8 replies to this topic

[ratabrach]

Yesterday I ran a full scan which hadn't finished after 8 hours even though it was not too much time left (it was in the System32 folder) I had to go to bed. During the scan I also updated some Windows Security of which required a restart, but i kept postpone this for 4 hours which I also did just before going to bed to be on the safe side, to guarantee the Full Scan would finish prior to this.

Now to my question. I woke up the next day and obviously computer has restarted and I was prompted with Windows Log in credentials which in turn leads me to the following questions, What happens after a full Scan if not attending/being present? When I went to bed it had found 31 Malicious Files were these deleted automatically? There is no logs of the full scan ,at least I could not find them in application, in program folders or in the appdata local and roaming folders.

If being present upon completion you can "Show Result" then delete all malicious files which then requires a restart in order to clean them. But like mentioned several times now I was not there , so what have happened? Are those files gone ? Am I safe? Why isnt there some logs about the full scan report?

Awaiting your prompt reply......

[daledoc1]

Hello and welcome, ratabrach:

You have many questions, and some of them will need to wait for an MBAM staffer to answer them in detail.

Until then, a couple of thoughts:

1) Generally speaking, routine FULL scans with MBAM PRO are neither necessary, nor recommended. Typically, Quick scans are all that is needed, and FULL scans are used only in certain circumstances. Basically, a quick scan searches in all areas that malware likes to hide. The Quick scans typically only take a few minutes (though it depends on many factors, including your hardware, your OS, the number of files being scanned, etc).
This is explained here: What is the difference between the three scan types in Malwarebytes Anti-Malware?
and here:

Quote

...we always recommend the Quick Scan over the Full Scan as it is quite comprehensive and is designed to look in every location where infections are known to hide. http://forums.malwar...ndpost&p=565867

2) Trying to complete important computer tasks (such as Windows Updates) during a malware or AV scan (especially on a computer that may be infected) probably isn't a good idea. One could run into problems with the updates not installing correctly, scan freezes, and the problem you experienced (needing to reboot during a scan).

3) MBAM PRO can be configured to scan, quarantine malware and reboot the system with little user input. The MBAM staff can assist you with configuring it properly for your needs, and there are many helpful KB topics, How-To Articles and Videos here: http://helpdesk.malw...ytes.org/forums.

4) There should be logs of your scans (& the protection module) which you can view: If you open the main program UI & click the logs tab, they should be listed there. EDIT: However, see TDK's reply below mine re: lack of a scan log when the scan is interrupted.

MBAM scan logs are saved to the following locations:
-- XP: C:\Documents and Settings\<username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7, 8: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd

MBAM Protection Logs are saved to:
-- XP: C:\Documents and Settings\<username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-yyyy-mm-dd
-- Vista, Windows 7, 8: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-yyyy-mm-dd

5) Files that are quarantined by MBAM cannot harm your system. You can leave them there for a day or so, to be sure your system is working OK (IOW not a rare False Positive), and then clear the Quarantine: How to Empty Items from Quarantine

>>>Having said all that, since MBAM detected a large number of threats, it might be a good idea to have one the malware experts assist you in running some additional scans, to be sure that all traces of malware are gone (some pesky malware these days requires multiple specialized tools to completely remove it).
Since we don't work on malware detection/removal in this particular sub-section of the forum, please follow the recommendations in this sticky topic: Available Assistance For Possibly Infected Computers.
One of the malware helpers will guide you through the process.

HTH, at least for starters,

daledoc1

[TheDarkKnight]

Hello ratabrach,

MBAM will not doing anything to any files it finds. You can choose to delete them when the scan has completed. This is to avoid false positives etc. Just as daledoc1 said.

[daledoc1]

Ah, very good, TDK!
Thanks for that additional clarification, especially about the lack of a scan log when the scan is interrupted!

Cheers!

daledoc1

[ratabrach]

Hi guys and thanks for your answers. It seems like I need to clarify some things:

1. I usually only run flash/quick scan but since I have never run a full scan on this computer before I thought it was time especially considering this PC contains >210 000 files. Also like metioned 31 malware were found up until I was present, speaking of that it leeds me to the second clarification.

2. As mentioned I know you have an option to delete all files found during a scan IF YOU ARE PRESENT, my question is based upon not being present.

3. As for the Windows Security Updates I forgot to tell that these were completed (downloaded and installed) BEFORE starting the Full Scan it was just waiting for me to do a restart (which I postponed several times and last time just before going to bed I postponed it yet another 4 hours in order to be sure Scan would be finalized prior to restart), in addition to be as safe as possible, I disabled my network connection so PC was offline during the whole scan and was not interrupted in any way.

[ratabrach]

Forgot:

4. There is no logs present in the program or inside any of Malwarebytes folders as mentioned in initial post.

[ratabrach]

Yet another clarification:

There were two logs present, these were logs produced today related to upgrading of the MB database and did not contain any useful info, there were no logs of the full scan.

[TheDarkKnight]

Good morning ratabrach,

Quote

As mentioned I know you have an option to delete all files found during a scan IF YOU ARE PRESENT, my question is based upon not being present.

As daledoc1 mentioned above, unless you have configured MBAM to automatically delete threats then it won't.

Quote

There is no logs present in the program or inside any of Malwarebytes folders as mentioned in initial post.

Often, if MBAM (or most other security programs for that matter) are interrupted midway they will not produce a log.

Quote

I disabled my network connection so PC was offline during the whole scan and was not interrupted in any way.

Unfortunately that won't have stopped the Windows Updates from restarting your computer.

I suggest running another scan, and if you want to make sure your computer is malware-free you should make a topic in the Malware Removal section of this forum.

[AdvancedSetup]

Available Assistance for Possibly Infected Computers