Author Topic: FP again mbamswissarmy.sys is detectted  (Read 3755 times)

0 Members and 1 Guest are viewing this topic.

Offline -Genesis-

  • Sr. Member
  • ****
  • Posts: 285
FP again mbamswissarmy.sys is detectted
« on: May 31, 2011, 07:29:42 AM »
mbamswissarmy.sys is part of Malwarebytes.

Avast team sleeping?

I have 4 FP as of now!!!!


Windows 10 Pro 1909/ Windows Defender/
Ryzen 5 1600/ Aorus Gtx 1080Ti Xtreme/ Gskill Trident Z RGB 3000/ Samsung Evo 250GB/ Western Digital Black 1 TB

Offline Gargamel360

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2346
  • Memento Mori
Re: FP again mbamswissarmy.sys is detectted
« Reply #1 on: May 31, 2011, 07:47:59 AM »
Well, did you get a poup-up with suggested course of action, or are you just UI-gazing, and noticed that on the graph?

Either way, Avast! has detected that file from MBAM before a couple times before, a forum search should bring up a few of those. 

As a side note AlbelNox, as a rule, men should not wear a dress, it gives people the wrong impression  ;D
Signature?  But I gots no pen....

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85381
  • No support PMs thanks
Re: FP again mbamswissarmy.sys is detectted
« Reply #2 on: May 31, 2011, 03:01:43 PM »
It shows last 'suspicious' event, but with the Behavior Shield set on Auto, if it were blocked you would get an alert pop-up, did you ?

If not then the auto decision was probably to Allow it. This can be checked by looking in the report file; C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\BehaviorShield.txt ?

What were you doing with MBAM Free at the time of this ?

I didn't think that the MBAM free used the mbamswissarmy.sys file as I have never had an alert on it by avast and I use MBAM free on this system. I use the MBAM pro version on my other win7 system and I have never had an alert on that either and there are no exclusions set in avast for MBAM on either system.

You could set the Behavior Shield to Ask and the next time it comes up, Allow it and add to trusted programs. Or from the report file copy and paste the full path in the entry into the trusted programs.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline -Genesis-

  • Sr. Member
  • ****
  • Posts: 285
Re: FP again mbamswissarmy.sys is detectted
« Reply #3 on: May 31, 2011, 04:49:14 PM »
I have MBAM pro but i remove because it slows down my system.

I wanna explain based on my observation.. But i can be wrong about this.

My behavior shield settings is default. I have no pop ups appearings.... based on your explanation that the pop up i was getting was the anti-rootkit feature of avast.

But!

I just noticed for over a month already if behavior shield detect a suspicious file the Anti-rootkit Avast will pop up but not everytime. mostly it pop up the other day. I mean what behavior detect as suspicious no pop up but some other day the pop up will appear on the HEURISTIC ANTI ROOTKIT.



I wanna link the other FP i posted which.

http://forum.avast.com/index.php?topic=79026.0

http://forum.avast.com/index.php?topic=78461.0

Again all of this before the heuristic anti-rootkit pop up the behavior shiled detect all of this as suspicious.

I am thinking that maybe tomorrow or other day that the anti-rootkit will detect the bamswissarmy.sys
Windows 10 Pro 1909/ Windows Defender/
Ryzen 5 1600/ Aorus Gtx 1080Ti Xtreme/ Gskill Trident Z RGB 3000/ Samsung Evo 250GB/ Western Digital Black 1 TB

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37068
Re: FP again mbamswissarmy.sys is detectted
« Reply #4 on: May 31, 2011, 06:06:50 PM »
Quote
I have MBAM pro but i remove because it slows down my system.
if that is the case....did you try to just turn off the "protection module" first?
sett it to "do not start with windows"

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85381
  • No support PMs thanks
Re: FP again mbamswissarmy.sys is detectted
« Reply #5 on: May 31, 2011, 06:24:22 PM »
@ AlbelNox
It is just that your signature stated you have MBAM free, which as far as I'm aware doesn't have the mbamswissarmy.sys driver resident.

Again even my win7 system with MBAM Pro doesn't detect mbamswissarmy.sys in the anti-rootkit scan 8 minutes after boot or in the behavior shield. So I don't know if this is an issue only seen in win XP (and I don't use the MBAM Pro version in XP.

I only have MBAMService.exe and MBAMgui.exe running in XP and win7, I can't see anything of mbamswissarmy.sys, even when I look in services.msc, and check the dependencies, shows only MBAMProtector.

The links to the other topics are unrelated as they aren't about your problem with mbamswissarmy.sys.

I have just started off a custom full rootkit scan, so I will let you know the outcome when complete.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85381
  • No support PMs thanks
Re: FP again mbamswissarmy.sys is detectted
« Reply #6 on: May 31, 2011, 06:42:50 PM »
Update:
I have just completed Full rootkit scans on both systems (XP with mbam free and win7 with mbam pro) and no detection at all. So I'm not really sure what is going on in your system, I can't replicate it.

What version of MBAM Pro did you have ?

I'm using mbam 1.51.0.600
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline -Genesis-

  • Sr. Member
  • ****
  • Posts: 285
Re: FP again mbamswissarmy.sys is detectted
« Reply #7 on: June 01, 2011, 01:54:23 PM »
@pondus, yes same.

Actually it is visible when i try to refresh (F5) you will see the hourglass loading a bit longer. Uninstalling MBAM Pro is much faster when refreshing. I also use MBAM clean to remove all remnants of MBAM pro.

My CPU is 5 years old already with 1gig ram.

Im thinking maybe MBAM + Antivirus with old CPU may cause a small slowdown.


@david,

I see a new version of MBAM. The one that avast behavior detect as suspicious was the previous build. 1.50.1.1100.

I will try to update new version and see what happens.
Windows 10 Pro 1909/ Windows Defender/
Ryzen 5 1600/ Aorus Gtx 1080Ti Xtreme/ Gskill Trident Z RGB 3000/ Samsung Evo 250GB/ Western Digital Black 1 TB

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85381
  • No support PMs thanks
Re: FP again mbamswissarmy.sys is detectted
« Reply #8 on: June 01, 2011, 03:05:30 PM »
Yes, always best to have the latest version of a product when troubleshooting as the issue may not be present.

The latest version of MBAM is now 1.51.0.1200.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security