Jump to content

exile360

Experts
  • Content Count

    22,247
  • Joined

  • Last visited

About exile360

  • Rank
    exile

Recent Profile Visitors

114,549 profile views
  1. Yes, it could be some change they've made to the signatures. There is something more we can try to see if it does provide any useful data for the Developers. If you open Malwarebytes and navigate to Settings>Application and toggle the setting under Event Log Data to On and then perform another scan, that may provide more useful data for them. Once the scan is done you may disable the option under Event Log Data again (you don't want to leave it on as those logs can get very large very quickly, wasting a lot of disk space). Once that's done, go ahead and run the Support Tool again and provide the ZIP file it creates and it will contain all the new logs, including the Event Data Logs created by Malwarebytes.
  2. That's a good idea. They do have a lot of debugging stuff built into the code already, but I don't think they have anything measuring scan performance/issues like this, so if they could implement something like that it could definitely prove useful, especially since one of the things they pride themselves on is how fast the scan engine generally is. I will suggest it to the Developers.
  3. That's OK, go ahead with the rest of the instructions to post in the malware removal area and one of our malware removal specialists will assist you. It could be that an infection is preventing it from working or else it's just some kind of bug with the latest version of ADWCleaner. I'll be sure to report it to the Developers for analysis, but in the meantime I just want to make sure that your PC gets cleaned up.
  4. Yes, many AV's keep drivers and services active even when protection is disabled so that they don't really stop monitoring, they just don't flag anything so I would suggest giving it a try with Panda removed if you don't mind just to make certain we've fully eliminated it as a possibility.
  5. Looks pretty fast to me Yep, I suspect your hunch about Panda is correct. What happens if you disable or uninstall it temporarily and then run your scan with Malwarebytes? Does it improve? If so, then it's also possible that Panda made some changes in a recent update that may be causing this, but hopefully exclusions will resolve it; if not then you may need to report it to them and hopefully they will be willing to investigate and correct the issue.
  6. I was dubious as well, but I suspect their reasoning for doing so is twofold; first, they probably already have something in-house that they have developed that is superior and renders Ghidrah obsolete; second, it's likely that given their no doubt massive workload just dealing with hack attempts from hostile governments, organized crime and independent blackhats and blackhat organizations (not to mention all the mass surveillance operations they're always managing; something I'm not a great fan of being an advocate for privacy), they probably figured it would be good to put a tool like this into the hands of the public/whitehats/malware researchers to help discover and mitigate vulnerabilities in the code of commonly used tools/applications/systems/devices etc. and to better stay on top of the rather devastating, run-of-the-mill threats like ransomware that always have the potential to bring any business or government systems/organizations to a screeching halt should they evade detection, and I suspect they have more important (to them at least) things to do with their time than spend all day analyzing malware to develop their own in-house AV signatures and detection/mitigation tools, so they pass this off to the public in the hopes that the off-the-shelf malware defense solutions they use will do a better job at keeping their networks secure.
  7. Yes, Panda is a definite possibility. If it is doing a simultaneous analysis of the objects being scanned by Malwarebytes during scans that could definitely slow things down. Please let us know how it turns out. Thanks
  8. Greetings, According to your logs there appear to be some adware/PUP items still installed in your Chrome browser so I would recommend first trying to run a scan with ADWCleaner and having it remove anything it detects, restarting your system if prompted to do so to complete the removal process. Once that's done, repeat the process until no more threats are found and do the same with Malwarebytes by opening Malwarebytes and clicking Scan Now, again restarting if prompted to complete the removal process. If the issue still persists then please follow the instructions in this topic and then create a new thread in the malware removal area including the requested logs and information by clicking here and one of our malware removal specialists will assist you in checking and cleaning the system of any remaining malware/adware/PUPs as soon as one is available. Good luck, and if there is anything else we might assist you with please don't hesitate to let us know. Thanks
  9. Yeah, if using a large HOSTS file you need to disable the DNS Client service (and there are alternatives you can configure to use as a local hosts server to replace its functionality so you don't lose any browser performance, though I personally just use 0.0.0.0 rather than 127.0.0.1 to improve browsing speed when sites are blocked). As for Windows 10, the last I heard Microsoft actually doesn't let you edit the HOSTS file so I can't speak to that, but I've been using a large HOSTS file for years ever since XP and I currently have over 900,000 entries in my own HOSTS file on Windows 7 x64 and it's never caused me any problems.
  10. Greetings, Assuming these are the default Threat scans then it definitely shouldn't be taking that long, though if you haven't done so already, deleting your temp files etc. may help, either using the tools built into Windows and your web browser(s) such as Disk Cleanup and the options for deleting your temporary internet files/caches/history etc., or through a specialized tool such as CCleaner. Other than that, sometimes the Research team does add new signatures to the database that may alter how Malwarebytes analyzes some files, resulting in higher resource usage and thus increased scan times overall, however on my own system I haven't noticed a great increase in scan times recently (still around 40~50 seconds total for a Threat scan, though I have a very fast SSD and a fast 4 core/8 thread CPU, all of which contribute to faster scan times). With that said, it may also be a sign of a failing disk so backing up your data if you haven't done so recently might be a good idea (I noticed you have Macrium installed, so I'd recommend going ahead and creating an image backup of the system on a separate drive just in case this one fails at any point so that you don't lose anything). Additionally, it would be a good idea to make sure that you have exclusions configured between your security products so that they don't interfere with one another. The list of items to exclude in your AV for Malwarebytes can be found in this support article and instructions on excluding other programs from Malwarebytes can be found in this support article under the Exclude a File or Folder section. If that still doesn't resolve the issue then it might be a good idea to try a clean install of Malwarebytes to see if that helps: Run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here If the problem still persists, and if you suspect that the system may be infected with malware (which is also a possible cause, especially if you're seeing general performance issues, including with other software on the system) then you should follow the instructions in this topic and then create a new topic in the malware removal area including the requested logs and information by clicking here and one of our malware removal specialists will assist you in checking and cleaning the system as soon as one becomes available. Hopefully that helps, and please let us know how it goes. Thanks
  11. You're very welcome. If there's anything else we can assist you with just let us know.
  12. It isn't on my system at least, though I just turned it on (I normally keep it off). I'll reboot my rig and see if this issue still persists, but yes, it's supposed to protect Malwarebytes from being tampered with or terminated.
  13. By the way, you can find more info on the machine learning component and how it flags things (as well as further tips on how to avoid it when building your programs) in this post from the Malwarebytes Director of Research.
  14. Yes, I've requested in the past that they offer a 'restore and ignore' function to Quarantine to allow items to be restored and added to exclusions in a single click and also to provide the option to restore/exclude an item pre-reboot and edit or delete the DoR script accordingly so that the item(s) which were removed by the user do not get deleted on reboot but it would probably be quite tricky to implement. Still, I will point them to this thread for reconsideration and hopefully it's an area where we will see some usability improvements in the future. Thanks for your feedback. Also, just in the meantime, a tip when dealing with the machine learning component: it doesn't like unsigned files or files with inappropriate version information (like files signed by Microsoft/from Microsoft Corporation etc. when they are not) which can make it tough on independent developers, so the best solution is to generally just exclude your entire working directory for your projects that way it doesn't flag any of your executables. I'm sure you've already done this but thought I should write this anyway for anyone else who might come along with a similar issue.
  15. Hmm, I think I just found a bug. While Malwarebytes does restart itself as it should if terminated, I am able to kill any of its processes via Task Manager even with self-protection active. I'll have to report this to the team for analysis because unless something has changed with their implementation, that should not be possible if it's working correctly.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.