Jump to content

update problem

Recommended Posts

As long as it is NOT due to current live Malware preventing the update then this method may help restore the ability to run updates

After each step please try to run the Update again in the MBAM program.


Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from here
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say NO to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected.

    [*]Click on OK

    [*]Then click on YES to create the folder.

Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Once you've completed backing up your Registry, please perform the following fixes until fixed or all methods have been tried


Disable Internet Explorer Proxy Settings and Reset TCP/IP

It is very important that these steps be carried out exactly as shown otherwise the fix will not work.

If you have any questions please ask before moving on.

  • Please start Notepad and using your mouse make sure you select and copy all the information below in the Code box into your new document.
  • Then save the file as "fixme.bat" to your Desktop
  • In the drop down box for Save as type: make sure you select All Files (*.*) and keep the quotes on the name as well. Then close the new file.
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /f
    netsh int ip reset resetlog.txt

  • On Windows XP you can double-click the file to run it.
  • On Vista/Win7 you need to Right click the file and choose Run as administrator to run it. With User Account Control on it should ask permission to run it. Click Yes
  • This will flash a black DOS box very quickly and go away, this is normal.
  • Restart your computer now.
  • Launch Internet Explorer and see if you can connect to the Internet.
  • Launch MBAM and check for Updates


Ping the Content Delivery Network

For Windows XP:

Click on START - RUN and type in or Copy/Paste the following and verify that you get a response

CMD.EXE /K PING mbam-cdn.malwarebytes.org

For Windows Vista or Windows 7:

Click on START and in the search line type in CMD and you should see cmd.exe show on the menu. Right click over cmd.exe and select Run as administrator

Then in the DOS console window type in the following and press the Enter key and verify that you get a response

PING mbam-cdn.malwarebytes.org

If all the pings failed then please try running the following command

TRACERT mbam-cdn.malwarebytes.org

Then copy and paste back the results on your next reply.


Exclude Malwarebytes' Anti-Malware's Files and Folders From Other Active Security Programs:

For Windows XP:

  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\mbamswissarmy.sys

For Windows Vista or Windows 7:

  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\mbamswissarmy.sys

For 64 bit versions of Windows Vista or Windows 7:

  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\SysWoW64\drivers\mbamswissarmy.sys

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude MBAM.EXE from it as well

The FAQ contains examples of setting file exclusions for some known AV products.

Link to post
Share on other sites

I completed all of your instructions, and the problem is not corrected.

Below is the Reset Log:

reset SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\Options\15\RegLocation




reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{2DFE88D8-D4CE-468A-8DBC-B4E9B26DBA1A}\NameServerList



added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{2DFE88D8-D4CE-468A-8DBC-B4E9B26DBA1A}\NetbiosOptions

reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{686A9B19-7404-463F-B9AC-B1CB34F98F93}\NetbiosOptions

old REG_DWORD = 2

added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{98FD11A2-94AD-419E-8F60-4BCE8ADEA974}\NetbiosOptions

reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{BB6B4B3E-C6A4-493B-B7AA-E3D4BEDD746E}\NameServerList



added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{BB6B4B3E-C6A4-493B-B7AA-E3D4BEDD746E}\NetbiosOptions

reset SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{FFE22638-BCDF-4F4B-985A-730B0135EE45}\NameServerList



added SYSTEM\CurrentControlSet\Services\Netbt\Parameters\Interfaces\Tcpip_{FFE22638-BCDF-4F4B-985A-730B0135EE45}\NetbiosOptions

deleted SYSTEM\CurrentControlSet\Services\Netbt\Parameters\EnableLmhosts

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2DFE88D8-D4CE-468A-8DBC-B4E9B26DBA1A}\NameServer

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77F9A153-E978-4C3E-A26A-03016B6A53C6}\AddressType

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77F9A153-E978-4C3E-A26A-03016B6A53C6}\DisableDynamicUpdate

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77F9A153-E978-4C3E-A26A-03016B6A53C6}\RawIpAllowedProtocols



reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77F9A153-E978-4C3E-A26A-03016B6A53C6}\TcpAllowedPorts



reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{77F9A153-E978-4C3E-A26A-03016B6A53C6}\UdpAllowedPorts



deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BB6B4B3E-C6A4-493B-B7AA-E3D4BEDD746E}\NameServer

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D3DE0D79-69FF-430A-9058-E0A6FB3EEC48}\AddressType

added SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D3DE0D79-69FF-430A-9058-E0A6FB3EEC48}\DisableDynamicUpdate

reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D3DE0D79-69FF-430A-9058-E0A6FB3EEC48}\RawIpAllowedProtocols



reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D3DE0D79-69FF-430A-9058-E0A6FB3EEC48}\TcpAllowedPorts



reset SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D3DE0D79-69FF-430A-9058-E0A6FB3EEC48}\UdpAllowedPorts



deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FFE22638-BCDF-4F4B-985A-730B0135EE45}\NameServer

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DefaultTosValue

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DefaultTtl

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableUserTosSetting

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DontAddDefaultGatewayDefault

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableFastRouteLookup

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableIcmpRedirect

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnablePmtuDiscovery

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableSecurityFilters

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ForwardBufferMemory

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\GlobalMaxTcpWindowSize

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxForwardBufferMemory

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxFreeTcbs

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxHashTableSize

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxNormLookupMemory

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxNumForwardPackets

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NumForwardPackets

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SackOpts

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SearchList

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SynAttackProtect

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Tcp1323Opts

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissions

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDupAcks

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxHalfOpen

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxHalfOpenRetried

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpTimedWaitDelay

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpUseRfc1122UrgentPointer

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpWindowSize

deleted SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\UseDomainNameDevolution

reset Linkage\UpperBind for PCI\VEN_14E4&DEV_4320&SUBSYS_00011028&REV_02\4&39A85202&0&18F0. bad value was:



reset Linkage\UpperBind for PCI\VEN_14E4&DEV_165D&SUBSYS_865D1028&REV_01\4&39A85202&0&00F0. bad value was:



reset Linkage\UpperBind for ROOT\MS_NDISWANIP\0000. bad value was:




Below is the results of the Ping the Content Delivery Network:

Pinging mwbyte.vo.llnwd.net [] with 32 bytes of data:

Reply from bytes=32 time=177ms TTL=57

Reply from bytes=32 time=176ms TTL=57

Reply from bytes=32 time=175ms TTL=57

Reply from bytes=32 time=174ms TTL=57

Ping statistics for

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 174ms, Maximum = 177ms, Average = 175ms

C:\Documents and Settings\user>

I will appreciate further help with this problem.

Link to post
Share on other sites

No, my computer is not showing any signs of malware that I have noticed. I can browse the internet with both IE and FF.

My last MBAM update was March 27, database version 3921.

Last night, my Avira Security Suite update to version 10.

I have never had problems updating in the past.

Link to post
Share on other sites

Hi greyowl -

First - Make sure that no other programs are running in the background (can you disable Avira while you try to update) - On dialup you can get "timed out" if any other programs are running -

This is due to overload on your slow dialup - Now try to update again - Also look to see if your ISP has an "accellerator" to speed your downloads -

Many do not believe in these , but I have seen them work for some customers with the same problem -

(My ping returned in 27ms but that is "slow" DSL) -

Link to post
Share on other sites

I disabled the Avira Webguard and Avira Firewall and now MBAM is updating.

I have not been required to do this in the past. Maybe, there is a change with Avira 10.

Does anyone have any ideas on why the change, and whether there is anything that I can do to correct this so that I don't have to disable Avira in order to update MBAM.

Thank you for the help.

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.