Jump to content

jgt1942

Honorary Members
  • Posts

    55
  • Joined

  • Last visited

Posts posted by jgt1942

  1. Quote

    It looks like you're trying to run a Word macro that that attempts to do a reg export command. We block the process creation from macros.

    That is correct several years ago I frequently lost the list of PINNED documents in Word, e.g. the files you regularly used at pinned to the top of the list when you click File > Open. It was so annoying I created a macro to save the list every time I opened word. Thus when I notice it was not the full list I could easily recover the last time it was good. I assume this is a new feature in MB because it has been at least 4 years since I created the macro.

    Turning off "Office VBA7 abuse prevention" resolved the issue.

    Suggestion: This seems to be a good feature it would be nice if I could create an exception list and then I could still have the safety advantages of the function.

    Suggestion: When I open the settings window in MB or similar windows, my simple mind does not see any logical order to the list. If there is no logical order why not just have them in alphabetical order thus making them easier to find?

  2. Quote

    Please follow the directions from the following topic to clean up the issues with Google Chrome. Once Google Chrome is cleaned up you should get a clean scan report from Malwarebytes.

    I followed the steps and after running the scan no issues were found. I then turned Sync back on in Chrome.

    Darn! I still have the issue with word 2013. I think I did everything you suggested.

    Again I ran a MB scan and nothing was found, I'm now running the support tool and getting the logs.

    The logs are attached, I'm going to bed, zzzzzzzzz

    mbst-grab-results.zip

  3. OK it looks like the reinstall resolved the issue but I had problems with the process.

    1. I clicked the Clean option and the Malwarebytes Premium was uninstalled.
    2. When prompted to install I proceeded but somewhere it failed. I tried the entire procedure a 2nd time and again it failed with the same error ("Malwarebytes for Windows installation has been canceled.")
    3. I closed the tool, rebooted my PC, GEE it took a LONG time (333 seconds). I'll recheck the reboot again tomorrow, It is late and I need to get to bed.
    4. After the PC rebooted I downloaded the latest from the website, actually what I downloaded was and EXE that would download the latest and start the install. I would have preferred to actually download the code so I could put the copy in my Code library.
    5. The install was successful without any issues.
    6. I ran the Support tool, and created the logs. They are attached. I noticed that the ZIP file is MUCH smaller than the previous file I created.
    7. As scan is scheduled for 0200 hours but I kicked it off because MB in the systray had a notice that a scan had not been run.
    8. Still I cannot open Word 2013 files without issues. Initially after reinstalling I was able to open word files but now I cannot.
    9. I turned Real-time protection off, now I can open word files.
    10. I ran a scan

    Clean Function Error 2021 0830.png

    mbst-grab-results.zip Scan results 2021 0830.txt

  4. Quote

    You're quite welcome. No rush, keep me posted with the results of the Clean Removal and reinstall.

    Will do, I want to resolve the issue.

    Quote

    As for the disk bad sector, again your choice. If you can afford it I'd personally verify all desired data is backed up and then wipe, discard the drive and replace. I just had a 16TB drive failure and I have a new one on order as I never like to have just one backup on hand.
    At worst, if you really need the drive use it as a scratch drive that you know full well has the potential to die any day.

    For years I have used Hard Disk Sentinel, it has a feature that reports the health of the hard drives and estimated life of the drive. Normally when a drive falls below 25% health I will pull the trigger and replace the drive. The current failure, e.g. disk 8, is a weird one and I'm working with the developer of HDS, that's why I'm running the current test. The developer lives in Hungry and we're trying to avoid sending the drive to him. I'm about ready to bite the bullet and send him the drive. He has considerable more knowledge in this area than I ever will have. It will be interesting to see what he discovers and possibly why HDS did not raise a red flag. It may be one of those weird things that just happen and near impossible to detect.

    Quote

     

    You appear to be doing quite well with regards to backups compared to the majority of users whom most don't seem to have any back ups.


     

    I'm paranoid about backups!!! I run nightly incremental backups of  my OS drive and every 7 days create a full BU and keep 5 generations of BUs. I've been burned too many times and once got burned because I only had three generations. Recently I had some weird issue on my PC and recovered using the oldest BU generation I had.

    For my data I keep two different mirror copies which run nightly as well.

    As a result of all my BUs I have considerable space devoted to them, in total I have 70+ TB of HD space. I've not made the jump to store all the BUs in the cloud but now that I have a very fast internet connection I may give it a try.

    My weak link in my BUs is everything is local on one PC. This is pushing me to consider the cloud or a NAS. I looked into the NAS in the past but did not make the move. Even with fast internet access the Cloud is still slower than local or a NAS attached to my network.

    One of the reason I have not gone to the Cloud is because of my son. He is a financial advisor and per his compliance he cannot store any data in the cloud. I want him to have a BU method very similar to mine. For him I implemented Acronis using two USB drives where one drive is off site for a week and then he swaps. Because he is only backing up his laptop this is an easy inexpensive solution. 

    Another area of risk for me is the fact that I don't have a security ring to protect the BU drives. This is lack of knowledge on my part.

    Quote

     

    Backup Software
    https://forums.malwarebytes.org/index.php?/topic/136226-backup-software
    Macrium Reflect discussion

     

     

     

    Thanks for the links, while reading your suggested link I followed another link in the post (https://blog.macrium.com/cloud-vs-nas-vs-external-storage-for-backup-how-do-they-compare-80bf83bdff42Cloud vs. NAS vs. external storage for backup: how do they compare? 

     

  5. I looked into this a bit more. The reason for the failure is due to the fact that an Acronis script file is missing.

    I'm confused as to why Acronis is scheduled to run this script if it does not exist. I have not changed my Acronis settings in a long time. I estimate it has been over a year since the last change. 

    I see that the time of failure was between 10:20:00 and 10:55:00 PM. Normally I have my backup run in the very early hours of the day. My current Acronis schedule is set to run at 0249 hours and is reporting success.

    I'm trying to find the "why" and working with Acronis support.

    • Like 1
  6. I uninstalled Bonjour and then attempted to open Word 2013, it failed with the same error.

    I'm attempting to determine if I have problems with Acronis and have posted in the Acronis community forum.

    Quote

    Your DISK 8 appears to possibly have a bad block that is causing issues. You should run a full disk check on that drive and run a Hard Drive Diagnostic tool to verify if the drive is possibly failing

    Yes DISK 8 has issues. Recently it failed completely and the OS could not see it. I removed it from the PC, installed a new 14TB drive, restored all of my data from backups to the new drive. Two days ago I reinstalled the failed drive, when I installed the drive much to my surprise I could see and use the drive. I then decided to perform test using Hard Disk Sentinel. First I ran a READ test where HDS test all sectors of the drive in read mode. It did report that there was a bad sector. I then ran the REPAIR test, it is still running after 21 hours. This test will read/write the data and perform a repair on bad sectors. The current test has been running for 20 hours because it has encountered a bad sector and is having problems repairing the sector(s). I can pause the test and resume later but for now I want to let it run. Depending on the final results of the test (there are other test I can run but they destroy the data which is not a real issue for me since I have it backed up) and feedback from the developer of HDS, I will determine if I want to trust the drive and use it.

    Quote

    Advanced SystemCare might not be the best software but the choice is yours

    I was using it because it seemed to fix a lot of issues for me. However, it could be a "feel good" application and I don't have the skill to verify otherwise. Thanks for the feedback.

    Quote

    You have a huge amount of scheduled tasks. You may want to double-check that you want, need all of them or not.

    Yes I do! The bulk are daily backups but I do need to review all of the task and ensure I do need them. Some will be obvious and others will require a bit of research on my part (bummer, more to learn).

    Quote

    Let me have you do a Clean Removal and Reinstall of Malwarebytes

    OK it is HIGH on my list. I currently have family visiting and need to spend time with them but later today I will start down this path. 

    Thanks again for your help.

  7. I have an issue very similar to 

    I attempted the suggested solutions but none is working for me. My macros that I've used in word for years are not working.

    I don't recall exactly when I last used Word 2013 (part of office 2013 pro) but this after noon I attempted to create a new word document and noticed that my modified word template (normal.dotm) was NOT being used. I restored the template using a file dated 06/14/20 and now I get the Exploited blocked message. It does not matter if I attempt to open the new document or one that I previously created, nor can I open the Normal.dotm file.

    I can open Word in safe mode.

    I'm currently using Malwarebytes Premium 4.4.5 

    I just replaced the normal.dotm file with one dated 08/11/18 and word still fails to open and I see the exploit blocked.

    I just right-clicked on the Malwarebytes icon in the Systray and turned off  "Exploit Protection" and now I can successfully open Word.

    Do you have a dummies version explanation for a solution?

  8. malwarebytes keeps blocking vfgrse.com and feed-5613.coderformylife.info 

    My assumption that they are bad and should be removed.

    image.png.008368e2b71ff952df09346118e7d9ad.pngimage.png.26794b59a189583ae9553ad05ac2be76.png 

    I've run ADWCleaner and Farbar, attached are the Farbar logs. After the logs were created I clicked on the Farbar button on the far right, a window opened I closed it and Farbar was closed.

    I've looked at the logs, in the Additional.txt file I do see Application and System errors, at this time I don't know what I should do to correct them. My assumption is that I should not have any errors.

    Most likely I have stuff installed that should be removed, at this time I don't know if anything should be removed. 

    Suggestions????? 

    FRST.txtAddition.txt

  9. Quote

    I would not recommend using Malwarebytes for flat file scanning like that. Aside from the time involved our program is designed to stop, prevent, locate, remove current in the wild infections. Not infections that have been around for months or years. Using your Kaspersky Total Security would be a much better tool that is designed to find and remove even threats from a decade ago.

    OK that sounds reasonable. I have stopped the scan and will rely on KTS. I know that I have issues with the system and have started to understand Microsoft Sysinternals and I have a long uphill road ahead. It is difficult to teach an old dog new tricks. There is a lot of stuff I don't understand and need the dummies version of the instructions.

    Quote

     

    As for backups, I would only have a couple concerns or cautionary information to provide.

    If backups are connected to an internal bus where they cannot be disconnected like a USB connection then there is always the threat that some type of infection such as one of the newer encryption attacks could access those backups and encrypt the data. In which case you'd lose all of that data

     

    .The backup drives are internal drives connected to the bus. I wanted to get a NAS unit but keep putting it off but I'd still have the same exposure if it is connected to my network or is this a wrong statement. I actually have three sets of internal drives (1) data (2/3) two sets of backup drives containing two sets of backups. I've considered using cloud storage but the transfer speed is so slow and backing up 15TB would take a LONG time. My ISP upload speed is rather slow. I'm willing to listen to your suggestions for better suggestions. At this time of my life I'm not as dependent on the stuff I have on the PC and most is just for fun but that does not mean I don't want to protect it nor do I want to be stupid about it.

    Quote

    Also, if the drives are the only copy you have then that is not a backup. A true backup needs to be on a completely different hard drive, tape, online, etc. If the data is copied anywhere else on the same drive then it's not a backup. If that drive fails or get an infection then permanent loss of data is a possibility.

    The data (15TB) and backup (36TB) are different drives but all in the same system. Many years ago I did use tape but when the price of HDs dropped and it was time to upgrade the tape system I switched to HDs. I'm now on a fixed income (retired) thus whatever changes I implement now hopefully will be inexpensive. 

    Quote

    If using proprietary RAID solutions, then you need a duplicate of that as well. If you have a drive fail in a RAID 1, 5, 10 etc. there is no issue you can replace a drive and let it rebuild. If you lose the bus or the physical backup device and don't have an exact duplicate of that backup device to swap to the you lose the data too.

    In the past after ditching the tape BU I switched to RAID and used RAID 5 and then converted to RAID 6, about 8 years ago I swapped out the RAID for direct connected HDs. Currently, the smallest drive is my boot drive (500GB SSD) and then the next smallest is 3TB (2 of these). I have a few 4TB, 6TB, and one 8TB. Possibly I will replace one of the smaller drives with a much larger drive but this also means that I would reshuffle the drive contents of the other drives but still keeping data and the two BU sets on unique drives. 

  10. Step 3

    OK I just ran Farbar Recovery Scan Too the two files are attached.

    Looks like I have several action items which I need to learn more about what is on my system.

    Currently, I'm running a FULL system scan and this is taking a LONG time. So far 62 hours have lapsed and per the icon in the taskbar it has about 10% more to go. I have just over 50TB (14.5TB data and 25.5TB backups) of storage on this system. It serves as my main system thus it has all of my libraries and backup drives. I realize that having all the backup drives in one tower and in one location is not the best but it is what it is. 

     

    The current scan has identified a bunch of "malware", I'll let MB do what is necessary but I'd like to just delete the folder containing the malware but MB does not make this easy. It would be super helpful if I could right-click on the entry in MB and open the folder. Thus to properly clean the system it will take a few hours. The other MB finds are PUPs, in total so far MB found 667 issues. In that MB is scanning my backups (in some fashion I backup ALL of my libraries) it will find the same issue multiple times. I should not have included the backup drives in the scan. Assuming I remove the issue from the library drives then the issue should automatically be removed from the backup drive in the next backup cycle.

    In MB I can view the items detected during the scan but I don't see any way to save this info. Is it possible to open the MB results file in some editor so I can act on the results in a more logical fashion?

    Addition.txt

    Fixlog.txt

  11. Quote

    That's because it's not malware.

    OK, I thought it was malware because my AV kept flagging it and could/would not remove it even though the AV stated it was a Trojan. Also in my limited research, I read that the bad guys had utilized Akamai Technologies to implement hooks into PCs.  I do appreciate your help and will try to supply all the details you requested. I've completed the first two steps and have rebooted my PC. Malwarebytes Premium 3.6.1 does not give me access to the scan results I ran prior to rebooting and completing step 2. I'm rerunning it, the scan runs in about 11 minutes.

    I do have the latest Malwarebytes Premium (3.6.1.2711) installed. I had inferred that Malwarebytes Premium would remove almost anything bad from my system. On the main page, I see "Prevents Windows virus, spyware, and malware infections."  As well as "Comprehensive security that blocks malware and hackers. It protects you from threats that traditional antivirus isn't smart enough to stop." From those statements, I inferred that Malwarebytes was the super protector. 

    Step 1

    I reran the scan and attached Malwarebytes Premium Scan 2018 1127.txt MBW did not report any findings.

    I'm confused, MWB states  "Your scan is completed! No threats detected!" If this is true why do I see AWD deleting items?

     

    Step 2

    I currently have the latest version adwcleaner_7.2.5.0. I'm again confused. Quite some time ago after reading about ADWcleaner and MWB I inferred that everything that AWD did MWB would do. I now infer that this is NOT correct. I did run adwcleaner_7.2.5.0

    I looked at the results and noticed that ADW deleted  "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeFixer background scan" and I remember seeing this action before.

    It appears that I installed FreeFixer on 09/18/18 based on the internet page at https://www.techadvisor.co.uk/download/security/freefixer-118-3328375/ . I'm not sure what is accomplished by deleting the key and not the install as well. Question: Should I uninstall FreeFixer?

    I see that ADW did not remove two items

    Not Deleted   Ask
    Not Deleted   AOL

    To my knowledge, I do not use Ask or AOL and would like to remove them but I cannot find any entries for them. I think Ask is a search engine but I never use it. As for AOL I have never used it. I also scanned the registry for Ask and AOL and did not find any entries that seemed to support either. 

    OH DARN!!!!! I reran the ADW, when it completed the scan I had two options (1) apply fix and reboot (2) apply fix and reboot later. I selected option two, after the clean process I was forced to reboot.

     

    I'm going to try Step 3.

    Malwarebytes Premium Scan 2018 1127.txt

    Malwarebytes AdwCleaner 7.2.5.0 Results 2018 1127.txt

  12. Since last Friday, very frequently, my AV is blocking https://cdncache-a.https://cdncache-a.akamaihd.net/sub/z07d469/ext-dist/l.js?pid=2668&ext=RoyalAds&rvz_subid=9638-1005;HEUR:Trojan.Script.Generic;https://cdncache-a.akamaihd.net/sub/z07d469/ext-dist/l.js?pid=2668&ext=RoyalAds&rvz_subid=9638-1005;Google Chrome;Trojan program;11/26/2018 17:15:57.net/sub/z07d469/ext-dist/l.js?pid=2668&ext=RoyalAds&rvz_subid=9638-1005;HEUR:Trojan.Script.Generic;https://cdncache-a.akamaihd.net/sub/z07d469/ext-dist/l.js?pid=2668&ext=RoyalAds&rvz_subid=9638-1005;Google Chrome (;Trojan program;11/26/2018 17:15:57

    (akamaihd) . I've run the scan for Malwarebytes Premium several times and nothing is reported. Searching the internet and the Malwarebytes forum I see old and new post regarding akamaihd

    Here is the latest results from my scan (I just ran it):

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 11/26/18
    Scan Time: 10:56 PM
    Log File: 6164e4a8-f1f8-11e8-b76d-5cf370879e8b.json

    -Software Information-
    Version: 3.6.1.2711
    Components Version: 1.0.482
    Update Package Version: 1.0.8033
    License: Premium

    -System Information-
    OS: Windows 10 (Build 17134.407)
    CPU: x64
    File System: NTFS
    User: S4\jgt

    -Scan Summary-
    Scan Type: Threat Scan
    Scan Initiated By: Manual
    Result: Completed
    Objects Scanned: 404489
    Threats Detected: 0
    Threats Quarantined: 0
    Time Elapsed: 11 min, 50 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Detect
    PUM: Detect

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)

    WMI: 0
    (No malicious items detected)


    (end)

  13. Regarding my simple test. I moved to the next phase, e.g. scan my 6TB R drive. Both Kaspersky and SuperAntiSpyware completed successfully but MBAM is hung (see the following image) and I cannot stop or kill MBAM. Currently I've run Kernel Outlook PST repair and I'm waiting for the save of the repair to complete and then I will reboot my PC. The following image was created yesterday so I could ensure MBAM was hung. I just looked at MBAM and the progress has not changed. 

    I was just able to finally kill MBAM.

    MBAM Scan R 01 Hung 2017 0504.png

  14. Ron, much thanks for the input and great link regarding backup. Like you "house fire, flood, earthquake, tornado, etc. could render all of my data useless", I'd be screwed. Currently I don't have any offsite backup. All of my "data" is on four drives (1) C - Boot drive 500GB SSD, (2) R - 6TB, (3) S - 4TB, and (4) 4TB. To backup the OS currently I use Acronis True Image 2017 and I'm also testing the Malwarebytes beta offering. To backup the other three drives I use Syncback Pro and have at least two copies of all data on the R, S, T drives. All backups are spread across 7 drives also installed in the tower. I agree and take the risk this is not the best option. In that I'm retired for the most part all of my business data is not as critical as in the past. All the other data music, audiobooks, woodworking, applications and such would be a royal pain (most likely impossible) to recreate. I could at least backup one copy to external drives that I could put offsite and just run the backup once a month. I'm in the very early stages of a move across country and when that happens I can explore other options.

    The past few months I've been (1) trying to determine why my electrical bill is always so high, circuit breaker monitors have been installed and I need to analyze, (2) understand and resolve performance issue on my desktop, frequently one of the OS services will kick off and consume a huge portion of my CPU (at this time I cannot remember the actual service), (3) resolve Outlook 2013 issues (frequently Outlook will freeze and corrupt the PST file), possibly I should switch to something else but the unknown of switching is a big unknown, (4) I have numerous woodworking projects pending.

    Regarding the PC issues, I have spent hundreds of hours researching and trying solutions so far nothing seems to resolve my issues.  

  15. 4 hours ago, Porthos said:

    Adware tracking cookies are harmless to the system.

    I agree!

     

    4 hours ago, Porthos said:

    A respected member here @David H. Lipman Has a long post that explains MB a little better.

    Looks good, I'll have to read through this a few time to digest everything.

    Kaspersky finally finished (reports that it took just over 23 hours (I failed to capture an image) and reported 96 objects. I looked at the report and everything reported is from the Volume Shadow. I did not look at these mainly because they are on other drives, e.g. the real file, and my intent is/was to scan my other three data drives. 

    The problem I had earlier with "Service Host: Task Scheduler"  consuming my system seemed to resolve its self. However Outlook 2013 has stopped working and I need to send some emails. Thus I will reboot my system and see if I can get Outlook working correctly.

  16. 7 hours ago, exile360 said:

    No active file can be stored there

    I agree, not that I fully understand the Volume Shadow but it is reasonable that nothing is really stored there otherwise the size of the volume shadow would be super huge. Thus I assume that Kaspersky is able to follow some chain and look at the actual file. Good to know but I'm not going to worry about it now that I have a little more understanding of it.

    I also now have a better understanding of MBAM in that it cannot dig into archive files of such. I can live with this and take the extra time to dig into the archive file.

    I may have to kill the Kaspersky scan. Currently the scan has been running almost 24 hours and states that about 16 hours remain. Thus based on the current test my assumption is that Kaspersky has no idea as to how much time remains. It seems to report some number just to make the user feel good. The main driver behind the idea of killing the scan is that my system is now running at 100% and "Service Host: Task Scheduler" is consuming at least 40%. I've killed the service several times and within a min it is back hogging the system. This of course is impacting the scan as well as everything else on the system. However I do see that Kaspersky has now identified a total of 6 objects. 

    Today is a slow day for me and date day with the wife. I will let Kaspersky scan today and hopefully complete the scan and then look at the Kaspersky findings. One of the six I have already researched (see the above).

    More thoughts about my test.

    1. MBAM scan performance is super.
    2. SuperAntiSpyware scan performance is about twice as slow as MBAM and found a lot of adware.
    3. Kaspersky scan performance is the pits  but has found objects that "possibly" MBAM should have found (this is assuming MBAM is to replace Kaspersky). In reality MBAM would have found one of the Kaspersky objects when it scanned the actual drive that contained the file. Kaspersky followed some chain/path from the Volume Shadow file to the actual file on another drive. The other objects need research on my part at this time.
    4. I do have some mystery performance issue on my PC that I would like to resolve. At this time I'm not sure just where to start. 
  17. 10 minutes ago, exile360 said:

    Just FYI, this test will not illustrate why we believe Malwarebytes 3.0 is capable of replacing AV protection because it's all after the fact.  We've discovered that most malware gets in these days via exploits, malvertisements, phishing/spam emails and similar tactics.  That alone makes our anti-exploit and web blocking capabilities essential in the equation with regards to full malware protection.  Infecting a drive and scanning it after the fact will only test our reactive definitions in the malware/rootkit scan engine, which is not nearly as proactive in our eyes for preventing most modern threats (it's essentially the same kind of dated approach used by most major AVs these days).

    One of the primary reasons we're so confident in Malwarebytes 3.0 as an AV replacement or even just as a proactive solution to malware prevention is because of these additional modules we've added recently that target points much earlier in the attack chain before the malware has even been downloaded to the system.  It's all about prevention by limiting the attack surface and cutting off the most common attack vectors (like malicious ads and exploits that use the web browser, office software, email and similar means).

    I agree that this test will NOT illustrate that MBAM is capable of replacing AV, my intent is "I'm interested in discovering the scan time for each application and what each discovers." By discovering what each discovers might shed some light on MBAM replacing the AV and where MBAM could be improved.

    So far my take-away is MBAM can scan MUCH faster than Kaspersky, e.g. 108 minutes vs about 21 hours (this is an estimate pending the complete scan) for Kaspersky. That being said if MBAM does not find stuff then being able to scan faster is no big deal. Another question that I cannot answer at this time is the find a false report. I'll have to do more research and possibly I can find an answer. This may be beyond my skills.  

    So far in the Kaspersky scan it did find one object here are the details of what it found, actually it found this yesterday prior to the weird system issue I described above (monitor went black and I could not get it revived without powering off).

    29.04.2017 22.59.56;Detected object (file) not processed;C:\HarddiskVolumeShadowCopy1\Libraries\Educ\Gnomonology-Introduction To 3D Studio Max\tools-ts2ft.rar//daemon406-x86.exe//SetupDTSB.exe;C:\HarddiskVolumeShadowCopy1\Libraries\Educ\Gnomonology-Introduction To 3D Studio Max\tools-ts2ft.rar//daemon406-x86.exe//SetupDTSB.exe;not-a-virus:WebToolbar.Win32.WhenU.a;Legitimate software that can be used by criminals to damage your computer or personal data;04/29/2017 22:59:56) - Kaspersky labeled this find as "Trojan.Win32.Scar.puuh"

    FYI I used MBAM to scan the folder "Libraries\Educ\Gnomonology-Introduction To 3D Studio Max\" and reported a threat "Adware.WhenU"

    I have no idea if the Kaspersky and the MBAM find are the same mainly because they labeled the finds differently.

    It appears that MBAM is not able to scan the Volume Shadow Copy and obviously Kaspersky can. It would be super nice if MBAM could scan such. :) Because the file/folder is on one of my data drives it would have been discovered when I scanned that drive with MBAM.

    Looking at the MBAM scan results it is not easy for me to get to the folder. It would be nice if I could right-click on the results entry and open the folder. If the file found is critical to the contents of the folder then I personally may want to delete the entire folder.

    The problem file is a file in a RAR file. MBAM identified the RAR file whereas Kaspersky actually identified the file in the RAR file. Thus Kaspersky produced a more meaningful report (IMHO). I'm sure MBAM could be enhanced to produce a better report.  

  18. Thanks for the suggestions.

    Can MBAM replace your antivirus software, possibly yes, look at https://forums.malwarebytes.com/topic/191650-malwarebytes-30-frequently-asked-questions/#comment-1077438

    Ref "What you need to to first is find out what those 421 "threats" consist of. I'm guessing this is largely adware and tracking cookies." You are 100% correct, my bust! I meant to say that they are ALL adware, nothing else was found.

    Earlier tonight I had to restart the Kaspersky scan. When I came back to my PC the scree was black but the PC was running. I was not able to get a screen image and the PC would only respond to the power button. Even the reset button was ignored. Normally I don't let my PC sleep or the monitors to go black but I do have scheduled hibernation. I did the power off, when the system rebooted I checked my Power settings and noticed that the monitors were set to go off after 15 minutes of no use but the PC Power was set to Never (this is what I had previously set). I changed the monitor to Never. After upgrading to Windows Creator LOTS of settings reverted back to what Microsoft sets as defaults, Oh thank you Microsoft for screwing me again!

    The current Kaspersky scan looks like it is about 20% completed and states that about 13 hours are left.

    A little bit of why I'm going down this path. For the past several years my PCs have been running 24x7. Some days I spend as much as 18 hours on the PC, this of course does not make the wife happy and I've been trying to scale back. Also I've been monitoring the electrical usage on every breaker in my three electrical panels. One of the biggest users is my office and in an attempt to be more green I've scheduled my desktop to hibernate during periods of time that I normally would not be using it. Thus all of my backup applications run during the times my desktop, which provides HD storage space for all my system backups and data backups. Currently I have 11 drives in the desktop providing about 50TB of space. The drives that I'm scanning are the data drives, I don't plan to scan the backup drives. Recently my desktop was consuming 100% of the CPU the entire time it was running. I used the Task Manager and Resource Monitor to identify what were the major contributors to the usage. This took me down several rabbit holes and I was not able to quickly find a solution and it looked like it was going to take a lot of research to find a solution. At this point I ran Tweaking.Com Windows Repair and it did fix something. Currently with the Kaspersky scan running the CPU is bouncing between mid 50 and mid 70% which is much better than being pegged at 100%. Currently Kaspersky is consuming between 16-30% of the system (the scan is running). Without the Kaspersky scan at times I see Kaspersky consuming a huge chunk of the CPU but normally this is intermittent. I have numerous questions regarding how do I get better performance and so far all of the performance tips I've tried have not done anything for me. I have spent numerous hours researching this, possibly my skills are not good enough. Part of the problem is the way I use the PC, for me it is a tool. Almost always I have 10-30 applications running and I constantly bouncing between several of them and within an application I might have multiple windows open. Example when I'd doing research it is common that I will have several Word documents open, numerous Chrome windows, several Excel windows open, several Outlook emails open and whatever applications that help support my research. 

    Just a bit more on trying to be green. As I said above, I schedule the PC to hibernate twice a day at 0200-1030 hours and 1730-2200 hours. I was expecting to see the electrical power for my office to drop to almost zero but this was not the case. This was because the UPS units were not being powered off when the PC was hibernating. Sorta good/bad news here. There is software that I can use that will power off/on the UPS units (this is the good part) but I can only schedule one cycle (this is the bad part). For now I will set it up for the 0200-1030 hours slot.

    Time for bed! BTW Kaspersky now reports that 14 hours remains. Currently I scanning a 500GB SSD, I can imagine when I scan a 6TB drive it will take a few days. 

     

     

  19. First let me state that I will be performing a simple scan test using MBAM 3, Kaspersky Total Security and SuperAntiSpyware. I consider myself somewhat knowledgeable regarding AV issues on the PC but I'm far from an expert. Currently this test will comprise four steps where I will scan four drives on my desktop with the three applications. Initially I will start all three at the same time and wait until all three have completed before moving to the next step.

    I'm interested in discovering the scan time for each application and what each discovers. I DO NOT have any investment in any of the applications other than having purchased them. I welcome constructive comments and suggestions.

    1. Step 1 - Scan C drive - Samsung SSD 840 EVO 500GB
    2. Step 2 - Scan R drive - this is one of my data drives WDC WD60EFRX-68MYMN1, SATA Gen3, 6 Gbps, SN=WD-WX31DC4CKS40, 6TB (RED Drive)
    3. Step 3 - Scan S drive - this is one of my data drives WDC WD40EFRX-68WT0N0, SATA Gen3, 6 Gbps, SN=WD-WCC4E1323843, 4TB (RED Drive)
    4. Step 4 - Scan T drive - this is one of my data drives WDC WD40EFRX-68WT0N0, SATA Gen3, 6 Gbps, SN=WD-WCC4E1294052, 4TB (RED Drive)

    Currently I do NOT plan to include any of my seven backup drives which are installed in my tower and either directly connected to the MB or connected to a LSI SAS9211-8I 8 Port adapter card, this card is NOT in RAID mode, it is just performing the function to attach the drives directly to the MB. 

    I will be using the system and daily backups may run during the scans, this may or may not impact the simple test.

    System Info

    • CPU AMD Phenom II X6 1090T (6 core processor)
    • Windows 10 Creator
    • 16 GB RAM
    • Motherboard ASRock 990FX Extreme9 (CPUSocket)

    Early results of step 1 

    • MBAM scan time 01:48:29, nothing detected
    • SuperAntiSpyware scan time 02:26:37, 421 Threats (Addware)
    • Kaspersky scan time (still scanning estimate 10 hours remaining), so far one threat found

     

    MBAM, KasperskyTS, SuperAntiSpyware Scan 02 2017 0429.png

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.