Jump to content

Threat scan gets stuck in certain system folders


Recommended Posts

When I try to run a normal threat scan with MBAM 2.0.2 (OS Windows 8), the scanner just gets stuck to some files in System32/SYSWOW64 folders, No matter how long I wait, it just doesn't advance beyond those files.

 

some examples

C:\WINDOWS\system32\Com\mtsadmin.tlb

C:\WINDOWS\SYSWOW64\elsTrans.dll

...and if I add these to exclusion list, some other file in those folders does the same thing.

 

Other scanners like MSE and ESET online scan don't have any problem with them, also the pre-2.0 version of MBAM didn't have any problems getting stuck. I also copied those files and scanned them with VirusTotal, they showed up clean. Should I be worried, or is it just MBAM acting funny? If those files were really infected, at least VirusTotal should have found something about them?

 

Also, it seems that this isn't the fist time mtsadmin.tlb is causing problems with scans, after googling I found this thread and others about the same problem:

http://answers.microsoft.com/en-us/protect/forum/mse-protect_start/cwindowssystem32commtsadmintlb/74edf08c-6807-4283-84f9-7e78aec28bcd

 

PS: It might also be worth noting that I don't have any real signs pointing that PC has a malware infection, just found out this problem after doing routine scans with the new version. I just like to regularly scan my pc just to be on safe side.

Link to post
Share on other sites

Hello and :welcome:

Let's try this first....

Also is your hard drive encrypted? What antivirus software are you using? Are you scanning with rootkit scan enabled?

Thank You,

Firefox

Link to post
Share on other sites

If you can still reproduce this issue then please do the following if you would in order to assist us in tracking down the cause of this problem and getting it fixed. This information will be provided directly to our Development team that works on Malwarebytes Anti-Malware.

Reproduce the issue by performing a scan and once it has been stuck on the same folder or file for at least 5 minutes, do the following:

Create Crash Dump using Windows Task Manager on Windows Vista/7/8/8.1:

  • Open Task Manager by pressing Ctrl+Shift+Esc on your keyboard
  • Click Show processes from all users at the bottom to enable that option and click Yes if prompted by User Account Control
  • Click on the Image Name column near the top to sort the list of running processes by name
  • Locate the mbam.exe process and right-click on it, selecting Create Dump File
  • Wait a moment while Windows creates the dump file
  • Once it completes it will inform you of the name and location of the dump file (typically C:\Users\Your user name\AppData\Local\Temp\mbam.dmp
  • Navigate to this location and right-click on the mbam.dmp file and choose Cut
  • Right-click on your desktop or some other convenient location where you'd like to place the file and choose Paste
  • Right-click on the mbam.dmp file you just moved and hover your mouse over Send to and choose Compressed (zipped) folder
  • Attach the mbam.zip file you just created to your next post or if it is too large, upload it to a file sharing service such as WeTransfer and provide the download link for the file in your next reply
Upload File(s) to WeTransfer:
  • Visit WeTransfer.com
  • Click on I Agree

    4ENbg3P.png

  • Click on the icon on the lower left indicated in the below image

    qKOjzXD.png

  • Select the Link option

    Cyzhcx1.png

  • Click on +Add Files

    CvZMyrC.png

  • Browse to the location of the file and double-click on it or click once on it and select Open

    S5Ty834.png

  • Click on Transfer

    8eYfZGi.png

  • Once the transfer completes, click on Copy link

    fkb0tkR.png

  • Once you receive the Copied! message as indicated below, paste the link into your next reply

    ndpEstA.png

Link to post
Share on other sites

Hello and :welcome:

Let's try this first....

Also is your hard drive encrypted? What antivirus software are you using? Are you scanning with rootkit scan enabled?

Thank You,

Firefox

 

Hard drive is not encrypted, no other always active antivirus than MSE, rootkit scan is enabled. Reinstalling after clean removal didn't help.

 

Here are my log files as requested.

Addition.txt

CheckResults.txt

FRST.txt

Link to post
Share on other sites

So, now I managed to run a scan with shuriken heuristics too, it didn't find anything malicious either. It just took fooooooooooreeeeeeeveeeeer to do the final heuristic analyses, I almost thought that it would be stuck.

 

I think that now it's clear that the rootkit scan is the thing causing the scan getting stuck, I just hope that it's some random silliness with MBAM instead of potential rootkit infection (Like I said in opening post, I've had absolutely zero problems with the machine at all so I find it hard to believe that there would be an infection, but then again rootkits can hide really well...).

 

Anyways, here's the dump file of a scan stuck at C:\Windows\System32\Com\MigRegDB.exe:

http://we.tl/t2mxdburjV

 

I scanned MigRegDB with VirusTotal just to be sure, it showed up as clean.

 

Also it would be nice if you could comment on my FARBAR scan log: it looks clean to me (= doesn't contain anything that looks out of place), but an expert opinion would still be nice - I could always be missing something.

Link to post
Share on other sites

Just to have enough material, here's another dump file of a stuck scan, this time it got stuck at C:\Windows\SYSWOW64\Com\comadmin.dll

http://we.tl/sswk0FLOFx

 

I also found it interesting that somebody had the exactly same problem with the same file a little while ago, however that user was using the dedicated anti-rootkit scanner instead of MBAM:

https://forums.malwarebytes.org/index.php?/topic/132669-mbar-system-scan-hang/

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.