checked and my monitor is still being recognized.

Edited by anon743
Link to post
Share on other sites

  • Root Admin

It's way late for me. Now 2:45 AM and I'm leaving (shouldn't even be on this late)

But, what if we temporarily uninstall all Norton products. Clean and fix up Windows XP so that it is as up to date and clean running and network clean as possible.

Then we'll reinstall Norton and Malwarebytes?

 

Link to post
Share on other sites

45 minutes ago, AdvancedSetup said:

It's way late for me. Now 2:45 AM and I'm leaving (shouldn't even be on this late)

But, what if we temporarily uninstall all Norton products. Clean and fix up Windows XP so that it is as up to date and clean running and network clean as possible.

Then we'll reinstall Norton and Malwarebytes?

 

Can't uninstall NIS as it's a very messy matter.  If I do, then I won't be able to keep the existing version (v21.7.xx) as, as of the events of March 2020 Norton LL has force-upgraded (read: hijacked) every legacy (older) NIS/NS version to the most current one (v22.x) which has been giving me problems since this version's inception years ago.  Which is why, I need to try hard to keep version 21.7.x at work.  But then the Intelligent Updater fiasco happened (see previous post for links)...

I can try resetting Winsock etc. though.
I'm not sure reinstalling MBAM 2.2.1 would make things worse.

Anyway I hope tetonbob will get back to me since I've submitted the logs he has requested.  Let him determine if the Winsock thing is messing up things, connections etc.
 

Edited by anon743
Link to post
Share on other sites

2 hours ago, Anjoland said:

I also am having this issue.

Program version: v2.2.1.1043
Last database updated: 2022.5.19.8

This is happening on 3 separate PCs.  2 win 10, 1 win 8.1.   Also have 2 separate ISPs, tried on both and same thing. 

Thanks very much for your input.  So this is not an isolated problem after all.  Except that, you were able to update the definitions database to 5.19.8 while I could only go up to 5.19.4.

Now, can you refer to tetonbob's post and submit some log data for his reference?  Read his post again and locate the "logs" folder as indicated (folder path may vary depending on Windows version).  You should be able to find a bunch of logs in the .xml extension.  Choose the ones that are revenant, ie. those from May 18 onwards to the very recent day, copy them out to another location, pack them into an .rar archive, then attach it here in your next reply.

Regarding AdvancedSetup's posts and advice, now that you've responded, I think that may sound a little too generic, and thus to hasty to point to a corrupted Winsock and such (after all, I haven't done anything at all to change any networking properties etc.)

Edited by anon743
Link to post
Share on other sites

  • Staff
5 hours ago, anon743 said:

Sorry I wasn't in front of the desktop for the past 18 hours or so.

Anyway see attached archive for the logs between 5-16 to 5-24

Note especially the log protection-log-2022-05-20.xml where I find the following crucial lines
*********************************************************************
 <record severity="debug" LoggingEventType="1" datetime="2022-05-20T19:55:32.250000+08:00" source="Scheduler" type="Update" username="SYSTEM" systemname="PC1" code="Unable to access update server" last_modified_tag="c0416241-740b-47a5-8832-397e912f4ae2" message="Failed" fromVersion="2022.5.19.4" name="IP Database" toVersion="2022.5.20.3"></record>
*********************************************************************
Please compare it with protection-log-2022-05-19.xml and the ones after 5-20.  Thx

mbam_logs_220516_220524.rar 10.39 kB · 1 download

Thanks @anon743 - these old client logs are not terribly revealing. We've made many improvements over time, though, yes, with increased resource use which doesn't necessarily work well on older machines.

The database packages are being published to our servers, but the client is not being allowed to download them. We're still looking, but as Ron mentioned earlier in a screenshot he posted, there's no guarantee these old clients will continue to receive protection updates.

 

  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.