Root Admin RubbeR DuckY Posted November 24, 2007 Root Admin ID:10325 Share Posted November 24, 2007 Tons of bugs fixed and features upgraded. Lots of scanner improvements as well. Please check your e-mail.YOU MUST UNINSTALL ANY PREVIOUS VERSIONS BEFORE INSTALLING THIS ONE. Link to post Share on other sites More sharing options...
joe53 Posted November 25, 2007 ID:10327 Share Posted November 25, 2007 I am getting a "Runtime error '5' Invalid procedure call or argument" popup, partway through both fast and full scans.Closing this popup shuts down MBAM. Link to post Share on other sites More sharing options...
Hardhead Posted November 25, 2007 ID:10328 Share Posted November 25, 2007 I am getting a "Runtime error '5' Invalid procedure call or argument" popup, partway through both fast and full scans.Closing this popup shuts down MBAM.Hi Joe53,Did you uninstall any old versions of MBAM and what OS are you running? Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted November 25, 2007 Author Root Admin ID:10329 Share Posted November 25, 2007 Also, what item does it occur on? Can you take a screenshot of MBAM behind the error. Link to post Share on other sites More sharing options...
joe53 Posted November 25, 2007 ID:10330 Share Posted November 25, 2007 I uninstalled MBAM 0.73 via Add/Remove (there were no others) prior to installing 0.74.I'm running XP MCE SP2The error occurs at the same place with both scans:Disabling BOClean prior to a scan makes no difference. Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted November 25, 2007 Author Root Admin ID:10331 Share Posted November 25, 2007 Ok, it isn't BoClean, it is a new procedure we just built in. Can you open Registry Editor (regedit.exe) and export the following key:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify Link to post Share on other sites More sharing options...
joe53 Posted November 25, 2007 ID:10337 Share Posted November 25, 2007 OK, I've exported that key to my desktop.Still getting the same scan error. Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted November 25, 2007 Author Root Admin ID:10338 Share Posted November 25, 2007 Can you post the contents of the export here. Thanks =] Link to post Share on other sites More sharing options...
joe53 Posted November 25, 2007 ID:10339 Share Posted November 25, 2007 Sorry- should have realised what you were asking for:Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]"DllName"="""Logon"="SABWINLOLogon""Logoff"="SABWINLOLogoff""Startup"="SABWINLOStartup""Shutdown"="SABWINLOShutdown""Asynchronous"=dword:00000000"Impersonate"=dword:00000000"OldName"="C:\\Program Files\\SUPERAntiSpyware\\SASWINLO.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00"Logoff"="ChainWlxLogoffEvent"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]"Asynchronous"=dword:00000000"Impersonate"=dword:00000000"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00"Logoff"="CryptnetWlxLogoffEvent"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]"DLLName"="cscdll.dll""Logon"="WinlogonLogonEvent""Logoff"="WinlogonLogoffEvent""ScreenSaver"="WinlogonScreenSaverEvent""Startup"="WinlogonStartupEvent""Shutdown"="WinlogonShutdownEvent""StartShell"="WinlogonStartShellEvent""Impersonate"=dword:00000000"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]"DLLName"="wlnotify.dll""Logon"="SCardStartCertProp""Logoff"="SCardStopCertProp""Lock"="SCardSuspendCertProp""Unlock"="SCardResumeCertProp""Enabled"=dword:00000001"Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00"Impersonate"=dword:00000000"StartShell"="SchedStartShell""Logoff"="SchedEventLogOff"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]"Logoff"="WLEventLogoff""Impersonate"=dword:00000000"Asynchronous"=dword:00000001"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]"DLLName"="WlNotify.dll""Lock"="SensLockEvent""Logon"="SensLogonEvent""Logoff"="SensLogoffEvent""Safe"=dword:00000001"MaxWait"=dword:00000258"StartScreenSaver"="SensStartScreenSaverEvent""StopScreenSaver"="SensStopScreenSaverEvent""Startup"="SensStartupEvent""Shutdown"="SensShutdownEvent""StartShell"="SensStartShellEvent""PostShell"="SensPostShellEvent""Disconnect"="SensDisconnectEvent""Reconnect"="SensReconnectEvent""Unlock"="SensUnlockEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]"Asynchronous"=dword:00000000"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00"Impersonate"=dword:00000000"Logoff"="TSEventLogoff""Logon"="TSEventLogon""PostShell"="TSEventPostShell""Shutdown"="TSEventShutdown""StartShell"="TSEventStartShell""Startup"="TSEventStartup""MaxWait"=dword:00000258"Reconnect"="TSEventReconnect""Disconnect"="TSEventDisconnect"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]"DLLName"="wlnotify.dll""Logon"="RegisterTicketExpiredNotificationEvent""Logoff"="UnregisterTicketExpiredNotificationEvent""Impersonate"=dword:00000001"Asynchronous"=dword:00000001 Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted November 25, 2007 Author Root Admin ID:10340 Share Posted November 25, 2007 Found the problem, and it will be fixed in 0.75 probably tomorrow or Monday. Here is the problem[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]"DllName"="""Logon"="SABWINLOLogon""Logoff"="SABWINLOLogoff""Startup"="SABWINLOStartup""Shutdown"="SABWINLOShutdown""Asynchronous"=dword:00000000"Impersonate"=dword:00000000"OldName"="C:\\Program Files\\SUPERAntiSpyware\\SASWINLO.dll"MBAM was failing when that entry was empty. If you want to 'temporarily' resolve the issue, change the value to "1" or something along those lines and then don't forget to change it back. I simply made MBAM check if the parameter was empty. Link to post Share on other sites More sharing options...
Hardhead Posted November 25, 2007 ID:10341 Share Posted November 25, 2007 Malwarebytes' Anti-Malware Version 0.74Database version: 211Scan type: Quick ScanObjects scanned: 13393Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0 Link to post Share on other sites More sharing options...
John L. Galt Posted November 25, 2007 ID:10342 Share Posted November 25, 2007 DuckY,The 0.74 I have is not finding a 'new' version - should I manually download it? Link to post Share on other sites More sharing options...
Root Admin RubbeR DuckY Posted November 25, 2007 Author Root Admin ID:10343 Share Posted November 25, 2007 The old 0.74 needs to be uninstalled. The one I had you beta 'beta' test. Check your e-mail or catch me on MSN for the brand new one. Link to post Share on other sites More sharing options...
John L. Galt Posted November 25, 2007 ID:10344 Share Posted November 25, 2007 I'll get it via email - I had to sign up for it again when this computer was dead and I needed to install it on the Core2Duo machine, so I have in effect 2 emails every time a new version is out - so it'll be there somewhere. Link to post Share on other sites More sharing options...
sho-dan Posted November 25, 2007 ID:10345 Share Posted November 25, 2007 All is well, no problems to report. B) Malwarebytes' Anti-Malware Version 0.74Database version: 211Scan type: Quick ScanObjects scanned: 19177Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0 Link to post Share on other sites More sharing options...
John L. Galt Posted November 25, 2007 ID:10346 Share Posted November 25, 2007 Hmm - didn't realize this - uninstalling the 0.74 Alpha needs a reboot - be back in a few folks.Core2Duo machine - No problems upgrading, db version updated to 211, no looping, and scan completed in 2:31, no FPs.However, on the Core2Duo machine, 0.74 is not bringing up the log - it is set to do so, but in fact it is not doing so. I think this may have to do with permissions on a Vista machine - unless MBAM has permission to write to Program Files (or at least its own installation folder) it may have some difficulties.On the P4 Machine, 0.74 is not bringing up the log either. Otherwise, no problems, no FPs and no other problems.I talked with Marcin via MSN - logs now go to AppData\Malwarebytes\Logs, and for Vista Users this is C:\Users\{username}\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\LogsOnly problem is that neither of my machines (Vista Home Premium and Vista Ultimate) are producing logs with the latest version.OK, the no log thing is my stupidity.Malwarebytes' Anti-Malware Version 0.74Database version: 211Scan type: Quick ScanObjects scanned: 13910 Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0 Memory Processes Infected:(No malicious items detected) Memory Modules Infected:(No malicious items detected) Registry Keys Infected:(No malicious items detected) Registry Values Infected:(No malicious items detected) Registry Data Items Infected:(No malicious items detected) Folders Infected:(No malicious items detected) Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
John L. Galt Posted November 25, 2007 ID:10347 Share Posted November 25, 2007 more fixes on the way.... Link to post Share on other sites More sharing options...
John L. Galt Posted November 25, 2007 ID:10362 Share Posted November 25, 2007 DuckY,Got a lot of these types errors since last night (from the monitor):SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exeEvent Info: Suspend ThreadAction Taken: BlockedActor Process: C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (PID 5668)Time: Sunday, November 25, 2007 11:47:29 AM SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exeEvent Info: Resume ThreadAction Taken: BlockedActor Process: C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (PID 5668)Time: Sunday, November 25, 2007 11:47:29 AM Link to post Share on other sites More sharing options...
Hardhead Posted November 25, 2007 ID:10364 Share Posted November 25, 2007 I'm running NIS 2008 and I don't have any alerts.I'm getting these results now.Not real sure why I didn't get this before.I show logs in hidden folder.Malwarebytes' Anti-Malware Version 0.74Database version: 211Scan type: Quick ScanObjects scanned: 13502Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 6Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:csrss.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.C:lsass.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.C:services.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.C:smss.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.C:winlogon.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.C:svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. Link to post Share on other sites More sharing options...
John L. Galt Posted November 25, 2007 ID:10370 Share Posted November 25, 2007 Just checked - no FPs hereMalwarebytes' Anti-Malware Version 0.75Database version: 211Scan type: Quick ScanObjects scanned: 14212 Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0 Memory Processes Infected:(No malicious items detected) Memory Modules Infected:(No malicious items detected) Registry Keys Infected:(No malicious items detected) Registry Values Infected:(No malicious items detected) Registry Data Items Infected:(No malicious items detected) Folders Infected:(No malicious items detected) Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
ipl_001 Posted November 25, 2007 ID:10377 Share Posted November 25, 2007 Hi everyone,Uninstalled old versionInstalled 0.74 betaUptated to defs 211Quick Scan Ok nothing found Objects scanned 17,624 in 4 minutes 46 seconds. B) tx~~ editFull Scan Ok No malicious items were detected. Objects scanned 77,468 in 46 minutes 24 seconds ie 1,669.6 objects/min. Link to post Share on other sites More sharing options...
Recommended Posts