Jump to content

Right Click Scan Times Increasing


Recommended Posts

Good Morning

 

I am running MBAM 2.0.4.1028 on desktop with Windows 7 Home Premium 64-bit.

 

For some time now whenever I do  Right Click scans - for example on downloaded Pdfs - the first one is reasonably quick, say 2mins, but then the next one on a similar file will take longer - about 50% more (3.5mins) and then the 3rd one comes in at nearly double that time (5mins).

 

This trend continues throughout the session but then when switching off and re-booting the first scan on a Right Click menu returns to a short time and will then increase as before with subsequent scans.

 

The scans show as Threat scans and do Pre-Scan actions and File items only.

 

I wonder why this happens and if there is anything I am doing wrongly or any settings I have not put in correctly?

 

Hope someone can help me.

 

Regards

 

Roy

Link to post
Share on other sites

You are trying to use Malwarebytes as if it was an antivirus program.... in this case Malwarebytes does not target PDF files... see below...

 

MBAM does not target script files. That means MBAM will not target; JS, HTML, VBS, .CLASS, SWF, BAT, CMD, PDF, PHP, etc.

It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc.

It also does not target media files; MP3, WMV, JPG, GIF, etc.

Until MBAM, v1.75, MBAM could not access files in archives but with v1.75 came that ability so it can unarchive a Java Jar (which is a PKZip file) but it won't target the .CLASS files within. Same goes with CHM files (which is a PKZip file) but it doesn't target the HTML files within. MBAM v1.75 specifically will deal with; ZIP, RAR, 7z, CAB and MSI for archives. And self-Extracting; ZIP, 7z, RAR and NSIS executables (aka; SFX files).

MBAM specifically targets binaries that start with the first two characters being; MZ

They can be; EXE, CPL, SYS, DLL, SCR and OCX. Any of these files types can be renamed to be anything such as; TXT, JPG, CMD and BAT and they will still be targeted just as long as the binary starts with 'MZ'.

MBAM is not an anti virus application. MBAM targets mainly non-viral malware. The exception being a virus dropper ( a malware file that drops a virus and starts a virus infection but is not infected with the virus ) and worms ( such as Internet worms and AutoRun worms ).

MBAM is incapable of removing malicious code that has been prepended, appended or cavity injected into a legitimate file. That means if a file infecting virus infects a legitimate file MBAM will be unable to remove the malicious code. An anti virus application should be able to remove malicious code from an infected file and hopefully bring it back to its preinfected state. Which may or may not return the file to its original, non infected, checksum value.

A file infecting virus will prepend, append or cavity inject malicious code into a legitimate file. Once infected, that infected file can futher the infection by infecting other legitimate files.

On the other hand there are trojans that will prepend, append or cavity inject malicious code into a legitimate file. However that file can not infect other files. The infection stops with that targeted file. These files are either deemed to be "trojanized" or "patched". Since MBAM can not remove the added malicious code, at best MBAM will try to replace the trojanized file with a legitimate, unaltered, file.

I hope this broadens your understanding of what MBAM can not do and why MBAM is an adjunct anti malware solution that is meant to complement a fully installed anti virus application and not replace it.

Link to post
Share on other sites

Gosh!!

They say you learn something new every day!! That certainly applies to me in this case - and all these years I thought I was doing the right thing.

Think I will abandon using MBAM for scanning downloads and just stick to Avira and SAS in future.

Thanks for helping me.

Regards

Roy

Link to post
Share on other sites

To add to this thread as a FYI...

 

It is also best to uncheck ( disable ) the "Folder Options" option "Hide extensions for known file types".

 

This will show the true nature of a file IFF it uses a Double-Extension such as;  DownLoaded.PDF.EXE

 

If "Hide extensions for known file types" is enabled you will see;  DownLoaded.PDF   and you will think the file is a PDF ( especially if it uses an Adobe recognized Icon ) because it is hiding the .EXE  file extension.  Thus obfuscating the malicious intent of the file.  Disabling this will reveal it is really DownLoaded.PDF.EXE      (  IFF it uses a Double-Extension )

 

 

post-14644-0-11558000-1418921089_thumb.j

Link to post
Share on other sites

Thank you for all the information.

 

I am not very computer literate and so find it difficult to understand fully all this, but I am getting the general idea of what you are telling me.

 

I am, however, still confused by the situation referred to in my first post regarding the increases in scan times when doing consecutive Right click scans on individual files.

 

Yesterday I did 8 consecutive such scans and the time results are:-

 

1) 2.02 mins  2) 3.44 mins 3) 5.11 mins  4) 6.26 mins  5) 7.34 mins   6) 8.57 mins  7) 9.22 mins  8) 10.48 mins

 

7) and 8) were .exe files  - updates to C Cleaner and Skype.

 

All files were also scanned with Avira and SAS with all times being so quick that they did not register on the "report" box.

 

After logging off overnight and rebooting this morning the results for 7) and 8) are:-

 

7) 2.08 mins  8) 3.56 mins

 

It seems to my amateurish reasoning that these scans are re-running all the previous ones each time a new one is done and then the field is cleared when the session is logged off.

 

Is this possible, or is there a more technical reason?  Is it possible to change this behaviour?

 

Regards

 

Roy

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.