Jump to content


Photo

MBAM (Free) quick scan freezes on iresum.sys


  • Please log in to reply
12 replies to this topic

#1 welkin

welkin

    New Member

  • Members
  • Pip
  • 24 posts

Posted 23 November 2010 - 08:09 AM

I've uninstalled my MBAM, ran mbam-clean, and then installed the 1.50 beta test. It runs fine for about 2 minutes before freezes on iresum.sys. I could do nothing to shut down the program and had to manually restart my computer. Hope someone can shed light on what's going on and how I can fix this problem. Thank you!

#2 welkin

welkin

    New Member

  • Members
  • Pip
  • 24 posts

Posted 23 November 2010 - 08:21 AM

Unchecking the heuristic shurikan seems to have gotten around it; will post more details once the scan's done. I'll also try to reproduce the freezing when I come home from work tonight.

#3 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,017 posts
  • Gender:Male

Posted 23 November 2010 - 09:46 AM

Hi welkin :D

Thanks for testing. Please let us know how it goes as soon as you're able. Please also zip and attach a copy of iresum.sys when you return so that we can look into why it's freezing on that file.

Thanks :D
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#4 welkin

welkin

    New Member

  • Members
  • Pip
  • 24 posts

Posted 23 November 2010 - 08:01 PM

Hi welkin :D

Thanks for testing. Please let us know how it goes as soon as you're able. Please also zip and attach a copy of iresum.sys when you return so that we can look into why it's freezing on that file.

Thanks B)

So the test without herustic.shuriken finished.
When I re-ran it, this time it didn't freeze on iresum.sys, but instead on a couple different entries (tried twice, froze twice) in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components .

Which pointed to

C:\Program Files\OpenOffice.org 3\Basis\share\template\en-US\wizard\fax\bus-classic-pri_f.ott

and

00:\Roxio.RoxioCentral36\Shell\RCTools\Command\


Is there anything I should do to provide more info? Is it save to delete those entries and see if the scan continues?

#5 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,017 posts
  • Gender:Male

Posted 23 November 2010 - 10:11 PM

I wouldn't delete anything if I were you, at least not without first creating backups.

First please try the following so we can narrow this down:

  • Open Malwarebytes' Anti-Malware and click on the Settings tab
  • Select Scanner Settings
  • Uncheck the box next to Scan registry objects.
  • Attempt another scan and see if it still freezes

If it does still freeze you can do the following to create backups of the reg entries before deleting them:

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Note: If using Windows Vista or Windows 7 you will need to read the FAQ for additional precautions and instructions on proper use.

  • Please download ERUNT from here
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say NO to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Once that's done, you may delete those reg keys and try another scan, then, if it finishes this time, restore the registry to its former state by running ERDNT.exe.

Please also provide a copy of iresum.sys as I requested previously so that we can find out why it's freezing on that file.

Thanks :D
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,017 posts
  • Gender:Male

Posted 28 November 2010 - 11:53 AM

Are you still having this issue? If so, please post back as we really would like to look into this further with your assistance.

Thanks :)
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7 welkin

welkin

    New Member

  • Members
  • Pip
  • 24 posts

Posted 28 November 2010 - 07:38 PM

Are you still having this issue? If so, please post back as we really would like to look into this further with your assistance.

Thanks :)

Sorry, I went away for a couple of days for Thanksgiving.

I wonder if there's any randomization involved, because I just tried quick scan twice (with registry unchecked, shuriken checked), and it got stuck on two different files.
Also I went to look for iresum, I think I mistyped it and it should've been irenum. Attached are all three files that quick scan had been stuck on.

Thanks!

Attached Files



#8 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,017 posts
  • Gender:Male

Posted 28 November 2010 - 08:09 PM

I've sent you a PM. Please follow the instructions I provided and respond to it to let me know how it went.

Thanks :)
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9 welkin

welkin

    New Member

  • Members
  • Pip
  • 24 posts

Posted 28 November 2010 - 11:31 PM

I've sent you a PM. Please follow the instructions I provided and respond to it to let me know how it went.

Thanks :)

Attach result from autorun.

Attached Files



#10 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,017 posts
  • Gender:Male

Posted 28 November 2010 - 11:40 PM

I'm not seeing anything that stands out as a problem in your Autoruns log.

With the original beta, were you getting any freezing with Shuriken disabled or were all of the scans able to complete?
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#11 welkin

welkin

    New Member

  • Members
  • Pip
  • 24 posts

Posted 29 November 2010 - 12:40 AM

I'm not seeing anything that stands out as a problem in your Autoruns log.

With the original beta, were you getting any freezing with Shuriken disabled or were all of the scans able to complete?

Let me correct myself: With both beta I've gotten scans completed, with Shuriken disabled.

I haven't tried the original beta many times after it worked, however, with the new beta, I've also gotten it to freeze with Shuriken disabled.

I've seen it complete or freeze with the same settings now. The only thing that may be different is with different runs I may or may not have a couple other programs open (like a browser or an im client) at the same time.

I checked Dr. Watson's log directory, the files' timestamp were from a few days ago. I wonder if no dump file were created if I had to forcefully shut down my computer (i.e. pressing down the power button for N seconds)?

#12 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,017 posts
  • Gender:Male

Posted 29 November 2010 - 09:36 AM

Yes, if you had to force shutdown, it wouldn't create a crash dump unfortunately.

Please try the following (with Shuriken enabled):

Create a Process Monitor Log:

  • Create a new folder on your desktop called Logs
  • Please download Process Monitor from here and save it to your desktop
  • Double-click on Procmon.exe to run it
  • In Process Monitor, click on File at the top and select Backing Files...
  • Click the circle to the left of Use file named: and click the ... button
  • Browse to the Logs folder you just created and type MBAM Log in the File name: box and click Save
  • Exit Process Monitor and open it again so that it starts creating the logs
  • Open Malwarebytes' Anti-Malware and perform a scan. Once it freezes or locks up, terminate mbam.exe using Task Manager if you can (CTRL+Shift+Esc)
  • Close Process Monitor (or force a reboot/shutdown if you couldn't terminate MBAM and the entire system locked up)
  • Right-click on the Logs folder on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
  • Please attach the Logs.zip file you just created to your next reply, or if it is too large, please upload it to Rapidshare and post the link to the download
Thanks :lol:
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#13 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,017 posts
  • Gender:Male

Posted 29 November 2010 - 12:14 PM

You might also try a scan in Safe Mode to see if that makes a difference:

Boot into Safe Mode:
  • Restart your computer.
  • When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with the Windows XP Advanced Options menu.
  • Select the option for Safe Mode using the arrow keys.
  • Then press Enter on your keyboard to boot into Safe Mode.

You should then be presented with the Windows XP Login screen. Log in to Windows and when it prompts you about Safe Mode and asks if you'd like to continue click Yes.

Once in Safe Mode, try another scan with MBAM and see if it still freezes up or not and let me know.
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users