Jump to content

MalwareBytes freezes on a file path of jibberish characters


JMo

Recommended Posts

MrC,

Ok this is weird. I booted to safe-mode without running any command line switches or ignor list and it ran fine. MB found (1) vulnerability pum.disabled.securitycenter. It ran until completion and did not lock up. In addition, I never saw it scan the jibberous file path like in my screenshot in this post.

So I booted into windows and ran MalwareBytes again like normal and I almost instantly saw it trying to scan the jibberish file path again. So I just stopped the scan. Is it possible to only have Spyware in Windows or is there some kind of "Fake" file path that just loops and freaks out the MB scanner? Not sure but it's definitely an odd issue.

Link to post
Share on other sites

OK, they're concerned that your Anti-virus is causing the problem.

Another possibility is a corrupt disk, running chkdsk (checking the disk for errors) would be a good idea

I'd like you to run GMER Rootkit Scanner also:

Scan for rootkits with GMER Rootkit Scanner

Download GMER Rootkit Scanner from HERE to your desktop.

Double click the .exe file (it will be named some random characters). If asked to allow gmer.sys driver to load, please consent .

If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

th_Gmer_initScan.gif

Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Uncheck the following ...

Sections

IAT/EAT

Drives/Partition other than Systemdrive (typically C:\)

Show All (don't miss this one)

Then click the Scan button & wait for it to finish.

Once done click on the [save..] button, and in the File name area, type in Gmer.txt or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and post it in your reply.

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

NOTE:

If you cannot run GMER as indicated above, please save a scan from the initial startup scan.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double click the gmer.exe file.

The program will begin to run, and perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

After the "initial scan" is complete, click on the Save button, and save the log file to your desktop, and post it in your reply

MrC

Link to post
Share on other sites

OK, the reason the log is so big is that you didn't leave the Show All (don't miss this one) unchecked.

Click on the pix below for example:

th_Gmer_initScan.gif

In the right panel, you will see several boxes that have been checked. Uncheck the following ...

Sections <----uncheck

IAT/EAT <---uncheck

Drives/Partition other than Systemdrive (typically C:\) <--just scan C:\

Show All (don't miss this one) <---uncheck

Then click the Scan button & wait for it to finish.

Once done click on the [save..] button, and in the File name area, type in Gmer.txt or it will save as a .log file which cannot be uploaded to your post.

Can you run it again with the correct boxes checked,

Thanks....MrC

Link to post
Share on other sites

Checking file system on C:

The type of the file system is NTFS.

A disk check has been scheduled.

Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...

125184 file records processed. File verification completed.

78 large file records processed. 0 bad file records processed. 2 EA records processed. 91 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)...

169856 index entries processed. Index verification completed.

0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)...

125184 file SDs/SIDs processed. Cleaning up 568 unused index entries from index $SII of file 0x9.

Cleaning up 568 unused index entries from index $SDH of file 0x9.

Cleaning up 568 unused security descriptors.

Security descriptor verification completed.

22337 data files processed. CHKDSK is verifying Usn Journal...

37170416 USN bytes processed. Usn Journal verification completed.

CHKDSK is verifying file data (stage 4 of 5)...

125168 files processed. File data verification completed.

CHKDSK is verifying free space (stage 5 of 5)...

46040262 free clusters processed. Free space verification is complete.

CHKDSK discovered free space marked as allocated in the

master file table (MFT) bitmap.

CHKDSK discovered free space marked as allocated in the volume bitmap.

Windows has made corrections to the file system.

243386367 KB total disk space.

58932796 KB in 97283 files.

56864 KB in 22338 indexes.

0 KB in bad sectors.

235655 KB in use by the system.

65536 KB occupied by the log file.

184161052 KB available on disk.

4096 bytes in each allocation unit.

60846591 total allocation units on disk.

46040263 allocation units available on disk.

Internal Info:

00 e9 01 00 50 d3 01 00 fc 4c 03 00 00 00 00 00 ....P....L......

58 02 00 00 5b 00 00 00 00 00 00 00 00 00 00 00 X...[...........

70 61 57 00 50 01 55 00 38 1e 55 00 00 00 55 00 paW.P.U.8.U...U.

Windows has finished checking your disk.

Please wait while your computer restarts.

Link to post
Share on other sites

MrC,

I appreciate all your help! I haven't done anything yet, I am a bit too busy right now. I think in the next few weeks that I will go ahead and just rebuild the laptop. I am fairly confident that I don't have a virus or Malware but the fact that I can't run MB in the future is not that comforting. So to be safe I will just go ahead and start from scratch. I applaud your effort though...

Link to post
Share on other sites

If you want, here's a suggestion from exile360:

you can get a ProcMon log to determine precisely what the path is that Malwarebytes Anti-Malware is actually freezing on:

Create a Process Monitor Log:

http://technet.micro...ernals/bb896645

  • In Process Monitor, click on Filter and select Filter...
  • Click on the first drop-down menu and select Process Name
  • Click on the second drop-down menu and select is
  • In the white box next to is, type mbam.exe
  • Make certain that in the last drop-down menu, Include is selected and click on Add
  • Click on Apply and then OK
  • Perform a Quick Scan with Malwarebytes Anti-Malware, and once it reaches the folder/file in question, abort the scan and close Malwarebytes Anti-Malware
  • Click on File and choose Save...
  • Make certain that the following are selected:
    • Events displayed using the current filter
    • Also include profiling events
    • Native Process Monitor Format (PML)

    [*]For Path:, click on the ... button and browse to your desktop and save the file as mbam.pml and click on OK

    [*]Close Process Monitor

    [*]Right-click on the mbam.pml file now located on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder

    [*]Please attach the mbam.zip file you just created to your next reply

MrC

Link to post
Share on other sites

  • 1 month later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.