Malwarebytes and TrueCrypt BSOD...

Discussion in 'encryption problems' started by KindaParanoid21, Jun 21, 2014.

Thread Status:
Not open for further replies.
  1. KindaParanoid21

    KindaParanoid21 Registered Member

    Joined:
    Jun 21, 2014
    Posts:
    46
    Hey everyone, really love these boards so far as I discovered them recently with the TrueCrypt issues. There's a lot of great information here I intend to absorb, as security and privacy are always changing and should be on the radar of most people.

    With that said, I've got a problem! When the TC stuff hit the fan, I stopped using it ASAP, including volume containers and encrypted system partition. As I began researching alternative programs I discovered something concerning. I googled it and found some old threads here in fact but nothing that could help me.

    Whenever I scan the drive with Malwarebytes in explorer, or folders within a volume, it either locks up or I get the BSOD. It goes through the prescan just fine but as soon as it gets to Filesystem Objects is when everything goes to hell. The only time this didn't happen is if I created a new folder within an old or new VC. Either way though I get the BSOD with a new or older VC I made before.

    This doesn't happen with MSE, and I haven't tried another program with it yet. So I'd have to say it's an issue either with TC or MWB. But I would really like to feel safe with those files on the VC's and don't as long as it's doing this. So any help would be great, and thanks for your time!
     
  2. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    702
    Location:
    North of the 38th parallel.
    Hello KindaParanoid21:

    Above you have posted in part:
    Does this mean you are still in the process of, and you are taking steps to, eventually delete all elements of TrueCrypt, and return to your system's original non-TrueCrypt state?

    Are you contemplating the use of another vendor's encryption software?

    Is Malwarebytes Anti-Malware, presumably version 2.0.2.1012 Consumer-Premium, installed in its default %ProgramFiles(X86)% location, or other?

    Are you willing to disclose, with a moderate amount of detail, your Windows operating system version, and system architecture?

    Please feel free to correct any inaccurate assumptions above.

    Thank you.
     
  3. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,283
    It has never happened to me when scanning folders in a TC mounted volume using MBAM 1.75. I haven´t checked with MBAM 2.x.
     
  4. KindaParanoid21

    KindaParanoid21 Registered Member

    Joined:
    Jun 21, 2014
    Posts:
    46
    1PW - First thank you for your response. Second, after doing some research, around these parts as well, if its all the same I'd like to still use TC until the audit is finished. I wasn't satisfied with anything else really, but not to the point of putting myself into deep risk though. To your second question, I would definitely try something I didn't come across yet, but found what I did didn't have the stenography TC offers as well as hidden volumes.

    Now yes to your MW questions except it's installation, which is on another partition. (Something I should rectify maybe?) And yeah, NP about my system, which is Win 7 Pro on an i5 Dell Inispiron.

    Robin A - Yeah I'd be curious if it would as I'm sure I can't be the only one with these problems. My fear is they're infected with something but the files constantly check out as okay.
     
  5. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
  6. KindaParanoid21

    KindaParanoid21 Registered Member

    Joined:
    Jun 21, 2014
    Posts:
    46
    J_L - Yeah, just tried it on another PC... I have MW Pro 2.0.2 on a desktop, installed a safe version of TC on it, created a new volume which scanned fine, then scanned an old TC volume, and it froze my computer and almost fragged it at the same time... Couldn't log in, kept boot looping, so windows repair fixed and removed TC, to which MW is warning it detected a malicious program.

    Reeeeeeaaaaaallllllyyyy didn't feel like having to stop using TC... Even with the issues, reading threads here and elsewhere, it seemed at least for now to be still safe to use, all the theories aside.

    Tell me, have you or anyone else have these issues? (Obviously plenty have but I'm curious as to why you might not be having issues.)
     
  7. KindaParanoid21

    KindaParanoid21 Registered Member

    Joined:
    Jun 21, 2014
    Posts:
    46
    Just giving BestCrypt a second look... One thing I loved the most about TC is you could create an encrypted volume, or hidden, within another file name... I don't know if steganography would apply here, but BC has its own file name where as TC would create the volume within another file.
     
  8. KindaParanoid21

    KindaParanoid21 Registered Member

    Joined:
    Jun 21, 2014
    Posts:
    46
    Welp, looks like Symantec full disk encryption looks promising, anyone else give it a try?
     
  9. npcomplete

    npcomplete Registered Member

    Joined:
    Aug 28, 2013
    Posts:
    2
    I am consistently getting the BSOD with Malwarebytes 2.0.2.1012 Premium scanning Truecrypt 7.1a containers (NTFS and FAT, new or old), also on a Dell, Studio XPS with i7 running Win 7 Pro, so a few things in common with the OP.

    With no other apps running but Truecrypt and MB (No AV or other) it fails 100% of the time when scanning an encrypted container, with either blue screen or looping to the point of having to hit the power. If you try to "Cancel Scan" it goes dormant, and you can't even bring up task manager... and again you have to hit the power to restart...

    With other containers open, I can scan unencrypted C: without problems, only the encrypted drives cause problems. This is after doing the MB recommended "clean install" and using the recommended "mbam-clean.exe" tool. This happens with or without the Root Kit scan. Been a user of TC and MB for years...
     
  10. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    702
    Location:
    North of the 38th parallel.
    Hello npcomplete:

    Please consider opening your own topic in Malwarebytes Anti-Malware Help and attach two of your most recent dump files likely located within the C:\WINDOWS\Minidump folder.

    Please make reference to Your post here.

    Thank you.
     
  11. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    702
    Location:
    North of the 38th parallel.
    Hello J_L:

    Your last post in the above sub-forum indicates you had deferred working with the experts who would have gladly helped you further.

    The sub-forum of your last post did not permit the troubleshooting actions indicated by your diagnostic reports. IMHO you were put off by continuing investigative and corrective steps in a protected sub-forum named "Malware Removal Help" where much more remediation takes place than just the removal of malware.

    The protected sub-forum, suggested to you, disallows posts by other well meaning users, which should have been abundantly clear where your OP was.

    Absolutely no personal insult is being made upon you or the housekeeping of your computer. I urge you rethink your position based on the above.

    Thank you.
     
  12. npcomplete

    npcomplete Registered Member

    Joined:
    Aug 28, 2013
    Posts:
    2
    Thanks 1PW, I just took your advice and posted at MB forum. I posted here since the problems the OP was having were very similar to mine, with Dell, Win 7 Pro, TC, MB, and blue screen. arrghh

    I actually like both products.
     
  13. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    That's prim & proper and all, but I simply don't have the time or interest to troubleshoot any further.

    I will on the other hand evaluate what Malwarebytes' have learned from this issue in their release of the next version, and take appropriate steps from there.
     
  14. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    702
    Location:
    North of the 38th parallel.
    Anytime you would like to revisit, you are quite welcome.

    Malwarebytes' offer to help obviously remains open to all.
     
Loading...
Thread Status:
Not open for further replies.