Jump to content

After mbam is run cant boot

Scott C
 Share

Recommended Posts

Scott C

Scott C

Posted
Posted

Hello,

We've been running mbam for about 2-3 months now and recently we've been getting a string of pc's all XP that after you run mbam we get this error:

Error Message: Windows Could Not Start Because the Following File Is Missing or Corrupt: C:\WINDOWS\System32\Config\System

Have you guys run into this? I wish I had more information as far as if the OS's were SP1, SP2, or SP3, and whether they were FAT32 or NTFS but I do know it's predominantly run on Windows XP home but I'd like to know if anyone has ever run mbam and had this error.

Scott

Link to post
Share on other sites
nosirrah

nosirrah

Posted
Posted

Many thousands of runs and not a single time has that happened .

You cant delete or damage those files from a live system .

If you try with a powerful delete tool (like IceSword) all you get is an instant BSOD to prevent damage .

Do you know the trick of extracting a backup set of hives from system restore for these cases ? Use one from a day or two before and all should be well again .

I would love to see logs from these cases , I have a feeling that there wont be registry files in them .

Link to post
Share on other sites
Scott C

Scott C

Posted
  • Author
Posted
Scott, this is not good. I would need to see logfiles to see exactly what is going on. How infected were these machines?

Yea, the higher ups are getting nervous about it. We develop a custom inhouse AV all in one app that uses clamav as our software bundled with a custom anti-spyware monitor and I'm not 100% sure but if I remember correctly all the machines that crashed were running our software. We have a pay for service for folks that dont have our AV were we could run mbam there and not on our customers with our AV software to test if its a conflict with our software and yours.

As for the level of infections the ones that have been crashing have been medium to moderately infected. Nothing too heavy, we usually use a combination of gmer, hijackthis, process explorer to remove the more serious infections before running the automated tools.

Scott

Link to post
Share on other sites
Scott C

Scott C

Posted
  • Author
Posted
We have a new feature that allows us to protect certain components , these are being added just in case and to test to see if MBAM has anything to do with this .

In defs V835 it will be in place , in a few hours .

Theoretically after we do a repair install of XP the files for mbam should still be there. I'll see if we can get the logs for you guys. Thanks for your fast responses!

Scott

Link to post
Share on other sites
Scott C

Scott C

Posted
  • Author
Posted
No problem, thanks for the help.

If it happens again with version 835+ that means it can't be MBAM's fault because the files are whitelisted.

Thank you for the fast replies. I first want to apologize as we've isolated the problem to our AV software not your scanner. It appears if something modifies the registry our software detects the change and tries to quarantine the change and ends up corrupting the registry instead. I am ever thankful for having a great group of folks here writing a great software. Thanks again

Scott

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.