Jump to content

w0lfrun

Members
  • Content Count

    23
  • Joined

  • Last visited

Posts posted by w0lfrun

  1. 1 hour ago, exile360 said:

    Very good, did you get a chance to test to see if things are any better with Web Protection in the new build?  I'm curious to know if the issue was resolved as they did make a lot of changes and improvements to Web Protection in this release.

    Activated web protection and no slow ups, and the mbamtray icon actually loads a few seconds faster. Now with Exploit Protection I can verify that it's working in FireFox by using Sysinternals Process Explorer to verify that Anti-Exploit is embedded in FF by seeing the Mbae64.dll.. My question is how can I verify the same with Web Protection. I checked in Process Explorer and I don't see any entries by Malwarebytes pertaining to Web Protection. Would there be .dll there that I should be looking for? Other than the previous, FF is running well with Web Protection activated.

  2. On 6/3/2019 at 4:40 PM, w0lfrun said:

    Have activated the pro version of MBAM as I was just using it to do periodic scans. I have activated MBAM to startup with windows startup. My question is, how long should it take for the mbamtray.exe icon to appear? I have timed it and it takes anywhere to from 80secs. to almost a 100secs.. Is this normal? Other tray icons appear instantly so I am curious as it seems on the slow side. Windows 7 64bit system here.

    Have got the mbamtray icon to appear now down to around 37secs.. Have enabled "Delay Protection for 15 secs." and disabled "Enable Self-protection module" and running Malware and Anti Exploit protection only. Browser is Firefox running in the protection of Sanboxie. Also am back to using Spinx Windows10 Firewall free version. This old rig is purring along quite nicely now in Windows 7. 🙂

  3. 23 hours ago, exile360 said:

    Hehe, no worries, I can relate.  I held on to my old Smithfield Pentium D system for the longest time.  By the time I replaced it I'd rebuilt it like 3 times, transplanting it from its original Gateway BTX motherboard/case into a new case, swapped motherboards, added a second TV tuner, upgraded the RAM, added tons of additional drives/storage, added a second DVD-ROM drive and upgraded the graphics card like 3 or 4 times over several hardware generations (for gaming, obviously).  It started with XP Media Center Edition 2005 on it, I eventually installed a second boot partition to multiboot Windows Vista Beta 2 when it went public for testing and upgraded that through the various betas and release candidates and finally ended up installing Vista Ultimate x64 on it and ran it that way for years.  I actually fell in love with Vista and thought it was even better than XP (and still do, though you need the hardware to run it properly; too many early systems that shipped with Vista weren't really up to spec to run it well and driver support from hardware manufacturers was terrible for the first several months even though MS gave them more than a year to prep for its release as they had access to the internal alpha/beta builds and all the WDDM documentation/APIs long before the public caught wind of it and were still calling it Longhorn, not to mention NVIDIA's controversial issues with their laptop GPUs and drivers that caused many headaches that people blamed on MS/Vista when in fact it was a case of defective graphics chips produced by NVIDIA) and finally replaced it with a little 13" Samsung laptop with Windows 7 which I eventually replaced with a monsterous desktop replacement 15.6" laptop with a full desktop i7 CPU and discrete GPU (something similar to what I have now, though my current system is newer and more powerful).

    Anyway, regarding Comodo, here are the entries I'm seeing in your logs; it looks like several WFP entries are being left behind:

     

    
    	Registered WFP Filters
    ==================================
    FWPM_LAYER_ALE_AUTH_CONNECT_V4
    COMODO ConnectV4                                                     COMODO ConnectV4
    	FWPM_LAYER_ALE_AUTH_CONNECT_V6
    COMODO ConnectV6                                                     COMODO ConnectV6
    	FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4
    COMODO AssignmentV4                                                  COMODO AssignmentV4
    	FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V6
    COMODO AssignmentV6                                                  COMODO AssignmentV6
    	FWPM_LAYER_ALE_RESOURCE_RELEASE_V4
    COMODO ResourceReleaseV4                                             COMODO ResourceReleaseV4
    FWPM_LAYER_ALE_RESOURCE_RELEASE_V6
    COMODO ResourceReleaseV6                                             COMODO ResourceReleaseV6
    

     

    Interesting. Don't know how I would get rid of those entries as the comodo cleanup tool doesn't find them. That answers what is was saying about the sphinx firewall and the comodo problem. Just to add, after I used the avast cleanup tool, I noticed and new entry Avast in the registry HKLM\Software\Wow6432node that I couldn't delete. Even used the RegAssassine and it couldn't delete as it was hidden from it. Couldn't take control as there was error after error popping up. Anyway I did a re-image with macrium and case solved. Now as the firewall goes, I ditched Sphinx and now running MB Windows Control Firewall and all is well. My question is how can I see if those Comodo entries are still in the WFP log file?

  4. 46 minutes ago, exile360 said:

    Sounds good, please let me know how it goes, and if there is anything else we might assist you with please don't hesitate to ask.

    By the way, if you want any guidance or assistance with any of the more general PC stuff not specifically related to Malwarebytes, we do have a General PC Help area located here where you can post to seek advice and tips.  There are some very knowledgeable individuals around here who frequent these forums, including enthusiastic volunteers with many years of experience as well as Malwarebytes staff members who are always willing to lend a hand with diagnostics and troubleshooting as well as offering general computing advice.  It's totally up to you obviously, and you definitely seem to be pretty knowledgeable in your own right, but just in case you find it useful I figured I'd let you know about it.

    Thanks again. Ran avast, kaspersky and comodo clean up tools in safe mode. Avast found a lot of stuff to my surprise, Kaspsersky a moderate amount and comodo found nothing. ?? lol. I kind of think that windows10firewall control has/had a connection with comodo dns in some way. As I recall, others complained about in the windows10firewall forum. Just a thought. As far as the computer goes it is getting long in the tooth as I purchased it with XP on it. Am an old guy with an old computer. LOL. Cheers.

  5. 4 minutes ago, exile360 said:

    Thanks, it looks like it ran correctly that time.  I'm seeing a lot of AV references, likely leftover components/traces from past installs.  Some for Avast, Kaspersky, and there also appears to be at least one Group Policy restriction, though I'm not certain exactly what it is:

     

    
    GroupPolicy: Restriction ? <==== ATTENTION

     

    I also noticed UAC is not configured to its default setting:

     

    
    Consent Prompt Behavior Admin:  Off

     

    Those last two likely aren't related but I thought you should be aware, especially if you didn't make those changes yourself.

    That said, I think I've discovered the root of the problem.  Aside from having a pretty large number of security tools running at startup, you're running a pretty old system; a Pentium D from 2006 (I used to have the precursor to your model chip; the Pentium D 830 3.0GHz so I'm pretty familiar with its level of performance):

     

    
    Pentium(R) D CPU 3.40GHz

     

    Malwarebytes is a fairly demanding app, especially on startup and when launching scans as it has to load its various drivers and databases into memory, so that's likely the cause of the delay, just waiting its turn and doing its work to get its various components into memory while all those other startups are running, and since you've got a CPU that is limited to 2 threads and has relatively low IPC compared to most modern chips/systems, that likely accounts for the delays.

    As for the traces of those other AVs I found, if you want to try to remove them (I would if it were me), the following tools should prove useful:

    Avast Uninstall Utility
    Kaspersky Removal Tool

    Instructions for resetting UAC to its default settings can be found on this page if you wish to do so.

    The leftovers from COMODO probably either need to be removed by hand or by reinstalling the program temporarily then removing it normally via Programs and Features using its built in uninstaller, then if needed you can give the uninstall tool a shot again (I say this because you mentioned you already ran it, and also because they actually highlight that users should try the built in uninstaller first, and I suspect it is because they probably aren't thoroughly cleaning up every trace of the program which explains the leftovers we found):

    Comodo Uninstaller Tool

    Anyway, I hope this helps.  I realize it isn't likely to eliminate the performance issue you're seeing with Malwarebytes, but it still may help your overall system performance and it doesn't hurt to remove these leftovers from past AVs as they can lead to issues with other programs sometimes.

    OK. Thanks for the help and I will use the above tools to clean up the above mess.🙁

     

  6. 4 hours ago, exile360 said:

    Thanks.  Unfortunately it looks like the tool was unable to run some components due to being unable to access the internet.  If you wouldn't mind, please try running the tool again, this time ensuring that you are connected to the internet and that the tool isn't being blocked by your firewall then upload the new ZIP file.

    I also found references to these programs in your logs and it is possible that one or more of them is slowing down Malwarebytes so if you haven't excluded Malwarebytes/configured it as a trusted application in these programs, assuming they also launch on startup then that could also be a contributing factor:

    NoVirusThanks
    Sandboxie
    Windows 10 Firewall Control
    VoodooShield

    I also spotted references to COMODO, though I'm unsure what COMODO program is installed.  Also keep in mind that running too many security apps at the same time may also be affecting system performance as some combinations may not get along very well so you also might try disabling and/or removing each of those one at a time and restarting after each to see if removing or disabling any one or more of them helps.

    No other security apps are running but MBAM with only malware protection on. The MBAMtray.exe still takes app. 80 seconds to load. The new malwarebytes support tool download is in the above. Edit: just read your reply as I was typing this.

  7. 6 hours ago, exile360 said:

    Greetings,

    It depends on your hardware and the other startups on your system to a certain extent obviously, but that definitely sounds like longer than normal.  Please do the following so that we may take a look at your configuration to try and determine what might be the cause of the slow startup:

     

    1. Download and run the Malwarebytes Support Tool
    2. Accept the EULA and click Advanced tab on the left (not Start Repair)
    3. Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply

     

    Thanks

     

    mbst-grab-results.zip

  8. Have activated the pro version of MBAM as I was just using it to do periodic scans. I have activated MBAM to startup with windows startup. My question is, how long should it take for the mbamtray.exe icon to appear? I have timed it and it takes anywhere to from 80secs. to almost a 100secs.. Is this normal? Other tray icons appear instantly so I am curious as it seems on the slow side. Windows 7 64bit system here.

  9. On 11/15/2016 at 1:39 PM, siliconman01 said:

    This is on Windows 10 x64 Pro Build 14393.447 and with MBAM 3.02.1175 on a very fast desktop computer.  When booting up, the MBAM tray icon takes about 1 minute to appear and it appears with a notification that protect is not turned on.  If I click on Protection Settings, it shows all protection on.  If I then click on Turn On, the message closes and MBAM appears to be functioning okay.  

    Attached are FRST logs for this system.  

    FRSTLogs.zip

    RealTimeProtection.png

     

  10. Didn't think I should start a new thread so I'm just going to add to this one. I have been using MBAM 1.75 for a few years now. I did switch over to the 2 series off and on and kept going back to 1.75 mainly because of the high memory issues. I decided to take another stab at the recent stable version 2.1.8.1057 and the memory was rather high with PWS running around 110,000K. Ran it that way for a couple of days and the memory pretty well stayed the same fluctuating 110,000K to 140,000K. Perhaps this is normal ? Anyway I did a complete uninstall and installed the latest beta 2.2.0.1022 and  I noticed a reduction in memory from 110,000K to 140,000K now down to 78,000 to 82,000K PWS. Just thought I would share this with any who may be interested. Bottom line is that I am quite happy with this new beta and looks like a keeper for me anyway. I think my old friend MBAM 1.75 is finally disappearing to a speck in my rear view mirror. :cool:

    The PWS is in reference for mbamservice.exe

  11. Didn't think I should start a new thread so I'm just going to add to this one. I have been using MBAM 1.75 for a few years now. I did switch over to the 2 series off and on and kept going back to 1.75 mainly because of the high memory issues. I decided to take another stab at the recent stable version 2.1.8.1057 and the memory was rather high with PWS running around 110,000K. Ran it that way for a couple of days and the memory pretty well stayed the same fluctuating 110,000K to 140,000K. Perhaps this is normal ? Anyway I did a complete uninstall and installed the latest beta 2.2.0.1022 and  I noticed a reduction in memory from 110,000K to 140,000K now down to 78,000 to 82,000K PWS. Just thought I would share this with any who may be interested. Bottom line is that I am quite happy with this new beta and looks like a keeper for me anyway. I think my old friend MBAM 1.75 is finally disappearing to a speck in my rear view mirror. :cool:

  12. Has been quite some time since I posted in this forum as I have been using version 1.75 and had absolutely no problems with it. Great program version. Having tried various 2.0 versions and not being satifisfied with any of the past ones I had reverted back to 1.75. So now my question regarding notifications

     Rather than start a new thread I figured I post to this one as it does pertain to Notifications in a way although opposite to the OP question. 2.0.3.1025 seems to have settled in quite well now. Still wondering about the "Delay Protection at Startup" persists to remain checked after being unchecked  many times. Also I have "Show notification after successful update" box checked in Automated Update scheduling, Check for updates section. So far I don't see any notification other than in the Program Data, Malwarebytes logs or mouse over MBAM icon in lower tool bar. Clarification on these would be appreciated.

  13. I missed one portion as I was distracted and forgot to include it.

    Please click on START and type in CMD and when it shows on the menu right click and choose "Run as administrator"

    Then in the DOS console type the exact entry below in red and press the Enter key. You should get a Success message, if you do not let me know.

    NOTE: The start name includes the equal sign.

    A space is required between the equal sign and the demand value.

    sc config TERMService start= demand

    Then launch MBAM and check for updates

    Followed the instructions above and I did receive the Success message and the MBAM updates are working both manual and automatic. Thanks again for your help and thanks for the welcome to the forum.

  14. Windows 7 64 bit and using windows firewall. Did some tweaking with the firewall re Outbound Rules set to block and white listing certain programs allowed. Regarding Malwarebytes I have white listed MBAM, MBAMScheduler, and MBAMSevice, remote ports 83 and 443. Is there anything else that I should allow in the Outbound rules to fix auto updates? Manual updater works ok. Thanks in advance.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.