Jump to content

Some unknown shutting down Avira and blocking MalwareBytes


Recommended Posts

I have a machine now offline that may be infected with alien code. Yesterday something shut down Avira and and I could scan with MBAM using only a very old rules.ref --- old, because I was getting error messages upon requesting rules.ref update. So ran the old rules. ref which found a trojan and an ad. Moved them to quarantine. Then attempted to update MalwareBytes through its own menu system again (to re-scan with current rules.ref) but that results in:

An error occurred. Please report the following error code to the Malwarebytes' Anti-Malware support team. Error code: 732(12029, 0)

Thanks to the member named Firefox, who fingered how to move the definition database (Rules.ref) from a healthy machine to a sick one, I was able to transfer Rules.ref with a flash drive to rescan the sick machine. BUT....after installing Rules.Ref and then invoking Malwarebytes, the application refuses to come up to the splash screen and instead displays the Malwarebyes' error message:

An error occurred. Please report the following error code to the Malwarebytes Anti-Malware support team. Error Code: 730 (0, 0)

Now Malwarebytes refuses to run at all. So I'm keeping that machine offline. Avira refuses to run too, with its error mess complaining:

While loading module (aecore.dll) the following error occured: the engine CRC has been changed

That machine use to be on a network hit by data thieves who stole a large sum of money moving it to the Ukraine. I do not want to put that machine back on line until I know its clean.

ENVIRONMENT:

OS=XP w/Service Pack 2

Security=Avira Personal Verson 10.0.0.567

MBAM=Product version 1.43.0.0

Firewall=normal Microsoft

Any ideas what I might do to get MBAM running again?

Link to post
Share on other sites

Hello and Welcome to Malwarebytes....

First off, you are running an old version of Malwarebytes.... follow the steps below to update it to the lastest version....

Please try the following to see if it helps:

Windows XP:

  • Click on Start and select Control Panel
  • Open Add/Remove Programs
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important
  • Download and run mbam-clean.exe from here
  • NOTE: If you get SHGetValue failed with error code 0, that only means that the tool has nothing to perform, continue on with the next step....
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask me and I'll explain how to do it.

Second.....

By the way,

It would be a good idea to update to SP3 as support (including new security updates) ends July 13, 2010 for SP 2:

As Disscussed HERE

Please post back if you have further questions.

Thank You :)

Link to post
Share on other sites

Firefox:

Thanks for your clear instructions. I've completed your "First off..." part, but there's odd behavior. Namely the sick computer which has multiple drives attached including a 250GB and 1TB plus flash drive, and it is not clear to me from the logs, below, whether it did or did not complete the scan --- it appears MBAM did not. The full scan I did just after program installation using the April 2010 Definition set completed in less than 1 1/2 hours including the external drives I thought. This is compared to the machine I'm writing to you on which after 6 and 1/2 hours has not yet completed it's scan and it has zero attached external drives. Odd.

The sick machine I left last night after re-installing MBAM as you detailed, and activating Avira, I invoked the Microsoft update. This morning the machine had obviously re-booted itself, and after logging in and invoking MalwareBytes it blue-screened saying that Microsoft was "protecting me" by shutting down my machine (Gee, thanks a lot MS), due to paging in a non-paged-area.

I re-booted. Same deal. I re-booted again, this time....everything appears normal. Wireless on, email functions, but there's no Microsoft update shield and the System Control Panel shows the "sick" machine is still at Service Pack 2.

Here's the logs and they appear the scan scheduled to begin at 3:47 did not run, but oddly, MBAM waited 5 1/2 hours to start Protection. What could have happened in that time? Nothing good....

-----------------This scan was run using the April 2010 Definition Dataset installed with MBAM------------------------------

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.13

9/20/2010 12:34:10 AM

mbam-log-2010-09-20 (00-34-10).txt

Scan type: Full scan (C:\|D:\|F:\|G:\|)

Objects scanned: 375308

Time elapsed: 1 hour(s), 27 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

------- I "updated" the Definition Set using MalwareBytes menu, then the scheduled full scans to start at 3:47 -----------------------

00:37:43 Administrator MESSAGE Protection started successfully

00:37:47 Administrator MESSAGE IP Protection started successfully

01:11:50 Administrator MESSAGE Protection started successfully

01:11:55 Administrator MESSAGE IP Protection started successfully

03:47:00 (null) ERROR Scheduled scan failed: GetUserToken failed with error code 0

09:18:08 Administrator MESSAGE Protection started successfully

09:18:13 Administrator MESSAGE IP Protection started successfully

09:22:06 Administrator MESSAGE Protection started successfully

09:22:14 Administrator MESSAGE IP Protection started successfully

Link to post
Share on other sites

First off add exceptions to your antivirus software for the malwarebytes files as listed below....

Please exclude the following files from your antivirus:

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude them from it as well

For Windows XP:

  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\mbamswissarmy.sys

Second you need to run an update to Malwarebytes, the definition you are using to perform a scan is quite old.....

Third perform a quick scan first (this will catch most if not all the infections if any)

Link to post
Share on other sites

I had input all nine exceptions you cited on both the "sick" and the "healthy" machines. Thanks for the reminder. I've used the nicknames "sick" and "healthy" machines from my original impression, but it's turning out they may both be abnormal. I'll stick with the nicknames just to tell them apart. I updated the database definitions to 9-20-10 and ran the "sick" and the "healthy" machine with these weird results:

SICK MACHINE (Intel Core2 T7200 CPU @ 2.00 GHz with 2 GB RAM, XP-prof SP2):

1) Flash scan. 52 seconds then reports clean

2) Quick scan. 10 minutes 40 seconds then reports clean

3) "Full" scan on all three drives totalling about 1.5TB. 1 hr 46 minutes for over 1.25 TB of three drives (four if you count the small partition on the C). It's most interesting to observe that the MBAM Elapsed Time counter that counts during scans runs non-stop, even if a file takes 10 seconds, the timer keeps ratcheting forward without hesitation --- and that is what I'd expect, normal.

HEALTHY MACHINE (Intel Pentium CPU @ 1.86 with 1.5 GB RAM, XP-prof SP3):

This is so odd since the so-called "healthy" machine I'm typing on has merely a 90GB drive and MBAM has been running a Full scan now for over 9 hours and is still running albeit at a snail's pace. The MBAM progress window takes anywhere from 12-seconds to 2-minutes to examine one file. It took 28 seconds to examine a text file (RTF format) that I know is only one page. So I conclude that there is some malady sucking up CPU cycles. In this case when the MBAM scan stops on a file, which it does on nearly every file, the MBAM Elapsed Timer stops ratcheting forward and just hangs. As much as two minutes later it leaps forward, so it must be keeping time in the background. Very odd, and not what I expect, abnormal I'd say.

What do you say?

Link to post
Share on other sites

Scan times will vary depending on you computer speeds, number of files, amount of temp files, etc etc....

One is a dual core and the other just a pentium, that explains a lot on the speed to scan....

Anyway if you updated both and the scans came up clean they should be good. A quick scan should be all you need. If you feel that the computer is still infected (perhaps with a rootkit) please follow the instructions below...

-------------------------------------------------------------------------------------------------------------------------

Please read the following so that you can begin the cleaning process:

As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have.

  • Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.
  • After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification, so that you're alerted when someone has replied to your post.
  • One of the expert helpers there will give you one-on-one assistance when one becomes available.
  • Please refrain from making any further changes to your computer (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.

NOTE: Please DO NOT post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post.

    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
      Or
    • You may send a Private Message to a Moderator asking for assistance.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here.

Please be patient, someone will assist you as soon as it is possible.

PS: Please use the "ADDREPLY" t_reply.gif button instead of other ones when you start replying. :P

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.