Jump to content

Program Not Responding-Avast Detected mbam.exe infections


Recommended Posts

Hi,

Avast picked up the following tonight, despite the fact that I am extremely careful....I am very selective opening email attachments & downloading anything online. I use my Ubuntu machine for much of that. I run a hard & soft firewall, Avast, MBAM & SAS...so, considering my protection & safe internet practice, I am hoping these are FP's.

\temp\WER44a0.dir00\mbam.exe.hdmp

\temp\WER9a2c.dir00\mbam.exe.hdmp

\temp\WERd8b8.dir00\mbam.exe.hdmp

Infection= MSIL:Crypt-N

Avast detected these shortly after I tried updating MBAB & the program was not responsive...

I have yet to try to go back into MBAM...

Any thoughts? Thanks!

Link to post
Share on other sites

Hello aland08, :)

First, please do not click "add reply" button more than once (but have patience to wait), otherwise you will have a few topics with the same content.

Then, have you added any exclusions in your firewall and avast?

Please exclude the following files from your antivirus:

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude them from it as well

For Windows XP:

  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\mbamswissarmy.sys

For Windows Vista or Windows 7:

  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\mbamswissarmy.sys

For 64 bit versions of Windows Vista or Windows 7:

  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\SysWoW64\drivers\mbamswissarmy.sys

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude MBAM.EXE from it as well

Note: Once that's done, please make sure that if either of those programs has any sort of web filter, that you add the following as a trusted site:

data-cdn.mbamupdates.com

The FAQ contains examples of setting file exclusions for some known AV products

Please post back and let us know how it went.

Thank you :)

Link to post
Share on other sites

gtyhfy,

Thanks...MBAM forum was hanging...& hanging....very slow load or wouldn't load at all, hence my starting & stopping the thread post.

I have certainly approved all such MBAM programs with my firewall & I have never had any issie w/ Avast detecting anything from MBAM..until today that is...

I figured it had to do with the MBAM program not updating properly & not responding & for some reason Avast detected the dump files as an infection. MBAM IS once again running & updating properly. I would like to know why it was non-responsive & failed to update though. This also has never happened to me...

Link to post
Share on other sites

The more I read up on "MSIL:Crypt-N" the more concerned I am with how this pertains to MBAM. I can't help but wonder if MBAM somehow was corrupted considering the program crash & Avast detection of ONLY the MBAM files. Hmmm...

Any more thoughts MBAM experts/staff?

Link to post
Share on other sites

Hi aland08 -

The main issue is due to MBAM being detected by your A/V (Avast) - It is being noted as an intruder -

This program is "so strong" that is why exclusions are needed to Avast -

This is why gtyhfy gave you the list of exclusions to add to your A/V - This is normal -

Thank You - :)

EDIT - I have also found the forum has been 'hanging' when I answer recently -

But there seems no major problem - I think it is my ISP -

Link to post
Share on other sites

aland08

You could go to My Controls then Edit Signature in Personal Profile and enter pertinent system information about your system like my signature.

What version and level of avast! are you using? Is it AIS?

Link to post
Share on other sites

aland08

You could go to My Controls then Edit Signature in Personal Profile and enter pertinent system information about your system like my signature.

What version and level of avast! are you using? Is it AIS?

Using version 4.8 Home (free) w/ most recent updates

So, you would not be concerned, even w/ the report of "MSIL:Crypt-N"?

Like I said, there was a problem w/ MBAM being non-responsive & not updating immediately prior to the Avast scan. This behavior prompted the scan & I have NEVER had Avast detect anything from MBAM before...

Link to post
Share on other sites

PS- Here's what Avast had to say, which makes sense but I would love it if MBAM could confirm that there were problems last night w/ the program & how it updates...

It is entirely possible at that time it had virus signatures loaded into memory, these would be included in the dump file and subsequently detected on a scan. So if this is the case it isn't a false positive detection, but a detection on a loaded set of signatures and only the first gets flagged from that file.
Link to post
Share on other sites

@ aland08

I do not use avast! V 4.8 since V5 became available January 19th, 2010:

Avast! Version 5.0 is here!!!

http://blog.avast.com/2010/01/19/avast-version-5-0-is-here

As you do not indicate your pertinent system information it is really hard to offer help.

Link to post
Share on other sites

What would you like to know?

XP Home or Pro and Service Pack level and system RAM.

It would be so much easier if you updated your Personal Profile and signature.

Link to post
Share on other sites

Have you updated avast! to V5.0.545?

Have you cleaned out the temp Folder with CCleaner - Slim?

http://www.piriform.com/ccleaner/builds

Link to post
Share on other sites

Those HDMP files being detected by Avast! are nothing more than crash dumps created by Windows for troubleshooting purposes. They are called MBAM because mbam.exe is the process that is crashing.

We need to find out why MBAM is crashing and correct that, then the other issues should disappear.

For starters, please do the following:

Windows XP:

  • Click on Start and select Control Panel
  • Open Add/Remove Programs
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important
  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

Once that's complete, try updating Malwarebytes' again to see if it still freezes.

If it does, then please do the following:

Run a Disk Check on your C: drive in Windows XP:

  • Click Start and open My Computer
  • Right-click on C: and select Properties
  • Click on the Tools tab
  • Under Error-checking click the Check Now... button
  • Mark the box next to Automatically fix file system errors and Scan for and attempt recovery of bad sectors
  • When the message box pops up, click the Schedule disk check button and restart your computer
  • Once your computer restarts it will check the drive, don't press any keys so that it is allowed to do so

After that, try updating again to see if it now works.

Please let us know what, if any of this, resolved the issue or if you still have the problem after following the above steps.

Thanks :P

Link to post
Share on other sites

YoKenny1,

I manually cleaned out my temp folder.

exile360,

Thank you for getting involved. I will run the error check this weekend!

However, please know that MBAM only crashed briefly, & I agree, that the dump files were seem to be the reason that Avast detected something. I tried updating MBAM a couple of hours later the evening that it crashed & it was fine, & still is. My thought was to do as you suggested & remove & re-install but since it is working again, I have not. My thought was that perhaps MBAM knew of some internal issues with the update that were causing the non-responsive program, as I believe the program was responsive at the scan level, just not while updating. I was looking for this confirmation...if possible.

My other concern lies with the type/name that Avast gave the so called infection as that is in fact a legitimate bug. I was wondering if MBAM somehow became infected itself or if the name that Avast gave the infection was simply an FP an as a result of the dump.

Any more thoughts would be welcomed & appreciated! Thanks!

Link to post
Share on other sites

I believe the Avast! detections were false positives. It's possible that one of MBAM's database files became corrupt at some point and updating later corrected the issue. Go ahead and keep things as they are for a while to see if the issue returns. If it does, then please proceed with the steps I outlined above.

Thanks for keeping us posted on this and for your patience in troubleshooting it is much appreciated :).

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.