Jump to content

Winter

Members
  • Content Count

    70
  • Joined

  • Last visited

About Winter

  • Rank
    Regular Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I wondered if it would do that. I'm not sure that would help. On the one hand, I make sure both MBAM and Defender each are told to ignore the other, but on the other hand, that doesn't mean they're not butting heads in the background. I'll install using the latest version and give this feature a try. Thanks @Porthos !
  2. Okay, Windows 10 has recently made some changes to "Windows Security" (meaning "Windows Defender and all the many bolted-on features that Microsoft has been adding, like Controlled Folder Access"). One of the changes I noticed on another machine is how in Settings --> Security in MalwareBytes, I can choose Always register MalwareBytes in the Windows Security Center. Would anyone know if that would make a difference?
  3. Hats off to false positive support - within minutes I got a reply that they're fixing the MediaMonkey thing, and before the day was out, I had an update to MBAM and discovered a more recent update to MediaMonkey that I hadn't noticed before. On this thread, Slow Operations, I'm still struggling. I allowed Beta, let the Beta version install, and even after reboots it slowly ground to a near-halt. Disable Malware Protection, performance improves, but then slows a bit again (just not as bad as it is when both Malware and Ransomware are enabled). Then disable Ransomware also, and with both disabled...still running into periods of slowness or outright freezing, particularly when loading pages for the first time, opening new tabs, or accessing menus on a website. I'm going to uninstall this with the tool again for now. When we have a version newer than the Beta or someone has a new suggestion, just let me know and I'll be glad to try it.
  4. You're welcome @miekiemoes ! Happy to help.
  5. @ADMVMLBTS I can understand, I'm just sorry to hear it. I currently run 10 licenses in my home (and one on my phone) and thankfully (*knock on wood*) this Surface Pro 4 is the only machine that's getting beaten up by it. I'm a tech nerd who likes to solve problems, so I'm still holding on to my hopes. On a side note, I came to MBAM after 10 years of being a loyal Avast! customer...their practices got pretty ugly in 2014 so I don't recommend them to anybody (even last year I ran afoul of chaos they created on a machine of mine, so I'm still in that same boat). Best of luck to you!
  6. Thanks @danull! I will. @Porthos I also see your suggestion (for this specific thread) of trying the latest Beta to see if the performance problem goes away. I'll give that a try today. Thank you all! I'm certain this will eventually get resolved.
  7. I used the 3.x tips, but I agree with you - it needs to be updated. I had to dig. @danull - thanks for that 'report' screenshot - I'll use that in future. In the meantime, if you're trying to adapt the instructions, you can open MBAM, then click Detection History on the left And when you hover over a line item, one of the icons will be to download the report: Hope this helps! I may suggest this to the folks out on that thread too.
  8. Thanks @Porthos - I have submitted that one here: https://forums.malwarebytes.com/topic/260531-mediamonkey-and-com-elevator/
  9. Hello all: user @Porthos suggested I post this here. It's a potential false positive. The program MediaMonkey is still an actively updated app, but (I speculate that) its codebase is old enough that it needs to Run as Administrator in Vista & later versions of Windows, so as the Windows shortcut launches the program, it also launches (and prompts the user to elevate) an executable called COM Elevator (presumably allowing various COM calls to properly integrate the app within Windows). I've been running it for years, always on the latest version, and had MBAM on my machine for a while. It recently flagged MediaMonkey and some registry keys that I believe are related to MediaMonkey as Malware Threats. At this time I've taken no action, so these aren't quarantined. I'm also concurrently troubleshooting an unrelated general performance problem and for that reason I have Malware and Ransomware detections disabled (thread here: https://forums.malwarebytes.com/topic/258637-slow-operations/ ) Attached is a report from the last scan, a results set from the support tool, and multiple MediaMonkey files that are likely related. For example, the COM elevator, a service executable, what I suspect is a rights elevation executable, and the "non-skinned" exe refers to the ability for the user to choose to use the Windows theme or override it and use a MediaMonkey theme/look. Hope this information is helpful to you. I only use MediaMonkey to be able to meta-tag and thumbnail my podcast episode uploads, so I'm willing to just ditch the program altogether if there's something else that can do this...but since I'm not the only one using it, I'm also willing to help solve the problem if that would be useful to MalwareBytes. mbam-report-2020-0604.txt mbst-grab-results_2020_0608.zip MediaMonkey-files-zipped.zip
  10. Update! @Porthos I decided not to time-travel until I could give at least one more version update of MalwareBytes a chance. On 5/26 I got a prompt that MalwareBytes had an update that required a restart of the computer. Restarting surprised me with a Windows 10 update that was one of the biggies: KB4556803 https://support.microsoft.com/en-us/help/4556803/windows-10-update-kb4556803 I'm a little weirded out that this says it's an Insider Preview Build, so I'm looking into why this machine would be so close in on the build ring (the Insider program tells me this machine is set to 'Slow', but I thought I was an 'outsider' on this machine). After the reboot, I re-enabled everything. Things seemed to be working okay for a few days, even when on 5/28 I got a Surface Firmware update (109.3192.768.0) and then on 6/1 it started messing with my startup and slowing the system down again (and once again, disabling both Malware Protection and Ransomware Protection solved the problem). This morning I got a scan result with flagged malware (I think a false positive - more below) Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 6/4/20 Scan Time: 2:47 AM Log File: 42ffdbde-a62f-11ea-a3b8-bc838513b192.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.920 Update Package Version: 1.0.24982 License: Premium -System Information- OS: Windows 10 (Build 19041.264) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 309180 Threats Detected: 10 Threats Quarantined: 0 Time Elapsed: 3 hr, 11 min, 40 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 9 Malware.Generic.3986516729, HKLM\SOFTWARE\CLASSES\TYPELIB\{73522161-1B12-4D88-81DB-2C07C771F107}, No Action By User, 1000000, 0, , , , Malware.Generic.3986516729, HKLM\SOFTWARE\CLASSES\INTERFACE\{46D5CFD3-8AA0-473E-9099-AE1394214076}, No Action By User, 1000000, 0, , , , Malware.Generic.3986516729, HKLM\SOFTWARE\CLASSES\INTERFACE\{6884992D-C19A-47D2-AADC-9749E7C72AB4}, No Action By User, 1000000, 0, , , , Malware.Generic.3986516729, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{46D5CFD3-8AA0-473E-9099-AE1394214076}, No Action By User, 1000000, 0, , , , Malware.Generic.3986516729, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6884992D-C19A-47D2-AADC-9749E7C72AB4}, No Action By User, 1000000, 0, , , , Malware.Generic.3986516729, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{46D5CFD3-8AA0-473E-9099-AE1394214076}, No Action By User, 1000000, 0, , , , Malware.Generic.3986516729, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6884992D-C19A-47D2-AADC-9749E7C72AB4}, No Action By User, 1000000, 0, , , , Malware.Generic.3986516729, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{73522161-1B12-4D88-81DB-2C07C771F107}, No Action By User, 1000000, 0, , , , Malware.Generic.3986516729, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{73522161-1B12-4D88-81DB-2C07C771F107}, No Action By User, 1000000, 0, , , , Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.Generic.3986516729, C:\PROGRAM FILES (X86)\MEDIAMONKEY\MEDIAMONKEYCOM.EXE, No Action By User, 1000000, 0, 1.0.24982, 40F9E942D9294A5CED9D6AF9, dds, 00749328 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Looking up these registry keys, they tie into a media player I use called MediaMonkey. I'm on the latest version, but it's an old program that runs with a helper app called the COM Elevator - looking up these registry keys keeps getting me back to a conversation thread where someone else's product was falsing on MediaMonkey. So I'm holding off on quarantining these for now, but I wanted to share and get this group's opinions. Thanks everyone for your help along the way! @LiquidTension
  11. Thanks for this! I'm pondering the idea. Not sure if I'll time-travel or stick with latest & not-so-greatest, but if I do go this route I'll let you know how it goes. This is really helpful!
  12. @LiquidTension @exile360 @Porthos just checking in. Still running with Malware Protection and Ransomware Protection disabled. This state works but still breaks Windows Hello. *some* MBAM is better than none!
  13. Re-enabled my basic startup stuff and am no longer in 'clean boot' state (for now). No difference in performance, things work as long as Malware Protection and Ransomware Protection are disabled. If only one is disabled, it seems like I *may* or *may not* have the slowdown at any given point in time. Since the issue isn't making MBAM itself run high, but instead is cranking up Interrupts...does this have anything to do with the fact that anti-virus/malware apps need a low level of access to resources and (if this is still true?) pre-load underneath the OS layer? I mean, I guess if that's the case and it's just spamming Interrupts at the OS, I'd likely see DPC / Watchdog violations I guess. But! I'm just speculating, and I'm not a @LiquidTension or any other flavor of developer-type anymore. I'm here, I'll be around if you want me to try anything else, and for now I'll just keep running with both the things turned off.
  14. @LiquidTension that was quick! Lightning-fast reboot once Malware Protection AND Ransomware Protection are disabled. Log file attached. mbst-grab-results.zip
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.