Jump to content

Treadstone

Honorary Members
  • Posts

    47
  • Joined

  • Last visited

Reputation

2 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Roger. It certainly caused me some pain and frustration. Thanks again Exile you’re an absolute champion.
  2. Thanks Exile, What is dumbfounding is what triggered all this given MB and Win Defender ran in parallel for several years prior and this problem never presented itself before last month. At the end of this journey I am not one to dwell on the trigger though given the problem is now seemingly solved and it was never optimal for me to be running both in parallel in the first place. I appreciate your unrelenting drive to assist in finding the problem. The level of help you proceed is rare these days and I thank you for the time you took to attack the problem.
  3. Hi Exile, Ok to be particular... in the context of proper methodical testing I’m probably being irresponsibly premature in posting this early (it’s only been 2hours and 10mins) but I wouldn’t post if I wasn’t convinced. I think we’ve finally won and the culprit, seemingly... Windows Defender. Although it’s sole purpose is to defend, understandably given the month long time frame of this troubleshooting process, I now hold a newly found contempt for it Windows Defender. Since we last spoke I did the following: - Reimaged the machine using a backup saved only a month prior to the problem starting. I held off installing the plethora of updates (both Windows and Malwarebytes) while I tested the drives to try and weed out the problem. Amazingly, the problem persisted which to me is completely non sensical. - I then installed all updates for Windows, M.B and a few other applications and tested it. The problem persisted. A work colleague who was very helpful in giving me advice on the whole subject explained to me I’d never be able to ultimately prevent power shell from running even though I turned off Powershell 2 in Windows. (If you remember powershell ‘appeared’ to be the primary offending process). He suggested I start looking at my hardware and so I then became committed to buying a new powered hub even though mine ‘appeared’ to be working fine. I figured it was definitely worth a try. At the last minute before doing this, I couldn’t help reflect on the two other seemingly offending processes which were Wmiprvse.exe and MsMspEng.exe. I focused on MsMspEng (Windows Defender) and commenced reading even more forums about its unwanted appearance at irregular times which seemed to conflict with user’s PC settings. This ultimately led me (and I can’t remember where) to posts explaining how to disable Win Defender in Windows 10. This then further led me question why my Win Defender wasn’t disabled by default given I have M.B installed and in turn to question why I should even have to go down this road of trying to disable it manually with a few tweaks (likely registry). I soon established I needed to force Windows 10 to recognize the installation of M.B because apparently Win 10 is known to occasionally not recognize the presence of a few anti malware and AV providers and unnecessarily run Defender in parallel. I added a new registry DWord and associated value to force Windows 10 to do this before rebooting and testing if Defender stopped. It did not. This then led me to the embarrassing realization there may have been a Malwarebytes GUI setting I stupidly toggled upon install two years ago which as a biproduct forced defender to run at the same time as M.B. Sure enough there was. I toggled this and rebooted. After reboot, finally Defender stopped and I was additionally able to see the ‘stop Win Defender from running periodic scans feature’ within Windows security settings. This was already toggled off when I arrived at it. I then promptly removed the unnecessary new DWord I’d placed in the registry confident that the Windows lack of MB awareness was due to my user error in the MB setup two years back (which from memory I think I toggled because I thought it provide more robust security in having two separate products working in tandem). I rebooted again after removing the registry tweak and Windows security finally said for the first time it recognizes that Malwarebytes is installed and running. Because of this, Defender finally took a backseat and stayed off. While the drives were idle (not spinning) I ran sysinternals process monitor filtering for all 5 drive letters. The drives continued to spin (this pissed me off). My gut told me process monitor was causing this (even though this sounds like lunacy). I shutdown process monitor and the drives stopped spinning. While making sure the room was completely silent (so I could hear any spinning start) I sat doing jobs on my phone and discussing the details for something unrelated for a period of what has now amounted to 2hrs and 15mins. During this time, the hard drives did not spin up once and still haven’t at the time of writing this. This is the longest period of success so far! If you recall.. they (all 5 drives) would have spun up and down repeatedly probably a minimum of 8-9 times during this time period when the problem was occurring over the last month. I finally feel comfortable leaving the drives plugged in (the way they have been for several years) and will continue to monitor and provide absolute confirmation in coming days. If you have any thoughts please don’t hesitate to share them with me.
  4. Roger. All tasks performed and re-booting now ready to monitor. If this fails I think it’s advisable to wait for another Windows update to see if it’s remedied before going down the path of editing the registry to disabling Defender good and proper don’t you?
  5. As per PM, tried in reverse order. Disabling Defender had no effect though I didn't re-boot. Should I need to after toggling Defender off though? Now attempting drive uninstall instructions you sent.
  6. It did not, and Win 10 wouldn’t even display that as a process in Task Manager’s running process list for me to kill it. So I just forcibly removed it and have now left all drives unplugged.
  7. Thank you, phone charges if I and others reboot it twice before plugging it in to a charger. Yes... I’m hearing Android calling me as a potential new customer. As I went to remove the drives on my Dell just now, I saw MsMpEng.exe (Windows Defender) was locking up one of the drives while it was not being used. I’m adding exceptions to defender for all 5 drives now to see if that has an effect.
  8. Unfortunately the drives continue with their random spin ups. After 24hrs of this activity and associated monitoring, I’m going to unplug them all again. All I can think of is to keep them unplugged for an extended period of time and hope that either a future Windows, or potentially Malwarebytes release gets them back to behaving how they have been for the last few years which was lying dormant and spun down unless intentionally accessed by the user (myself). It just appears to be a bad tech month in terms of problems. iPhones including mine are sporadically not charging since the iOS 14.2 update. It’s plaguing users (visible here). https://discussions.apple.com/thread/251811831?login=true&page=2 Friends of mine and work colleagues are included in the victims of this failure with ppl having thrown out perfectly good chargers in response, all before they knew. Yet... not a peep from Apple so far as far as acknowledgement or a bug fix destined for this Monday’s coming release of iOS 14.3. With multiple significant tech problems on different platforms arriving in life at once, and each causing sustained irritability... one can only laugh to stay sane :) Any new ideas you have in the drives issue Exile I will of course receive an alert, read them and apply to test right away. Thank you for all your help to-date. I cross my fingers we don’t have to concede to defeat and some way, some how this will be solved.
  9. Is set the timer for three of the drives but sadly my two older WD drives RED SUN and WRETCH are not compatible with this software so my application of this setting to three out of the five drives doesn't allow for consistency in testing.
  10. As a side fix attempt am wow installing WD Drive utilities because one forum said WD drives completely ignore Windows 10 Power Options settings to power down drives after the amount of minutes you input. The fix they said was to download this program which allows you to set the time for WD drives to spin down (Worth a shot I guess) strangely i never needed this before though. WD Drive Utilities for Windows File Size: 15.7 MB Version: 2.0.0.76 Release Date: 08/24/2020 | Release Notes
  11. Should I disable scanning for rootkits in Malwarebytes and see if that makes a difference? I can't think of anything else and am not sure where to go from here Exile...
  12. I'm convinced it's Malwarebytes. After a re-boot with Malwarebytes activated, the drives did not spin up for 40 mins becuase I started a stop watch (except for spinning up once when Windows started). I then wanted to see if I could get the problem to rear it's head, by performing daily tasks like locking my work station (as I do when I got to work). After ten minutes of it being locked (and still while locked) all 5 drives drives spun up for around two minutes. This was 50 mins after boot. Much different to the problem behaviour for the last few days but still unacceptable and myserious. I opened process monitor and took a screen grab immediately after this spin up and this is what showed... Powershell.exe rearing it's head again. Note: All instances of Powershell.exe. are never present in Process Monitor when Malwarebytes is disabled.
  13. Sorry Exile this is long... HI Exile. I disabled Malwarebytes as you suggested and rebooted. Unfortunately the problem persisted. It was then that I commenced troubleshooting the USB hub itself. Although convinced the cause of the problem is software related it’s just human nature to start questioning and testing everything when you can’t find the source of a problem. I tried flash drives with it and tested its power supply was working correctly, which it is. The hub appears perfectly fine. I then accessed all of the five the drive’s contents to look for anything unusual. Sure enough I found something on I:\Drive (Volume name ‘WRETCH’) Screengrabs attached of it and the subfolder within. Whether it’s related to the problem or not, it’s appearance within the root folder of one of the drives was VERY surprising. This is because the root folder always only contains two folders ‘VLC media players’ and ‘TV Series’ with all the contents of the drive within these two folders. The contents of the two folders are only ever video files and different versions of VLC media player. I access the drive regularly enough to know I have never had one of these folders appear and furthermore it appeared within the last week which is the period the problem surfaced and you and I have been troubleshooting this issue. Strangely it was not written to any of the other four drives. I looked up what it could be and why it has been written to one of the drives but my limited knowledge is not enough to establish if it was threatening or even related to the problem. Based on what I read it appears to be a standardised Windows write that caused it but it’s creation amidst the timing of this drive spinning problem has me wondering why it was written and if it’s related. Cautious of what it might have been before I even looked it up, I took screen grabs and then used ‘Eraser’ do demolish it. It’s now gone. I hope that was not detrimental to troubleshooting. If it was I’ll have to apologise and wear that. The folder was Zero Kb in size before removal. After writing this I plugged in the drives for another test before posting this to you. As I sit here now, strangely I noted only two of the drives were spinning during this test. I have been testing them all by putting my palm to each and feeling for vibration during every test. This time, 3 out of the 5 were free of vibration and remained spun down. So I immediately opened the properties of both of these drives to hunt for inconsistencies with the others under any of the settings. To my horror (due to potential embarrassment) I found that indexing was turned on for both of them. D:\ ‘RED SUN’ and I:\ ‘WRETCH’. I have no explanation for this other than the obvious one likely human error on my part because I cannot think of any other way it happened. I must have simply applied it to three out of the four during my panic driven, erratic troubleshooting before you commenced assisting me. I immediately turned off this feature for both these drives which took a VERY long time to complete on my work drive ‘RED SUN’ as Windows 10 visibly processed all the files. I was significantly disappointed to have to turn it off indexing on RED SUN as it’s the only drive I ever need to search for files on and it’s very helpful, but troubleshooting is far more important than the convenience of this and if this is not solved I may not have a drive to search after some time. I then checked that the other three drives remained how I had set them (which was indexing off) and it was off for the others. I’m boggled, because if this was the root cause, my brain asks why were the other three drives spinning (all 5 have been spinning) throughout this entire week of PC problems and troubleshooting. I note the strange folder I mentioned earlier in my response was found on ‘WRETCH’ which was one of the one’s where indexing was found to be on. (In case that helps with troubleshooting). It was at this point, while observing the drives were spun down and had been for at least ten minutes, I decided to open the Malwarebytes application for the first time since turning it off so that I could reactivate it and re-boot and see if the removal of the indexing feature (although only found as being active on two of the drives) somehow fixed the problem with all of the drives. I was just opening Malwarebytes ready to turn it on and re-boot and as soon as the Malwarebytes application executed, all the drives started spinning up and stayed spinning for about 60 seconds (much shorter than usual) before spinning down (not sure if that eludes to Malwarebytes being responsible for all this, but that’s why I mentioned it – just in case.) I was about to re-boot with Malwarebytes activated to test the removal of indexing feature from two of the drives as a standalone protentional fix, but exhausted I fell asleep but not before ensuring I left process monitor running full screen so I could see event logs when I woke today. Can’t hear all the drives start up over the CPU and GPU fans unless I have my ear right next to them so I left process monitor running for the reason previously mentioned and my lack of ability to distinguish the audible spinning noise. BTW (side note) the drives spin up for about 60 seconds every time I close the Process Monitor application. Is that normal? I woke today to find far fewer entries in the Process Monitor log, like gargantuanly less. And while sitting at the PC this morning continuing to type this which I carried on my from last night, I am observed nil startup of the drives spinning except when I closed Process Monitor Application. (Note - Malwarebytes is still turned off during this). Before shutting it down, I tried exporting the Process Monitor log for you to see the very few times the drives appeared to have been queried throughout the night and the exporting went up to only 2% in about 45mins of waiting ☹ (no idea why), so I scrapped that idea and have attached screengrabs of the log entries I took before I went to sleep last night which were much the same as what I saw this morning. This I note about the entries with my limited knowledge is the complete absence of Powershell.exe being present anymore. I can’t even find an entry with it. Additionally I note that a many quries now appear to be denied with a return statement of ‘File does not exist’. Though I am not sure what any of this means. Also, no matter what alternative configuration I apply with the checkboxes in the ‘Select Columns’ feature of Process Monitor I cannot seem to sort events chronologically as they appear by time. It does it for some and then a bunch which appear after a certain time with their time stamp showing they took place before the events above it. I will now re-boot with Malwarebytes activated to hopefully determine if the problem’s cause can be isolated to Malwarebytes activation on startup. The drives are not starting up at all still as I type (much better behaviour than the last few days) indicating the problem has been eradicated temporarily but I fear it will return as soon as I activated Malwarebytes and test after this boot in a moment. We appear to have isolated the cause to either the indexing or Malwarebytes which is somewhat relieving. I’ve just gone and opened Malwarebytes as I’m about to connect to the net to post this to you and the drives started up as soon as I excetured the application. I’d say it’s a pretty sure fire bet Malwarebytes is the cause right? I’m not sure what I can do to fix that as I’ve already made exceptions for all five drives in the Malwarebytes program itself and as you know I can’t live without protection. Quite the pickle. As soon as I connected to the web I got the Malwarebytes alert stating a new version of Malwarebytes is available and I have just clicked download and install. Maybe they realised something was wrong in that release and have fixed it overnight? Or is that fanciful and wishful thinking? Will still make sure Malwarebytes is activated this time and re-boot after I post this now and then monitor drives again.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.