Unable to update

[Tony Indel]

I am new to MBAM and have just learned about it in college. I Loaded it onto 4 of 5 computers that I manage (mine, my mother's, and my aunts) but on the 5th computer (one of my mother's) I can not update and get this code : MBAM_ERROR_UPDATE (12029, 0, WinHttpSendRequest). I read a little on the forums and did what others and suggested and uninstalled and used MBAM-Clean and reinstalled, but get the same error. I scanned the computer with the database from April 29, 2010 that came with the updated software. She is running Windows XP Home SP 3 on an eMachines with an Intel Celeron 440 @ 2.0 GHz and 1 GB of memory. She has Avast Antivirus installed and only Windows Firewall as I can tell. Do I need to use a different antivirus? Has anyone seen this error code before? What do I need to do? I did not get any error code on different machine running Windows XP Home SP3 or the ones using Vista or Windows 7. Everything worked fine on them it is just this one.

[gtyhfy]

Hello Tony Indel,

See if the following steps can help to connect to the update server -

As long as it is NOT due to current live Malware preventing the update then this method may help restore the ability to run updates

After each step please try to run the Update again in the MBAM program.

STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

• Please download ERUNT from here
  
• ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  
• Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  
• Use the default install settings but say NO to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  
• Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  
• Choose a location for the backup.
  
• Note: the default location is C:\Windows\ERDNT which is acceptable.
  
• Make sure that at least the first two check boxes are selected.
  
• Click on OK
  
• Then click on YES to create the folder.
  

Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Once you've completed backing up your Registry, please perform the following fixes until fixed or all methods have been tried

• Open Internet Explorer
  
• Note: It MUST be Internet Explorer, not Firefox, Opera, Chrome or any other internet browser
  
• Click on Tools at the top and select Internet Options
  
• Note: If you do not see Tools, press the Alt key on your keyboard and it will show up
  
• Click on the Connections tab
  
• Click on the LAN settings button
  
• Under Automatic configuration make sure that the box next to Automatically detect settings is checked, if it is not, then click the box next to it to check it
  
• Click on the OK button to close the Local Area Network (LAN) Settings window
  
• Click on the OK button to close the Internet Options window
  
• Use this diagram as a guide
  
• Try updating Malwarebytes' Anti-Malware again and if it does not work then please proceed to Step 02
  

STEP 02

Disable Internet Explorer Proxy Settings and Reset TCP/IP

It is very important that these steps be carried out exactly as shown otherwise the fix will not work.

If you have any questions please ask before moving on.

• Please start Notepad and using your mouse make sure you select and copy all the information below in the Code box into your new document.
  
• Then save the file as "fixme.bat" to your Desktop - The .bat extension is important
  
• In the drop down box for Save as type: make sure you select All Files (*.*) and keep the quotes on the name as well. Then close the new file.
  

  @ECHO OFF
  reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
  reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
  reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable  /t REG_DWORD /d 0 /f
  reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /f
  netsh int ip reset resetlog.txt

  
  

• On Windows XP you can double-click the file to run it.
  
• This will flash a black DOS box very quickly and go away, this is normal.
  
• Restart your computer now.
  
• Launch Internet Explorer and see if you can connect to the Internet.
  
• Launch MBAM and check for Updates
  

STEP 03

Ping the Content Delivery Network

For Windows XP:

Click on START - RUN and type in or Copy/Paste the following and verify that you get a response -

CMD.EXE /K PING mbam-cdn.malwarebytes.org

If all the pings failed then please try running the following command -

TRACERT mbam-cdn.malwarebytes.org

Then copy and paste back the results on your next reply.

STEP 04

Exclude Malwarebytes' Anti-Malware's Files and Folders From Other Active Security Programs:

For Windows XP:

• C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  
• C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  
• C:\Windows\System32\drivers\mbam.sys
  
• C:\Windows\System32\drivers\mbamswissarmy.sys
  

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude MBAM.EXE from it as well

The FAQ contains examples of setting file exclusions for some known AV products

Please post back if you have further questions.

Thank You

PS Please use the "ADDREPLY" button at bottom of forum window instead of other ones when you start replying.

[Tony Indel]

OK I did all that you asked and still cannot get MBAM to update. On the ping test, 3 of the 4 packets reach the host and the other 1 is lost. Here is the ping result and the TRACERT clearde the screen as soon as it was done and I didn't get a chance to copy it. I know there is a way to show it but don't remember how to save it as a file on the desktop. Thanks for your help.

ping_results.txt

[RAS]

I cannot do a MBAM update and get the following message: MBAM_ERROR_UPDATE (12007.0, WinHttpSendRequest). I am in the middle of a current live malware.

[noknojon]

Hi Both of you -

@ RAS - Please see below if you are infected we cannot help much until it is removed -

@ Tony - Your operating system is XP - Please retry this fully - 3 of 4 returned packets are not bad (at that speed also) -

To Fully Remove and Reinstall a Fresh New Copy of Malwarebytes - Read Carefully

Windows XP:

• Click on Start and select Control Panel
  
• Open Add/Remove Programs
  
• Uninstall Malwarebytes' Anti-Malware
  
• Restart your computer very important !
  
• Download and run mbam-clean.exe from Here
  

It will ask to restart your computer, please allow it to do so, very important

After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from Here

Note: You will need to reactivate the program using the license you were sent via email if using the Pro version only -

Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.

Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's Here or ask me and I'll explain how to do it.

For RAS -

As we do not work on Malware removal or diagnostics in the general forums please follow these directions -

Please print out, read and follow What do I do now? , skipping any steps you are unable to complete.

The next step is post a New Topic Here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that

you're alerted when someone has replied to your post - Please allow at least 48 hours for a reply as the experts can get busy at times -

Also add a brief note to the experts as to your problems -

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or via This Link

Always use the ADD REPLY Tab at the bottom of the page when you reply -

Thank You -

[Tony Indel]

Sorry I am still getting the same error and will not update. I have repeated these steps 3 times now and still the same results. Is there another way to get to database directly from a site and load it in manually?

[gtyhfy]

Hello Tony again,

For a short-term solution, you may find another machine that have installed MBAM and get a recent definition database -

ISSUE: I need to get the latest database onto a computer that cannot access the Internet.

SOLUTION: You can manually copy the database from a working computer using a flash drive or CD onto the infected PC. Our database file is stored in the following locations.

• Windows XP and 2000
  
• C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  
• Windows Vista and Windows 7:
  
• C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  

You can also download a manual update from here - NOTE: This manual update will always be way behind in version level compared to updates from within the program

But please follow the steps below and a Malwarebtyes staff will help you from the information you gave -

Step 01

Click on

this link

and post back what it says. It should be just a 4-digit number showing in the upper-left corner of your browser window.

Step 02

Please download and run the traceroute utility at

this link

. It will run a traceroute to our update servers to see if it can find the connection issue, and then it will write it to a log, and open that log in Notepad when it is done. Please either save the log as a Text File and then attach it to a reply, or copy and paste it into a reply.

Note that it may take several minutes to run, and it may look like it is not doing anything for a few minutes. Normally it takes longer when there are errors that it has to log, but it's rare for it to go more than 10 minutes.

Step 03

Please download TCPView from Microsoft at

this link

.

This utility will monitor everything that is accessing the Internet or your local network. All you have to do is run TCPView, and then run Malwarebytes' Anti-Malware and start the update. Watch TCPView to see if mbam.exe shows up in the list. It will be pretty obvious, because it highlights it in green.

We need to know what "Remote Address" Malwarebytes' Anti-Malware is trying to connect to. Once it shows up in the list, you can right-click on the line for mbam.exe, and select 'Copy' in order to paste it into a reply. Below is an example of what the line you are looking for will look like inside the following code box:

mbam.exe:3656 TCP vista-x64:52135 cdn-208-111-168-7.ord.llnw.net:http ESTABLISHED

Things to be post in the next reply:

1. Whether you can see the 4-digit number in step 01

2. traceout log

3. the line of mbam.exe shown in the TCPView

Thank you

PS For other members having similar problems, please click the button below and post your problem as a new topic. Thanks.

[Tony Indel]

I was able to see the number 4440

I am uploading the traceout log

I ran the TCPView and am loading it as well

I was able to update the database rules manually but can not update using the software. I am running a complete scan and will let you know if I find anything. Sorry it takes me so long to respond back each time as I have to go to my mother's house and check on her computer.

traceroute_malwarebytes_cdn.txt

TCPView.txt

[Tony Indel]

I only found 1 thing it was a registry file and I cleaned it out and tried to update again and still can't update

mbam_log_2010_08_17__14_02_23_.txt

[gtyhfy]

Hello Tony Indel,

I have contacted a Malwarebytes staff to view this topic. Please stay tuned.

Edit - *Correct typo.

[GT500]

The traceroute log shows a timeout when checking the DNS records of our update servers. The rest of the logs look good, and the traceroutes are completing, so this may just be a DNS issue.

Do you connect to the Internet through a router? If so, it's possible that the DNS settings have been hijacked. Please attempt to reset it to factory default settings and let me know if that resolves the issue.

[albion]

Hello Tony Indel,

I have contacted a Malwarebytes staff to view this topic. Please stay tuned.

Edit - *Correct typo.

I've found the problem, or at least on the XP machine I am repairing at the moment. It seems that some malware is setting static DNS servers on the network adapter. As soon as I changed them back to "Obtain DNS servers" everything started to work again. There were prior steps I took although I am not sure they removed anything related to the DNS server problem.

1) I ran tdsskiller, which found a root kit.

2) I rebooted and ran tdsskiller again, finding nothing.

3) I rebooted into safe mode w/ network and installed MBAM from my flash drive.

It was then that I had the MBAM_ERROR_UPDATE error and found the static DNS servers set.

I hope this helps someone.

-Al