Jump to content

MBAM_ERROR_UPDATING (12002, 0, WinHttpQueryDataAvailable)

Recommended Posts

Hi folks,

Have been getting this error message for the last two days (and variant 12007, 0, WinHttpSendRequest on another PC on the house) for last two days - amongst many other symptoms that led me to suspect malware was afoot. Have just discovered this morning, using Rootrepeal, that I have the MBR rootkit sitting on my external hard drive :( Not looking for help with removing it, since it was not MBAM that diagnosed it - am doing that via GeeksToGo - just reporting the error as it requests.


Link to post
Share on other sites

If so, it's gone into a period of remission at the moment. That wasn't the only symptom, BTW, just the only MBAM-related symptom - and it was shared by three PCs, not just the one that I've found the rootkit on. The main problem, on all three PCs, was spectacular degradation in internet connectivity. By which I mean performance-related, not presence/absence of a connection - web pages taking for ever to load, if at all, email and file downloads getting stuck, that sort of thing. I spent all day yesterday trying to figure out what the problem was, in the process of which I discovered the rootkit. No idea how long it's been there, I never thought to check it for a rootkit before. What could be the purpose of a rootkit that infects the MBR of a HDD that isn't used to boot the OS? I'm confused.

I also spent a lot of time on the phone to ISP, who are sending an broadband engineer round on Saturday. Apparently my downstream wotsit has a very high rate of errors.

I haven't had a reply from G2G yet, but they say to allow up to 3 days. I'll keep you posted.


Link to post
Share on other sites

Hi Again -

This is one part time solution for now -It has been posted it as a quick fix until 1.46 is released (basically a patch to fix this) -

I turned off website blocking and the service stopped chewing up CPU, was working normally this AM.

Sorry Andy , wrong quote last time - It still updates and runs scans to see if you are infected -

Thanks - :)

Link to post
Share on other sites

  • 3 weeks later...
Let us know the results from GeeksToGo - :)

Hi noknojon and everyone else,

Well, after a couple of weeks of hard work, I actually have quite a lot to say!

Turns out there was, it seems, more than one thing going one and the fact that all three machines were playing up at the same time was just coincidence (I think).

There's quite a long, and to my mind not entirely resolved, story about the main machine and the apparent rootkit. Here's a link to the Geekstogo thread:


but in summary it seems to have been a case of false positives combined with genuine errors requiring chkdsk. At least, that's the opinion of emeraldnzl, the helper over there, which obviously I'm in no serious position to challenge. But, I'd be a lot happier if I didn't have well-respected software telling me I had rootkit and other issues with my EHDDs, so I say "seems" because to me, there still seems to be too much smoke for there not to be some fire associated. Trouble is, RootRepeal doesn't have its own forum, it suggests Sysinternals and here as sources of informed opinion. I would be very grateful if this could be picked up in a separate thread?

The main news as far as this forum is concerned is that the problem with the other two machines is MBAM. Again here's a link to the Geekstogo thread:


In summary, with mbamgui.exe enabled in the start-ups, the machine very quickly grinds to a complete halt. With it disabled, all works normally. With it enabled and Trend Micro disabled, everything also very quickly grinds to a complete halt, so it's not an interaction between the two. It's clearly not a v1.46 thing, because the problems started several days before v1.46 was released. In fact, I've updated both machines to v1.46 while I've been trying to diagnose the problem, whilst in safe mode - so both machines are MBAM up-to-date, but they only work if mbamgui.exe is disabled at startup :)

The story is a little more complicated than this. Once I diagnosed the problem on the machine that hung up more quickly, and checked it was reproducible, I hotfooted to the second machine to test the hypothesis. Into safe mode, disable MBAM, reboot into normal mode ... msconfig came up with mbamgui.exe disabled, but a second instance enabled. Sure enough, machine ground to a halt. So back into safe mode, disable second instance, reboot into normal mode ... and msconfig is now showing only one instance of mbamgui.exe, and it's disabled. And machine is running fine and downloading 67 MB of Trend Micro update as I type.

So that seems pretty conclusive to me. I really don't want to uninstall it, unless it's just a temporary "try uninstalling and reinstalling" thing. On my machine, I run Avast! (whoops, just edited; that came out as Avira! at post time, no idea why) rather than TrendMicro, and I don't have the problem, though I don't understand why since it doesn't seem to be an interaction with Trend Micro :blink: .

Grateful for all thoughts.


Link to post
Share on other sites

it doesn't seem to be an interaction with Trend Micro :) .

Appearances can be deceptive :) . I finally figured out what was hanging the two Trend Micro machines, and it was indeed conflict with Trend Micro. Once I followed the instructions in section F of the "Common issues" topic, everything was fine. I had not thought that was relevant since the machines had both been working fine, and stopped doing so between version upgrades. Anyway, both seem to be back to normal now.

The only thing I wanted to check was ... in those instructions, one of the MBAM files that needs to be attended to is "mbam-dor.exe". It's not on any of the three machines in this house. Is it a Vista or 7 thing, perhaps?


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.