v40boston
Members-
Posts
4 -
Joined
-
Last visited
Reputation
0 NeutralRecent Profile Visitors
420 profile views
-
Malwarebytes 3.0.6 Rootkit
v40boston replied to v40boston's topic in Malwarebytes for Windows Support Forum
I am running Windows 7 64-bit. After installing MBAM v3.0.6.1469 I am having the same problem as Gary999 is having on his Windows 10 machine. The Threat Scan hangs in the Rootkit Scan step after scanning 88 items. I ran chkdsk on my C: drive just before installing MBAM v3.0.6.1469 and it found no problems to correct. Here is what I did: 1) Installed Malwarebytes v3.0.6.1469 2) Activated license... all protections are turned on 3) Hyper Scan works in two minutes 4) 600,704 items scanned in 4 hours 15 minutes by Custom Scan (using default settings which only skip Rootkit Scan) but do scan Memory, Startup Files, Registry, File System and Heuristics Analysis 5) Threat scan hangs at 88 items scanned in Rootkit Scan Malwarebytes hangs even after "Cancel" or "Pause" of scan, but tray application "Quit Malwarebytes" stops the program. I can restart MBAM and reproduce the problem. I checked the Microsoft Windows Event Logs. Concurrent with the hang was an Audit Failure Event ID 6281 for the file C:\Windows\system32\hmpalert.dll. That 6281 Event was associated with v2.6.5 of Hitman Pro Alert, who says the problem was resolved in their v3. I tried deleting the hmpalert.dll file and emptying the Recycle Bin. But MBAM v3.0.6.1469 still hangs after scanning 88 items in Rootkit Scan. No other Event Log entries seem relevant. Is there any way I can help by identifying the file Rootkit Scan hangs on??? -
Malwarebytes 3.0.6 Rootkit
v40boston replied to v40boston's topic in Malwarebytes for Windows Support Forum
I WAS WRONG. I thought MBAM 3.0.6 Rootkit Scan hung on file hmpalert.dll (HitmanPro.Alert v2.6.5). I deleted that file and emptied the Recycle Bin. The Windows Event Log no longer complains about the file during Rootkit Scan. But the Rootkit Scan still hangs at the same place (after 88 items scanned). There are no other Event Log entries to indicate any problem that might be causing Rootkit Scan to hang. Since the problem is reproducible, is there any way to help identify the problem??? -
Malwarebytes 3.0.6 Rootkit
v40boston replied to v40boston's topic in Malwarebytes for Windows Support Forum
Oh, and two more things: 1) Windows Explorer File Properties for the hmpalert.dll says "This digital signature is OK". 2) I uploaded the offending hmpalert.dll file in my previous posting in the hmpalert-DLL.7z file (since .7z is one of the file formats permitted to be uploaded). -
THE ISSUE FOR MBAM 3 IS THAT AN AUDITING FAILURE FOR WINDOWS 7 Event ID 6281 FOR SOME FILE CAUSES MBAM 3 ROOTKIT SCAN TO HANG. BELOW, IS ALL THE INFORMATION I COLLECTED TO SUPPORT THIS CONCLUSION: Very similar experience as Gary999 on Windows 7 64-bit , after running chkdsk successfully (without any errors corrected!) on scanned disk partition C: 1) Installed Malwarebytes v3.0.6.1469 2) Activated license... all protections are turned on 3) Hyper Scan works in two minutes 4) 600,704 items scanned in 4 hours 15 minutes by Custom Scan (using default settings which only skip Rootkit Scan) but do scan Memory, Startup Files, Registry, File System and Heuristics Analysis 5) Threat scan hangs at 88 items scanned in Rootkit Scan Malwarebytes hangs even after "Cancel" or "Pause" of scan, but tray application "Quit Malwarebytes" stops the program. Can restart and reproduce problem. The only clue as to the item causing the "hang" is in the Windows 7 Event Logs. Basically Windows 7 generates a Security Auditing event 6281 for C:\Windows\System32\hmpalert.dll for version 2.6.5 of Hitman Pro Alert. HitmanPro.COM says this issue is resolved in version 3.x.x of Hitman Pro Alert. (See https://www.wilderssecurity.com/threads/hitmanpro-alert-support-and-discussion-thread.324841/page-151 posting #3772 and #3774) - - - - - - - - - - - - - - - - - - - - - - - System - Provider [ Name] Microsoft-Windows-Security-Auditing [ Guid] {54849625-5478-4994-A5BA-3E3B0328C30D} EventID 6281 Version 0 Level 0 Task 12290 Opcode 0 Keywords 0x8010000000000000 - TimeCreated [ SystemTime] 2017-02-07T07:40:46.129201000Z EventRecordID 115711 Correlation - Execution [ ProcessID] 4 [ ThreadID] 68 Channel Security Computer Hartford-PC Security - EventData param1 \Device\HarddiskVolume1\Windows\System32\hmpalert.dll Code Integrity determined that the page hashes of an image file are not valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. File Name: \Device\HarddiskVolume1\Windows\System32\hmpalert.dll hmpalert-DLL.7z