Jump to content


Photo

MBAM and OTL


  • Please log in to reply
3 replies to this topic

#1 Essexboy

Essexboy

    New Member

  • Members
  • Pip
  • 5 posts

Posted 06 April 2012 - 12:42 PM

I have a major problem with my clearing routines when I run OTL

As I need to empty the temporary files I use the empty temp command, this command asks processes to stop, now with windows processes like explorer if they refuse then OTL moves on to the next. But with MBAM it just locks the system and refuses to let OTL complete. Is there any way around this or do I have to resort to either not emptying the temporary folders or get the OP to run from safe mode. This behaviour is also apparent with TFC

As you can expect, someone who has an infection thinks the worst when OTL locks the system.
Trying to stop or pause the MBAM service has no effect because access is denied.

I can understand the reasoning behind not letting any other programme stop MBAM, but why can it not just release OTL and let it get on with it's job ?

#2 Firefox

Firefox

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 10,104 posts
  • Gender:Male
  • Location:USA

Posted 06 April 2012 - 12:54 PM

I can not comment on how Malwarebytes does it work as I do not work for Malwarebytes or am I a developer.....

That being said, you do not want to run any temp file cleans on a computer that is infected. Temp file cleaners should only be run after the infection has been repaired. There are a lot of malware programs out there that hide files and folders and also move the start menu items to the temp folders. Cleaning out temp files before these items have been restored will only make the process harder to recover from the infection, or lead you to have to re-install the operating system.

post-2065-0-92797800-1392234217.jpg


Dell Precision T7500, Win7 Ultimate 64bit fully updated, McAfee Corp Edition v8.8,
Watchguard Firewall, Intel Xeon E5606CPU, Dual Quad Core Processors, 16GB Ram,
E5606 @ 2.13GHz, Nvidia Quadro NVS420, Raid-1 Dual 1TB Sata 10000 rpm Hard Drives
Dual DVD Burners, IE10, Opera, MBAM, MBSB, MBAE


#3 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,022 posts
  • Gender:Male

Posted 06 April 2012 - 01:01 PM

The solution should be simple enough, just have the user temporarily set Malwarebytes Anti-Malware not to start with Windows, reboot, then run the temp file cleaner:

Disable Startup.png

Once done clearing out the temp files, just have them reverse the option and enable the protection module again.

That all being said, I've run tools like TFC with Malwarebytes Anti-Malware's protection module active and didn't have any issues, though it's been a long time since I've done so (I generally just use CCleaner). I can easily see the system locking up if OTL and/or TFC are trying to kill mbamservice though, as it's simply unsafe to do so because it runs in kernel mode and can (and often does, case in point being the system freeze) lead to system instability if terminated after it has been started.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#4 Essexboy

Essexboy

    New Member

  • Members
  • Pip
  • 5 posts

Posted 06 April 2012 - 02:39 PM

Ah thank you I will try that next time

I must admit I do not get this problem on my system and OTL/TFC seem to work happily, I suppose it may well be system specific



@Firefox... Yes I am well aware of that but I clear all the temps after I am sure that there are no missing icons/shortcuts ;)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users