Jump to content

Recommended Posts

I just purchased a new computer with Windows 7. All is working well. The only small item I can't seem to resolve is an Event Viewer entry after running a scan with the free version of Malwarebytes. The details are posted below. The good news is that this message does not seem to cause any problems. Scans run without incident except for this entry in the Event Viewer.

Thusfar, I have tried the following but the message continues to show:

1. I have excluded all of the following files and processes from my AV (Microsoft Security Essentials) -

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll

C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll

C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref

C:\Windows\System32\drivers\mbam.sys

C:\Windows\System32\drivers\mbamswissarmy.sys

It is the mbamswissarmy.sys that is causing the issue. However, as you can see, it has been excluded from the AV program. I can't find it in any location other than C:\Windows\System32\drivers.

2. I have uninstalled MWB and reinstalled with Microsoft Security Essentials disabled.

3. I have run MWB scans with Microsoft Security Essentials disabled. This sometimes works but not consistently.

The details of the message:

Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\mbamswissarmy.sys

System

- Provider

[ Name] Microsoft-Windows-Security-Auditing

[ Guid] {54849625-5478-4994-A5BA-3E3B0328C30D}

EventID 5038

Version 0

Level 0

Task 12290

Opcode 0

Keywords 0x8010000000000000

- TimeCreated

[ SystemTime] 2010-08-17T13:13:17.034033800Z

EventRecordID 3518

Correlation

- Execution

[ ProcessID] 4

[ ThreadID] 64

Channel Security

Computer User-PC

Security

EventData

param1 \Device\HarddiskVolume2\Windows\System32\drivers\mbamswissarmy.sys

I presume this issue will not cause any problems for me. Just wanted to check with others for their opinions.

Thanks for taking the time to read this rather lengthy post.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.