Forum: works_in_progress
Monitor Forum | 
Start New Thread
| RE: Malwarebytes Anti-Malware [ Reply ] By: Viet To on 2010-07-04 02:39 | [forum:7978] |
|
HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware That's where the serial key is stored at. Other registry keys are: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Malwarebytes' Anti-Malware_is1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (has /starttray) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMService HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMProtector HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMProtector HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService HKEY_CLASSES_ROOT\mbam.script HKEY_CLASSES_ROOT\mbam.script\shell\open\command HKEY_CURRENT_USER\Software\Malwarebytes' Anti-Malware HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Malwarebytes' Anti-Malware HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mbam.script HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MBAMExt.MBAMShlExt HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MBAMExt.MBAMShlExt.1 This is observed on a laptop that used the previous batch file. The user registration did not carry over, and now Malwarebytes is present in the ProgramFiles directory. |
|
| RE: Malwarebytes Anti-Malware [ Reply ] By: Viet To on 2010-06-27 23:18 | [forum:7940] |
|
Redoing the Sandboxie step with Malwarebytes uninstalled first, all the missing files (vbalsgrid6.ocx, ssubtmr6.dll, mbamext.dll) are present in the install folder Batch code is now: --- IF NOT EXIST %windir%\system32\drivers\mbamswissarmy.sys COPY "%cd%\WINDOWS\system32\drivers\mbamswissarmy.sys" "%windir%\system32\drivers\mbamswissarmy.sys" set WINDIR=%cd%\WINDOWS set USERPROFILE=%cd% set allusersprofile=%cd% set appdata=%cd%\Application Data set Temp=%cd%\Local Settings\Temp set tmp=%Temp% set path=%cd%\WINDOWS;%cd%\WINDOWS\system32 regsvr32.exe "vbalsgrid6.ocx" /s regsvr32.exe "ssubtmr6.dll" /s regsvr32.exe "mbamext.dll" /s start /MIN mbam.exe --- |
|
| RE: Malwarebytes Anti-Malware [ Reply ] By: Viet To on 2010-06-27 23:09 | [forum:7939] |
|
Tried copying over files from the other working copies, mainly the just finished one on AMD 1500. I noticed that the 2 missing regsrv32 files are now there. Removing the comments allows the program to work again. --- IF NOT EXIST %windir%\system32\drivers\mbamswissarmy.sys COPY "%cd%\WINDOWS\system32\drivers\mbamswissarmy.sys" "%windir%\system32\drivers\mbamswissarmy.sys" set WINDIR=%cd%\WINDOWS set USERPROFILE=%cd% set allusersprofile=%cd% set appdata=%cd%\Application Data set Temp=%cd%\Local Settings\Temp set tmp=%Temp% REM set systemdrive=%cd% set path=%cd%\WINDOWS;%cd%\WINDOWS\system32 REM set SystemRoot=%cd%\WINDOWS regsvr32.exe "vbalsgrid6.ocx" /s regsvr32.exe "ssubtmr6.dll" /s regsvr32.exe "mbamext.dll" /s start /MIN mbam.exe --- |
|
| RE: Malwarebytes Anti-Malware [ Reply ] By: Viet To on 2010-06-27 23:05 | [forum:7938] |
| Take that back... Uninstalled the local Malwarebytes and running the USB version. I get the vB error now. Atleast it's another chance to figure out just exactly which command is responsible for bypassing the error... | |
| RE: Malwarebytes Anti-Malware [ Reply ] By: Viet To on 2010-06-27 23:01 | [forum:7937] |
|
Tried the batch file on another computer (AMD 1500 for my reference). Ran into the vB error again. Playing around with the batch file someone made it go away again. I believe it should be: regsvr32.exe "vbalsgrid6.ocx" /s My complete batch file with certain lines commented (that I flip on and off) are: --- IF NOT EXIST %windir%\system32\drivers\mbamswissarmy.sys COPY "%cd%\WINDOWS\system32\drivers\mbamswissarmy.sys" "%windir%\system32\drivers\mbamswissarmy.sys" set WINDIR=%cd%\WINDOWS set USERPROFILE=%cd% set allusersprofile=%cd% set appdata=%cd%\Application Data set Temp=%cd%\Local Settings\Temp set tmp=%Temp% REM set systemdrive=%cd% set path=%cd%\WINDOWS;%cd%\WINDOWS\system32 REM set SystemRoot=%cd%\WINDOWS regsvr32.exe "vbalsgrid6.ocx" /s REM regsvr32.exe "ssubtmr6.dll" /s REM regsvr32.exe "mbamext.dll" /s start /MIN mbam.exe --- Where REM makes that line a comment. Somewhere in there, there's a one-time command that allows the vB error to not pop up again. The 2 still commented regsvr32.exe files are left commented because those files are no where to be found on my local drive or USB drive. |
|
| RE: Malwarebytes Anti-Malware [ Reply ] By: Viet To on 2010-06-27 17:28 | [forum:7936] |
|
Having grown impatient with the mbamswissarmy.sys file, I've tried the following: set path=%cd%\WINDOWS;%cd%\WINDOWS\system32 Doesn't make a difference. Still file not found set systemdrive=%cd% Error message stops appearing, but doesn't do anything COPY "%cd%\WINDOWS\system32\drivers\mbamswissarmy.sys" "%windir%\system32\drivers\mbamswissarmy.sys" This works. It places a copy of the "missing" file into the correct location that the program is seeking. Note that since it uses %windir%, it needs to be placed before "set windir=" The complete batch file is: --- COPY "%cd%\WINDOWS\system32\drivers\mbamswissarmy.sys" "%windir%\system32\drivers\mbamswissarmy.sys" set WINDIR=%cd%\WINDOWS set USERPROFILE=%cd% set allusersprofile=%cd% set appdata=%cd%\Application Data set Temp=%cd%\Local Settings\Temp set tmp=%Temp% set path=%cd%\WINDOWS;%cd%\WINDOWS\system32 start /MIN mbam.exe --- Note that there's probably tons of unnecessary code in there. Unnecessary is in not needed to make this sandboxed. I just throw it in just incase to catch whatever may happen. |
|
| RE: Malwarebytes Anti-Malware [ Reply ] By: Viet To on 2010-06-27 15:46 | [forum:7935] |
|
I'm ditching the local program + batch, as it didn't make a difference. Going back to using the sandboxed install file + needed local files. For some reason, the vB error went away. I did move the regsvr32.exe into windows/system32 but it didn't make a difference at first either. I did change a command to set WINDIR=%cd%\WINDOWS (note the caps). Reverting it back to ..\Windows doesn't make a difference though. The error message now states: --- Title: Malwarebyte's Anti-Malware Message: An error has occured. Please report this error code to the support team. Message: Message: MBAM_ERROR_MISSING_FILE(2, 0, mbamswissarmy.sys) Message: Message: The system cannot find the file specified --- Oddly, the file is located in windows/system32/drivers Will try setting SystemRoot, as it normally points to C:/Windows |
|
| RE: Malwarebytes Anti-Malware [ Reply ] By: Viet To on 2010-06-27 15:16 | [forum:7934] |
|
Running it now gives 2 message boxes: --- Title: vbAccelerator Sgrid II Control Message: Run-time error '0' Title: Malwarebyte's Anti-Malware Message: Run-time error '440': Message: Message: Automation error --- Copying over my local program files straight and using the batch file results in the same error message. Using: regsvr32.exe "vbalsgrid6.ocx" /s regsvr32.exe "ssubtmr6.dll" /s regsvr32.exe "mbamext.dll" /s results in the same errors |
|
| RE: Malwarebytes Anti-Malware [ Reply ] By: Viet To on 2010-06-27 14:50 | [forum:7933] |
|
After uninstalling the local copy of Malwarebytes on HP Pentium4, running the USB version gives the error: --- Run-time error '339': Component 'vbalsgrid6.ocx' or one of its dependencies not correctly registered: a file is missing or invalid --- vbalsgrid6.ocx appears in my local install at C:\Program Files\Malwarebytes' Anti-Malware but not in the USB version. Jinxx from Portableapps.com used: regsvr32.exe "vbalsgrid6.ocx" /s I'm going to try it without registering that file, but placing it into the program directory instead. |
|
| RE: Malwarebytes Anti-Malware [ Reply ] By: Viet To on 2010-06-27 14:43 | [forum:7932] |
|
Running on another computer of the same operating system (Windows XP), the database version is the local version rather than the USB drive. On a local install, the folders logs and quarantine are also found in %user%/appdata Changing the batch file to ------------- set WINDIR=%cd%\Windows set USERPROFILE=%cd% set allusersprofile=%cd% set appdata=%cd%\Application Data set Temp=%cd%\Local Settings\Temp set tmp=%Temp% start /MIN mbam.exe --------- Program runs and reads the correct database. The tray icon ONLY appears if you enable the protection module though. Upon start, "Enable Protection Module" is ALWAYS unchecked, even if it was checked previously. Exiting the program without enabling protection to get the system tray icon results in mbamservice.exe running hidden in the background On the test computer (HP Pentium 4 for my reference), it seems that exiting from the system tray disables the protection. This behavior is seen in both the USB and local install. |
|
| RE: Malwarebytes Anti-Malware [ Reply ] By: Viet To on 2010-06-27 14:19 | [forum:7931] |
|
Copying over the missing file enables the program to launch properly, as well as appear in the system tray when "Enable Protection Module" is enabled. I have not tested moving this to another computer yet. |
|
| RE: Malwarebytes Anti-Malware [ Reply ] By: Viet To on 2010-06-27 14:12 | [forum:7930] |
|
set WINDIR=%cd%\Windows set USERPROFILE=%cd% set Temp=%cd%\Local Settings\Temp set tmp=%Temp% start /MIN mbam.exe --------------------- Results in the error message MBAM_ERROR_MISSING_FILE (2, 0, mbam.dll) Oddly, mbam.dll is not found inside the sandbox. It is found in my local install of Malwarebytes though. |
|
| RE: Malwarebytes Anti-Malware [ Reply ] By: Viet To on 2010-06-27 13:53 | [forum:7929] |
|
Using Sandboxie[http://www.sandboxie.com/index.php?DownloadSandboxie] to sandbox the install file (mbam-setup-1.46.exe), the directories made are: C:\Sandbox\user\malwarebytes\drive\C\Program Files\Malwarebytes' Anti-Malware C:\Sandbox\user\malwarebytes\drive\C\WINDOWSSbiePst.dat C:\Sandbox\user\malwarebytes\drive\C\WINDOWS\system32\drivers Other directories found, but unsure of, are C:\Sandbox\user\malwarebytes\user\current\Local Settings\Temp C:\Sandbox\user\malwarebytes\user\all\Application Data\Malwarebytes\Malwarebytes' Anti-Malware C:\Sandbox\user\malwarebytes\user\all\Start Menu\Programs\Malwarebytes' Anti-Malware The folder C:\Sandbox\user\malwarebytes\user\current\Application Data\Dropbox\shellext\l was also found inside the sandbox, but seems to be from my Dropbox program interfering. |
|
| Malwarebytes Anti-Malware [ Reply ] By: Viet To on 2010-06-27 13:30 | [forum:7928] |
|
http://portableapps.com/node/21341 I've seen several requests for Malwarebytes. As a computer repairmen myself, I don't see the advantage of having this program portable rather than locally installed. Unless it's to keep a single copy up to date and just drag and drop to other computers you run in to. A person on the portableapps person has already found some things out. If those registry settings are required, I won't be able to go anywhere with this. ---Quote--- I'm close to making a semi-portable mbam. What I have done is: Installed mabam on a computer Copied the install directory to my flash disc Copied 2 sys files (mbam.sys & mbamswissarmy.sys) from %windir%\system32\drivers On my flash disc I have written a batch file: COPY "mbam.sys" "%windir%\system32\drivers\mbam.sys" COPY "mbamswissarmy.sys" "%windir%\system32\drivers\mbamswissarmy.sys" regsvr32.exe "vbalsgrid6.ocx" /s regsvr32.exe "ssubtmr6.dll" /s regsvr32.exe "mbamext.dll" /s That copies the 2 sys file to their right place, and registers the dll's and ocx file. The problem I am having now is an error that comes up that I don't know how to fix - MBAM_ERROR_LOAD_DATABASE (0, 5) I assume it is having problems with the virus db, so far all I can find in google is to uninstall, and re-install..... doesn't really help in this situation.... What else I know about mbam is the following directories: %USERPROFILE%\Application Data\Malwarebytes\ %USERPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\ %USERPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\ %USERPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\Necessary files (definitions) are created upon update: %ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\ignore.dat %ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\news.txt %ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref %ALLUSERSPROFILE%\Application Data\Malwarebytes\ %ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\ and the following registry entry: HKCU\Software\Malwarebytes' Anti-Malware any help would be appreciated Smiling ---End Quote--- |
|
