Sign In
Create Account
1
Let me ask the developers of MB and see if they have an answer.
I'll get back to you asap, MrC
-
This topic is locked
#21
Posted 03 February 2012 - 12:02 PM
-
- Experts
-
- 17,529 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
Back to top
#22
Posted 03 February 2012 - 01:02 PM
-
- Experts
-
- 17,529 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
OK, two things start with.
Do you have all live-monitor security apps turned off before starting MBAM scan? (Symantec)
and.....
Wait at least 10 minutes as a minimum before considering MB is freezing.
Let me know, MrC
Do you have all live-monitor security apps turned off before starting MBAM scan? (Symantec)
and.....
Wait at least 10 minutes as a minimum before considering MB is freezing.
Let me know, MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#23
Posted 03 February 2012 - 07:32 PM
-
- Members
-
- 32 posts
New Member
MrC,
I disabled my Symantec Endpoint Protection in the system try and went into services and stop all the Symantec services. I then ran MB again and did not touch it for 45 minutes.
8 minutes into the scan the file counter quit incrementing, but I left everything alone and just moved the mouse occasionally so the screensaver wouldn't pop on.
About the 30-40 minute mark the files still haven't incremented and the time scanning still said 8 minutes - that's when the machine totally locked up. I had to hard power cycle it. So there is definitely something hidden in those folders of jibberous that is hanging when MB runs.
I disabled my Symantec Endpoint Protection in the system try and went into services and stop all the Symantec services. I then ran MB again and did not touch it for 45 minutes.
8 minutes into the scan the file counter quit incrementing, but I left everything alone and just moved the mouse occasionally so the screensaver wouldn't pop on.
About the 30-40 minute mark the files still haven't incremented and the time scanning still said 8 minutes - that's when the machine totally locked up. I had to hard power cycle it. So there is definitely something hidden in those folders of jibberous that is hanging when MB runs.
#24
Posted 04 February 2012 - 10:05 AM
-
- Experts
-
- 17,529 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
OK, I'll pass the info on, will get back to you asap.
Thanks....MrC
Thanks....MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#25
Posted 04 February 2012 - 12:00 PM
-
- Experts
-
- 17,529 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
Please confirm that you get the same results in safe mode.
also......
Get to a Command Prompt
Copy and paste this in and hit enter.
DIR C:\ >C:\LIST.TXT
It will create LIST.TXT in C:\
Copy and paste or attach it in your next post.
MrC
also......
Get to a Command Prompt
Copy and paste this in and hit enter.
DIR C:\ >C:\LIST.TXT
It will create LIST.TXT in C:\
Copy and paste or attach it in your next post.
MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#26
Posted 04 February 2012 - 10:29 PM
-
- Members
-
- 32 posts
New Member
MrC,
Ok this is weird. I booted to safe-mode without running any command line switches or ignor list and it ran fine. MB found (1) vulnerability pum.disabled.securitycenter. It ran until completion and did not lock up. In addition, I never saw it scan the jibberous file path like in my screenshot in this post.
So I booted into windows and ran MalwareBytes again like normal and I almost instantly saw it trying to scan the jibberish file path again. So I just stopped the scan. Is it possible to only have Spyware in Windows or is there some kind of "Fake" file path that just loops and freaks out the MB scanner? Not sure but it's definitely an odd issue.
Ok this is weird. I booted to safe-mode without running any command line switches or ignor list and it ran fine. MB found (1) vulnerability pum.disabled.securitycenter. It ran until completion and did not lock up. In addition, I never saw it scan the jibberous file path like in my screenshot in this post.
So I booted into windows and ran MalwareBytes again like normal and I almost instantly saw it trying to scan the jibberish file path again. So I just stopped the scan. Is it possible to only have Spyware in Windows or is there some kind of "Fake" file path that just loops and freaks out the MB scanner? Not sure but it's definitely an odd issue.
#27
Posted 05 February 2012 - 09:10 AM
-
- Experts
-
- 17,529 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
I believe it's......
some kind of "Fake" file path that just loops and freaks out the MB scanner?
and it only loads in regular mode.
Can you get the list of "C" as asked and post or attach it.
MrC
some kind of "Fake" file path that just loops and freaks out the MB scanner?
and it only loads in regular mode.
Can you get the list of "C" as asked and post or attach it.
MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#29
Posted 06 February 2012 - 09:30 AM
-
- Experts
-
- 17,529 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
OK, they're concerned that your Anti-virus is causing the problem.
Another possibility is a corrupt disk, running chkdsk (checking the disk for errors) would be a good idea
I'd like you to run GMER Rootkit Scanner also:
Scan for rootkits with GMER Rootkit Scanner
Download GMER Rootkit Scanner from HERE to your desktop.
Double click the .exe file (it will be named some random characters). If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in Gmer.txt or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in your reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
NOTE:
If you cannot run GMER as indicated above, please save a scan from the initial startup scan.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double click the gmer.exe file.
The program will begin to run, and perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.
After the "initial scan" is complete, click on the Save button, and save the log file to your desktop, and post it in your reply
MrC
Another possibility is a corrupt disk, running chkdsk (checking the disk for errors) would be a good idea
I'd like you to run GMER Rootkit Scanner also:
Scan for rootkits with GMER Rootkit Scanner
Download GMER Rootkit Scanner from HERE to your desktop.
Double click the .exe file (it will be named some random characters). If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in Gmer.txt or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in your reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
NOTE:
If you cannot run GMER as indicated above, please save a scan from the initial startup scan.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double click the gmer.exe file.
The program will begin to run, and perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.
After the "initial scan" is complete, click on the Save button, and save the log file to your desktop, and post it in your reply
MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#31
Posted 06 February 2012 - 11:53 AM
-
- Experts
-
- 17,529 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
OK, the reason the log is so big is that you didn't leave the Show All (don't miss this one) unchecked.
Click on the pix below for example:
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
Sections <----uncheck
IAT/EAT <---uncheck
Drives/Partition other than Systemdrive (typically C:\) <--just scan C:\
Show All (don't miss this one) <---uncheck
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in Gmer.txt or it will save as a .log file which cannot be uploaded to your post.
Can you run it again with the correct boxes checked,
Thanks....MrC
Click on the pix below for example:
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
Sections <----uncheck
IAT/EAT <---uncheck
Drives/Partition other than Systemdrive (typically C:\) <--just scan C:\
Show All (don't miss this one) <---uncheck
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in Gmer.txt or it will save as a .log file which cannot be uploaded to your post.
Can you run it again with the correct boxes checked,
Thanks....MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#33
Posted 06 February 2012 - 12:54 PM
-
- Experts
-
- 17,529 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
To cover all bases, when you get a chance, run CHKDSK
I would check both boxes.
http://www.w7forums....-disk-t448.html
Let me know, MrC
I would check both boxes.
http://www.w7forums....-disk-t448.html
Let me know, MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#34
Posted 06 February 2012 - 06:04 PM
-
- Members
-
- 32 posts
New Member
Checking file system on C:
The type of the file system is NTFS.
A disk check has been scheduled.
Windows will now check the disk.
CHKDSK is verifying files (stage 1 of 5)...
125184 file records processed. File verification completed.
78 large file records processed. 0 bad file records processed. 2 EA records processed. 91 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)...
169856 index entries processed. Index verification completed.
0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)...
125184 file SDs/SIDs processed. Cleaning up 568 unused index entries from index $SII of file 0x9.
Cleaning up 568 unused index entries from index $SDH of file 0x9.
Cleaning up 568 unused security descriptors.
Security descriptor verification completed.
22337 data files processed. CHKDSK is verifying Usn Journal...
37170416 USN bytes processed. Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
125168 files processed. File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
46040262 free clusters processed. Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.
243386367 KB total disk space.
58932796 KB in 97283 files.
56864 KB in 22338 indexes.
0 KB in bad sectors.
235655 KB in use by the system.
65536 KB occupied by the log file.
184161052 KB available on disk.
4096 bytes in each allocation unit.
60846591 total allocation units on disk.
46040263 allocation units available on disk.
Internal Info:
00 e9 01 00 50 d3 01 00 fc 4c 03 00 00 00 00 00 ....P....L......
58 02 00 00 5b 00 00 00 00 00 00 00 00 00 00 00 X...[...........
70 61 57 00 50 01 55 00 38 1e 55 00 00 00 55 00 paW.P.U.8.U...U.
Windows has finished checking your disk.
Please wait while your computer restarts.
The type of the file system is NTFS.
A disk check has been scheduled.
Windows will now check the disk.
CHKDSK is verifying files (stage 1 of 5)...
125184 file records processed. File verification completed.
78 large file records processed. 0 bad file records processed. 2 EA records processed. 91 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)...
169856 index entries processed. Index verification completed.
0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)...
125184 file SDs/SIDs processed. Cleaning up 568 unused index entries from index $SII of file 0x9.
Cleaning up 568 unused index entries from index $SDH of file 0x9.
Cleaning up 568 unused security descriptors.
Security descriptor verification completed.
22337 data files processed. CHKDSK is verifying Usn Journal...
37170416 USN bytes processed. Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
125168 files processed. File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
46040262 free clusters processed. Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.
243386367 KB total disk space.
58932796 KB in 97283 files.
56864 KB in 22338 indexes.
0 KB in bad sectors.
235655 KB in use by the system.
65536 KB occupied by the log file.
184161052 KB available on disk.
4096 bytes in each allocation unit.
60846591 total allocation units on disk.
46040263 allocation units available on disk.
Internal Info:
00 e9 01 00 50 d3 01 00 fc 4c 03 00 00 00 00 00 ....P....L......
58 02 00 00 5b 00 00 00 00 00 00 00 00 00 00 00 X...[...........
70 61 57 00 50 01 55 00 38 1e 55 00 00 00 55 00 paW.P.U.8.U...U.
Windows has finished checking your disk.
Please wait while your computer restarts.
#35
Posted 06 February 2012 - 06:10 PM
-
- Members
-
- 32 posts
New Member
I tried real quick to run another MB scan it after a minute and a half the "Fake file path" scan returned. I just killed MB's scan so it wouldn't lock up my machine again. A rebuild might be imminent in the near future.
#36
Posted 07 February 2012 - 08:59 AM
-
- Experts
-
- 17,529 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
I don't know what else to tell you at this point.
MrC
MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#37
Posted 09 February 2012 - 12:56 PM
-
- Experts
-
- 17,529 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
What did you decide to do? MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#38
Posted 09 February 2012 - 05:24 PM
-
- Members
-
- 32 posts
New Member
MrC,
I appreciate all your help! I haven't done anything yet, I am a bit too busy right now. I think in the next few weeks that I will go ahead and just rebuild the laptop. I am fairly confident that I don't have a virus or Malware but the fact that I can't run MB in the future is not that comforting. So to be safe I will just go ahead and start from scratch. I applaud your effort though...
I appreciate all your help! I haven't done anything yet, I am a bit too busy right now. I think in the next few weeks that I will go ahead and just rebuild the laptop. I am fairly confident that I don't have a virus or Malware but the fact that I can't run MB in the future is not that comforting. So to be safe I will just go ahead and start from scratch. I applaud your effort though...
#39
Posted 10 February 2012 - 08:19 AM
-
- Experts
-
- 17,529 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
If you want, here's a suggestion from exile360:
you can get a ProcMon log to determine precisely what the path is that Malwarebytes Anti-Malware is actually freezing on:
Create a Process Monitor Log:
http://technet.micro...ernals/bb896645
you can get a ProcMon log to determine precisely what the path is that Malwarebytes Anti-Malware is actually freezing on:
Create a Process Monitor Log:
http://technet.micro...ernals/bb896645
- In Process Monitor, click on Filter and select Filter...
- Click on the first drop-down menu and select Process Name
- Click on the second drop-down menu and select is
- In the white box next to is, type mbam.exe
- Make certain that in the last drop-down menu, Include is selected and click on Add
- Click on Apply and then OK
- Perform a Quick Scan with Malwarebytes Anti-Malware, and once it reaches the folder/file in question, abort the scan and close Malwarebytes Anti-Malware
- Click on File and choose Save...
- Make certain that the following are selected:
- Events displayed using the current filter
- Also include profiling events
- Native Process Monitor Format (PML)
- Events displayed using the current filter
- For Path:, click on the ... button and browse to your desktop and save the file as mbam.pml and click on OK
- Close Process Monitor
- Right-click on the mbam.pml file now located on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
- Please attach the mbam.zip file you just created to your next reply
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#40
Posted 14 February 2012 - 11:34 PM
-
- Members
-
- 32 posts
New Member
Man that ProcMan file was huge - even compressed it was 24 MB. Looks like this forum only allows 20 MB max, so I uploaded it to my dropbox FTP site. Feel free to grab it there if you like http://dl.dropbox.co...082/ProcMon.zip
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
