Jump to content

Strange one

MBAMproblem
 Share

Recommended Posts

MBAMproblem

MBAMproblem

Posted
Posted

Hi,

 

I'm using MBAM Pro and recently bought an external hard drive to make backups.

 

When I first plugged it in, XP recognized and installed the drive. However, it was nowhere to be found, either under My Computer or Disk Management. Not only that, nothing would run on the computer, no processes could be stop or killed, nor could I even shutdown the computer other than by holding the on/off button or the reset button.

 

After running a lot of tests, and performing a complete Clean Boot troubleshooting procedure, I finally narrowed it down to MBAM! Now that is quite puzzeling. I can't just disable the Protection Module or File Execution Blocking or any other settings. I have to disable both MBAM services completely (services.msc). In other words, MBAM real-time protection must be completely disabled, otherwise, when I try plugging in the drive again, the entire computer goes into shock again!

 

So now, I can only use MBAM for occasional scans, nothing else. Any ideas, as I fail to see the link between MBAM and an external hard drive? I've even checked inside Process Explorer what handles were using USB ports and MBAM wasn't showing anywhere.

 

Thanks in advance.

Link to post
Share on other sites
John L. Galt

John L. Galt

Posted
Posted

Have you tried waiting for a good long period of time to make sure that the drive can finally become available?  I'm guessing here, but first of all, I suspect it's because of a conflict between MBAM and some other security program that you have installed, and that both are trying ot scan the new drive before letting you have a shot at it and you've not let it completely scan the first time around.

 

For posterity sake, can you tell us which version of MBAM, and assuming Windows XP SP3, also what other security software you have installed, particularly those running all the time, and if you've made any exclusions between MBAM and the other products?

Link to post
Share on other sites
MBAMproblem

MBAMproblem

Posted
  • Author
Posted

Hi, and thank you for your reply.

 

My main security program is ESET Smart Security. I'm running MBAM Pro version 1.75.0.1300 (not sure why it hasn't updated to version 2.0 or to Premium ?!?). My OS is Windows XP Pro SP3 fully updated.

 

Before plugging in the drive, I always wait until everything has had plenty of time to load or scan. In fact, I don't think MBAM even scans that drive...

 

As for exculsions, yes, I have set the recommended ones on account of a conflict with ESET at startup. Even that wasn't enough, so there's a startup delay (DWORD delayguistart of 60 seconds) set into the registry for MBAM. That has completely eliminated any conflicts between MBAM and ESET.

Link to post
Share on other sites
John L. Galt

John L. Galt

Posted
Posted

OK, but as for waiting for the drives to become responsive, how long have you waited? It still sounds like something is actively scanning the drive, and USB hard drives can take a while to scan, particuarly on the initial scan.  And, of course, the scan cannot occur on the drive until after it is plugged up.

Link to post
Share on other sites
MBAMproblem

MBAMproblem

Posted
  • Author
Posted

MBAM is the only one interfering. That I know.

 

As for how long, it doesn't matter how long I wait. I've waited ages!

 

Why MBAM? It's beyond me!

 

So, no matter how long I wait, the drive never shows up (if MBAM is enabled) and the computer just locks up beyond anything I've seen so far. I can't kill any processes, no matter how hard or how long I try. Disabling both services and rebooting fixes everything, and I can even plug in the drive right away during bootup without conflict. In fact, it can be already plugged in the USB port before booting and that works fin too, as long as MBAM is dead.

Link to post
Share on other sites
John L. Galt

John L. Galt

Posted
Posted

lol 2 TB is by no means little.  But since this lockup is occurring, I'm wondering if there is some sort of software that is attempting to run when you first connect the drive to the computer that is interfering with MBAM (or, vice versa, that MBAM is interfering with some auto run software on the portable HD itself).

 

And as for waiting AGES, I'm asking specific time period - 5 minutes, 10 minutes, 20 hours, etc.

Link to post
Share on other sites
Firefox

Firefox

Posted
Posted

I can't seem to find the post ATM but I seem to recall there was an issue with Malwarebytes and some external drives under certain conditions.

You may try to manually update to version 2.0 as announced HERE and see if it resolves your issue.

If you would like someone from staff to see if there is a conflict or issue with your setup, then you will have to provide the logs below....

STEP 1

NOTE: If you have Win8/8.1 Skip Step 1 and go to Step 2 as DDS does not work on Win8/8.1

Please run the DDS scanner and send back both logs as attachments to your next reply.

Download DDS from one of the locations below and save it to your Desktop:

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool.

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please include both of the following logs in your next reply as an attachment: DDS.txt and Attach.txt
  • You can ignore the note about zipping the Attach.txt file and just post it or attach it.
STEP 2

Please run mbam-check and send back the log as an attachment to your next reply.

  • Download mbam-check.exe from HERE and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post; instead please attach to your next reply the CheckResults.txt log file which should now be located on your desktop.
STEP 3

Please run the FRST tool and send back both logs as attachments to your next reply.

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system - that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your next reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your next reply.
Link to post
Share on other sites
exile360

exile360

Posted
Posted

As I recall, there is an issue with ESET and some external drives. It's possible that this is exacerbated when Malwarebytes Anti-Malware is also loaded at startup.

Also, if you need the services, processes and drivers to stop for Malwarebytes Anti-Malware all you need do is right-click on the tray and choose Exit. We do not leave any processes or services running when you do that.

Also, what happens if you have none of Malwarebytes Anti-Malware's processes or services running and then plug in the drive, leave it plugged in, and then re-enable Malwarebytes Anti-Malware? Does the system hang then or does it behave normally? If it behaves normally, you might try using the Delay protection at startup option under Advanced Settings in Malwarebytes Anti-Malware to see if loading it with a delay helps (assuming the external drive is attached to the system during boot).

Link to post
Share on other sites
MBAMproblem

MBAMproblem

Posted
  • Author
Posted

John,

The computer had been running for hours, with MBAM running as well, before I decided to plug in the drive.

 

Firefox,

 

To install version 2.0 of MBAM, do I first need to uninstall my version of MBAM Pro? I will try that first before running dds. I do use dds and HijackThis on my own from time to time as I'm familiar with the programs and know how to interpret the logs.

 

Exile360,

 

The Delay protection at startup option under Advanced Settings is not included in my version of MBAM Pro 1.75.0.1300. That's why I had already added the DWORD manually in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware.

 

The

Link to post
Share on other sites
MBAMproblem

MBAMproblem

Posted
  • Author
Posted

I'm not asking how long the computer ran before you plugged in the drive.  I'm asking how long did you wait for your system to (possibly) unfreeze after you plugged in either drive.

 

Sorry about that.

 

Not sure how long, but I'd say 15 minutes max.

 

Do MBAM automatically scan USB devices when plugging them in? If so, is there away to exclude USB devices?

Link to post
Share on other sites
John L. Galt

John L. Galt

Posted
Posted

I don't believe so, but I am not sure.  The other factor is that you're on 1.75 and I'm on 2.00, so I cannot even go fiddling around in my settings to be sure.

 

If What Exile (Samuel) surmises is true, then it could readily be a situation where your computer would start running hot, and such, b/c it had locked up like that, being thrown into some sort of race condition b/c EST and MBAM were not playing nicely with each other.

 

Wold you be willing to try Exile's suggestion to see if you can close out of MBAM, connect a drive, then run MBAM and see if your system locks up or not?

Link to post
Share on other sites
MBAMproblem

MBAMproblem

Posted
  • Author
Posted

Also, what happens if you have none of Malwarebytes Anti-Malware's processes or services running and then plug in the drive, leave it plugged in, and then re-enable Malwarebytes Anti-Malware? Does the system hang then or does it behave normally?

 

Just tried that. Apparently, I may not have tried that before. With the drive plugged in, if I re-enable MBAM services, the computer doesn't freeze.

Link to post
Share on other sites
John L. Galt

John L. Galt

Posted
Posted

Kewl.  So now you have a work around for it.

 

When your program ever does get the upgrade automatically, you may need to keep doing this - but, as a test, at least once after the upgrade occurs, try not closing out of MBAM 2.00 and see if your compute lock up upon connecting another drive.

Link to post
Share on other sites
MBAMproblem

MBAMproblem

Posted
  • Author
Posted

Kewl.  So now you have a work around for it.

 

When your program ever does get the upgrade automatically, you may need to keep doing this - but, as a test, at least once after the upgrade occurs, try not closing out of MBAM 2.00 and see if your compute lock up upon connecting another drive.

 

Thanks, that was my plan as well with version 2.0. Looking forward to it.

 

Thanks for your prompt replies and continued interest. Much appreciates! :)

Link to post
Share on other sites
MBAMproblem

MBAMproblem

Posted
  • Author
Posted

After upgrading to version 2.00 this morning, I'm happy to say MBAM isn't interfering with my Seagate external hard drive anymore. MBAM, ESET and Seagate can co-exist peacefully now. :) Was the issue really addressed and part of the release, or is this purely coincidence?

 

However, I have a couple more questions.

 

I installed the new version without uninstalling version 1.75.0.1300 because I wasn't sure if it was necessary or if it would cause problems with my license. It installed normally and replaced the old one without a glitch. Now, when looking into the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware, it still shows program version 1.75.0.1300 instead of 2.00.0.1000. Is this normal?

 

One other thing. To avoid conflicts with ESET, I had already wrote a DWORD value called delayguistart and it was set to 60 seconds. Seems the new MBAM doesn't need it anymore. It takes at least 2 minutes or so for the icon to show in the systray. I deleted the DWORD and the new delay is still very active. Was this done on purpose to avoid any conflicts with other programs (ESET) loading with Windows?

 

Do I still need the MBAM exclusions in ESET? (I'm leaving them anyway)

 

Thank you

Link to post
Share on other sites
Firefox

Firefox

Posted
Posted

Sorry it took me so long to respond...

Yes MBAM 2.0 can be installed right over 1.7x. It will carry over you license to the new version.

It is normal to have HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware in your registry. The only way to get rid of that would be to run the mbam-clean too, but then you would have to re-install the latest version of MBAM and re-register your copy.

No you no longer need the delayguistart with the new version of MBAM 2.0 as the GUI is different and you have many more options, including the Delay Protection at startup for XX seconds.... which can be found in the settings Tab -> Advanced Settings

As for the exclusions, I would leave them anyway. As a matter of fact, I would remove them and re-add them since the files are now located in a different folder and the versions have changed....

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.