Saving a Memory Dump in Windows Vista, Windows 2008, and Windows 7

[GT500]

This is a quick guide on how to save a Memory Dump from Malwarebytes' Anti-Malware on Windows Vista, Windows 2008, and Windows 7 (this tutorial does not apply to Windows XP, Windows 2003, or Windows 2000). I will also include some instructions on how to get Memory Dump file to us, as it will be too large to attach it to a reply on the forums.

Before beginning, you may want to run a utility such as ATF Cleaner (no longer online) to clean out your temp files (ignore the warning on the download page that says it's for Windows XP and Windows 2000 only, they just haven't updated their download page in a very long time, and ATF Cleaner works just fine on Windows Vista and Windows 7). This will make it easier to find the Memory Dump after you have saved it.

Step 1

Press

Ctrl

+

Shift

+

Esc

on your keyboard (all at the same time) to open the Task Manager.

Step 2

Switch to the

Processes

tab (see screenshot below).

Step 3

Click the button in the lower-left that says

Shows processes from all users

(see screenshot below), otherwise Windows will not allow you to save the Memory Dump (this step does not apply if you have disabled the UAC in Windows).

Step 4

Find

mbam.exe

in the list of processes (see screenshot below). Note that this list should be in alphabetical order.

Step 5

After you have found

mbam.exe

in the list, please right-click on it, and select

Create Dump File

from the list (see screenshot below).

Step 6

Once it's done saving the Memory Dump, it will pop up a little box that tells you where that memory dump was saved (see screenshot below).

Using your mouse, please highlight the part of the path to the file before where it says /mbam.DMP (see screenshot below).

After highlighting as seen in the screenshot above, please copy (you may have to use the keyboard shortcut Ctrl + C in order to copy it) the part that you have highlighted. You can click to close the notification after copying.

Step 7

Click on the

Start

button (the little round Windows Logo button in the lower-left corner of the screen), and paste the path you had copied into the

Search

field at the bottom of the Start Menu (see screenshot below) and then press

Enter

on your keyboard to open the folder where the Memory Dump was saved. Note that if you didn't copy the path to where the Memory Dump was saved correctly, then you can repeat steps 1-6 as many times as you need to in order to get it right.

Step 8

Find the Memory Dump file in the list of files. It should be called

mbam.DMP

and the list will be in alphabetical order (see screenshot below). Once you find it, take note of the size. It's way too big to send to us in a reasonable amount of time, so we'll show you have to take care of that.

Step 9

Right-click on the

mbam.DMP

file, go to

Send to

, and then click on

Compressed (zipped) folder

in order to make the Memory Dump smaller (see screenshot below).

(Note that if you have a utility such as 7-Zip, WinRar, WinZip, etc. that you may use them to do this as well. We will accept most compressed archive formats, although we do prefer 7z, RAR, and ZIP. GZip and BZip2 are also fine for single files like this. Essentially, as long as 7-Zip and WinRar can both open it, we should be OK with it.)

Step 10

You'll note that, once it's done, it will have created a new file. This new file is a ZIP Archive that contains the Memory Dump file, but also made it smaller, and now it is in a better format to send over the Internet (see screenshot below). Please cut and paste this new file onto your desktop so that you will have easy access to it when sending it to us.

Step 11

Unless you have some sort of online file storage that allows you to give us a link to download the Memory Dump, then you will need to use one of the free FileSharing services such as

MediaFire

or

RapidShare

(you can ignore all of their ads about paying for the 'Pro'/'Premium' service, as you will only be sending us the one file). Once you have uploaded the ZIP Archive with the Memory Dump inside it, please send us your link either by posting it on the forums, or by whatever method the person assisting you requested that you send them your link.

Once we have received your link, our developers will take a look at your Memory Dump as soon as they can.

Edited January 8, 2023 by GT500
Fix missing images.