meeshu

Running Windows 7 64 bit SP1 with Malwarebytes version 4.5.29. Doing custom scan of C: drive. Problem is that Malwarebytes is taking a long time scanning "startup items". It has been scanning "startup items" for about 4 and a half hours now!? I don't recall Malwarebytes (earlier versions) taking so long to scan the entire system previously. Should "startup items" scanning take a long time to complete (now)? Or is Malwarebytes possibly bugged? In any case I'm going to stop/cancel the scanning shortly if Malwarebytes fails to finish scanning startup items and move on to the next area to scan (the registry).

Presumably no one knows why?? The issue has now been resolved by using the least desirable method to "fix" the issue.

This one is for an EXPERT in Windows XP operating system, I think. Running a triple boot system with Windows 7 32bit SP1, Windows 7 64bit SP1, and Windows XP Pro 32bit SP3. It IS possible to boot into Windows XP Safe Mode by pressing the F8 key after selecting which operating system to boot into from the multi-boot start up menu. However, when Windows XP has booted up under usual circumstances (Normal Mode), XP will NOT boot into Safe Mode when modifying the Boot.ini settings (selecting SafeBoot and Minimal boot option for example) under msconfig, and restarting. The computer always boots back into Normal Mode despite Boot.ini settings being set to SafeBoot etc!? I've run numerous anti-malware/anti-spyware programs (and some "minor" issues were found and fixed), but otherwise no (major) issues found. Also ran CHKDSK and SFC, but no errors found. Why will Windows XP not boot into Safe Mode after changing the boot settings in Boot.ini (via msconfig), and restarting the computer? This is really odd behavior.

OK. Tried to download SVRT (Sophos Virus Removal Kit), but had considerable difficulty! Download speed was around 1 kB/s ONLY! And download cut-out/stopped and didn't resume either. Tried to download again a bit later, but still only got ~ 1kB/s speed!? So I cancelled the download. Downloaded SVRT and also KVRT (Kaspersky Virus Removal Tool) via a local Internet Cafe. Installed/ran SVRT, but it was quite slow in scanning and it scanned ALL my drives when I only wanted it to scan the boot drive. Eventually stopped the scan and quit the program, it was taking too long. Ran KVRT. It found two non-viral "threats" only (PC_Hunter.exe). But PC_Hunter is a legitimate program, so I didn't remove it. Otherwise there were no other issues found. So it seems my boot drive is now probably clear of any malware. Thank you!

JRT scan result - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.3 (04.10.2017) Operating System: Windows 7 Professional x86 Ran by Administrator (Administrator) on Thu 13/07/2017 at 18:52:13.93 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 16 Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJ3NMADD (Temporary Internet Files Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3I84U77 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KC1QA0SO (Temporary Internet Files Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ONFWPA4J (Temporary Internet Files Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PNCLSQXE (Temporary Internet Files Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U4ES9X9N (Temporary Internet Files Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W90DPVST (Temporary Internet Files Folder) Successfully deleted: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z7SI7621 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JJ3NMADD (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3I84U77 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KC1QA0SO (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ONFWPA4J (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PNCLSQXE (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U4ES9X9N (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W90DPVST (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z7SI7621 (Temporary Internet Files Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 13/07/2017 at 18:53:10.81 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner scan result - # AdwCleaner v6.047 - Logfile created 13/07/2017 at 18:58:56 # Updated on 19/05/2017 by Malwarebytes # Database : 2017-07-11.1 [Server] # Operating System : Windows 7 Professional Service Pack 1 (X86) # Username : Administrator - MINE-PC # Running from : C:\Users\Administrator\Desktop\adwcleaner.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** No malicious task found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Web browsers ] ***** No malicious Firefox based browser items found. No malicious Chromium based browser items found. ************************* C:\AdwCleaner\AdwCleaner[S0].txt - [1172 Bytes] - [10/07/2017 14:55:59] C:\AdwCleaner\AdwCleaner[S1].txt - [1093 Bytes] - [13/07/2017 18:58:56] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1166 Bytes] ########## Sophos Virus Removal Tool is a large file (~ 160 MB), and as I'm on a dial-up internet connection, this download will take quite a few hours! I'll post results when I can, but will not be until tomorrow. FRST scan results will follow once Sophos VRT has been run.

MBAM is now running again!! What I did was to run Tweaking.com Windows Repair All On One Utility with 'Repair WMI' and 'Remove Policies Set By Infections' and a few other settings as well. That did the trick! The settings were courtesy of someone else on another forum. It appears that the malware had caused some issues related to WMI, so I tried WRAIO again, and it worked! MBAM found a couple of Trojans which were removed. To be sure all malware is clear, I'll run several other anti-malware programs as well. If there are any further issues I'll report back ASAP.

Hello Aura! Thanks for your assistance! But this issue is already being looked into by AdvancedSetup here - I thought that this thread here had been merged with the above thread (by AdvancedSetup ?). It appears that there may be some files "missing" which is causing MBAM not to run. I am awaiting further details from AdvancedSetup, hopefully sometime today. Not sure which is the best way forward? Should this thread here be merged with the above thread? Or should this thread be closed or deleted? Sorry for any inconvenience!

Thanks for the comments! I've already downloaded and used MBAM Clean several times previously, but to no avail. I've also downloaded MBAM-Check. I've tried overwriting the existing MBAM installation with the latest version of MBAM. I've just now re-run MBAM-Clean and reinstalled the latest version of MBAM. And I've tried running MBAM in Safe Mode as well, but again MBAM will not run; and continue to get error message - "Unable to start" "Unable to connect the service" Here are the latest scan logs of MBAM-Check and FRST, even though they were not specifically requested (yet). mb-check-results.zip FRST.txt Addition.txt

I had difficulty in downloading KVRT from Kaspersky website because the file is around 100 MB, AND I'm on a slow internet connection. The downloads ultimately stop downloading before the downloads are complete, and there is no resume function either, apparently. Had to download slightly older version of KVRT from another site. Anyway, initial KVRT scan found a Trojan which was then removed. Computer was rebooted, and additional KVRT scan found three more malware entries which were removed as well. Unfortunately MBAM (version mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251) still fails to run with the error messages "Unable to start" and "Unable to connect the service"!

Thanks for the response! Ran MBAR from the desktop. 5 malware items were found and then supposedly cleaned. Malware was mostly "Ransomware.Wannacrypt" I think it was. Rebooted, but MBAM still will not run (error message "Unable to start" "Unable to connect the service")! And CPU load still jumps to 50% (due to 'WmiApSrv.exe' within 'C:\Windows\Fonts' directory according to Windows Task manager). I can stop this WmiApSrv process temporarily via Windows Task Manager, but this process always restarts no later than a few minutes after stopping it!?

Still can't get MBAM to run! MBAM version mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092 ran OK initially, then one day decided not to run any more with message "Unable to start" and "Unable to connect the service". Tried uninstalling, reinstalling, using MBAM Clean and rebooting and even installing version mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251, but MBAM still will not run! Ran system checks (up to ~ 4 times) such as CHKDSK and SFC, but neither found any issues with my computer. There was apparently some malware on my system, and my previous thread at these forums was then redirected to the malware removal section. Unfortunately no one responded in the malware removal section to this malware issue after three days, so I sought assistance elsewhere. And as of this writing, after about 5 days there still hasn't been a response here in the malware removal section, despite 100's of views!? Malware was apparently removed using various software, but MBAM still does not run. MBAM check result , and FRST scan results enclosed. mb-check-results.zip FRST.txt Addition.txt If malware is still present, then please do not redirect to the malware removal section unless it can be guaranteed that there will be a response this time from a helper, please!!

This is in relation to - There has not been a response to that thread, yet, from an anti-malware helper!!?? In addition I'm unable to post an update/add a reply to that thread!? I've already done some attempt at malware removal, but there is still an issue with my computer. On further investigation, although the service WmiApSrv.exe has been "stopped" (under Services under Windows Task Manager), a file with the name WmiApSrv.exe is running under Processes (under Windows Task Manager). I can stop this process, but eventually it returns and loads the CPU to 50%. Additionally, another WmiApSrv.exe process may also occur which then loads the CPU to 100%! The location of this "process" is within C:\Windows\fonts, which I suspect shouldn't be there and is possibly some sort of malware. Also, MBAM will still not run, get error that "Unable to start" and "Unable to connect the service". I have already used MBAM clean to remove MBAM, rebooted the computer and (re)installed MBAM, but again MBAM will not run with the error messages appearing again! Latest FRST scans included (waited until the "Process" WmiApSrv.exe occurred first before re scanning) - FRST.txt Addition.txt

Files attached as requested. Thanks. mb-check-results.zip FRST.txt Addition.txt

Running Windows 7 32 bit SP!. Installed MBAM version mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092 a few days ago and it ran fine after installation. But it failed to run as of yesterday or so; keep getting error message that "Unable to start" and "Unable to connect the service". MBAM failed to run, despite trying to run under Safe Mode as well. Tried MBAM-clean exe, and rebooted, and then reinstalled the above MBAM, but again it fails to run with error message appearing again! Ran MBAM-clean exe again and installed MBAM version mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251, but this version also failed to run with the error massage appearing once again!!?? Tried running SUPERAntiSpyware, AdWCleaner, RogueKiller, and maybe one or two other similar programs, but no malware (of concern) was found. Ran Tweaking.com - Windows Repair program a few times after the first time I received MBAM error message, and before installing the latest version, but it didn't seem to help. No hardware changes were made to my computer, but there were a few programs added/uninstalled around this time (mainly anti-malware), so that might have caused some issues with my system, which in turn may have effected the running of MBAM?? Ideas?

Thanks to those who have helped. Fortunately, MBAM has not been purchased, so there is no financial loss involved. Downloaded MBAM 2.1.8.1057 (again) via a download manager and had little or no difficulty downloading this file. But downloading updates still seems to be a problem, possibly because of my slow internet connection to the not so forgiving updating servers. Actually been having similar difficulty in trying to update another anti-malware program, with the updating servers cutting out and not resuming either. But as mentioned previously, MBAM can be still used immediately from a clean install, and as long there is no active internet connection when MBAM is run. Also it is just possible to download "mbam-rules" which provides some degree of updates but these updates lag behind current updates via MBAM automatic updating. So all is not lost.