Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-15665

Malwarebytes Anti-Malware 1.75.0.1300 fails to start real-time protection

    XMLWordPrintable

    Details

      Description

      Reproduction steps:

      1. Download Malwarebytes Anti-Malware here: http://dl3.comss.ru/download/mbam-setup-1.75.0.1300.exe.
      2. Install it, uncheck all three checkboxes at the end of the installation and click "Finish".
      3. Download Microsoft Visual Basic 6 Runtime from Rapps.
      4. Install it also, by the following way:
        1) Launch VB6.0-KB290887-X86.exe directly from Rapps after downloading;
        2) Click "Yes" and select the directory for extracting vbrun60sp6.exe;
        3) Go to the directory with extracted vbrun60sp6.exe;
        4) Extract vbrun60sp6.exe via any archiver (I did it via 7-Zip 18.05);
        5) Go to the directory with extracted files from vbrun60sp6.exe;
        6) Right click on vbrun60.inf and then "Install".
      5. Reboot the system to save the registry settings.
      6. Launch Malwarebytes.
      7. Go to the 2nd "Security Module" tab in the main window.
      8. Click "Start trial period" button between description (at the top) and banner ad (at the bottom). It will try to start Malwarebytes Anti-Malware Pro trial period with real-time protection. After this, will appear an error that the entry point _PfDeleteLog@0 not found in iphlpapi.dll.

      In mbam.log I see the following lines when this error appears:

      (dll/ntdll/ldr/ldrutils.c:2350) Image mbam.exe has no exports, but were trying to get procedure _OPENSSL_isservice. BaseAddress asked 0x00400000, got entry BA 0x00400000
      err:(dll/win32/msafd/misc/dllmain.c:1975) Async Connect UNIMPLEMENTED!
      err:(dll/win32/msafd/misc/dllmain.c:1975) Async Connect UNIMPLEMENTED!
      (dll/ntdll/ldr/ldrutils.c:1335) LDR: LdrpMapDll Relocating Image Name mbamnet.dll (10000000-1021F000 -> 00150000)
      (dll/ntdll/ldr/ldrutils.c:1374) Overlapping DLL: C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
      err:(dll/win32/advapi32/service/scm.c:2946) RStartServiceW() failed (Error 1056)
      (dll/ntdll/ldr/ldrpe.c:1036) Failed to snap IPHLPAPI.DLL!_PfDeleteLog@0
      err:(win32ss/user/user32/windows/messagebox.c:1048) MessageBox: L"The procedure entry point _PfDeleteLog@0 could not be located in the dynamic link library IPHLPAPI.DLL.\r\n"

      Also the main program's service named "MBAMService" can't start correctly, which is visible on mbam-service.png screenshot. Although MBAMScheduler works correctly.

      Tested with 0.4.12-dev-408-g431f9bf, in VirtualBox 5.1.38, also with 7-Zip 18.05, AC'97 VBox driver, Mesa3D, Samba for ReactOS 1.3 and GA installed.

        Attachments

        1. iphlpapi.patch
          0.4 kB
        2. mbam.log
          94 kB
        3. mbam.png
          mbam.png
          159 kB
        4. mbam2.log
          59 kB
        5. mbam2.png
          mbam2.png
          158 kB
        6. mbam-fixed.png
          mbam-fixed.png
          170 kB
        7. mbam-service.png
          mbam-service.png
          81 kB
        8. terminal-output.txt
          28 kB

          Issue Links

            Activity

              People

              • Assignee:
                learn_more Mark Jansen
                Reporter:
                Oleg Dubinskij Oleg Dubinskiy
              • Votes:
                5 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: