Jump to content

Recommended Posts

Hi,

I've just installed MBAM on my always-on nerve center, and noticed some very high CPU usage. I am using Windows Media Center on Windows 7 Professional to watch cable TV, and have several Media Center Extenders - four Ceton Echos, and an Xbox 360.

Windows creates a new user with the name scheme "McxN-*nameofpc*" for each Media Center Extender set up with the PC. For each of those users, an mbam.exe process using up 20-25% of CPU time is loaded whenever that extender is connected, and never goes away.

Here's a screenshot of my task manager, illustrating the issue:

 

mbam_high_usage.PNG

 

A few more thoughts:

  • This is a modern CPU, a Core i5 4570S, getting hammered here.
  • This is a brand-spankin'-new install of Windows, with all the updates, that we're talking about here, so I'm ruling out any kind of cruft-based corruption.
  • Media Center is streaming uncompressed MPEG2 streams over a discrete NIC (an Intel Gigabit CT) and VLAN (subnet 10.10.0.0).
  • My tuners are external - two SiliconDust HDHomeRun Primes on the same subnet as that secondary NIC and the Media Center Extenders.
  • The tuners have their latest firmwares installed. As do the Media Center Extenders. 
  • I did NOT try shutting off the Advanced Heuristics Engine as yet. 
  • My pagefile is currently 1GB. But I really don't need a larger pagefile with this amount of RAM (16GB).
  • I have already tried adding the relevant Media Center processes - ehshell.exe, ehrec.exe, ehrecvr.exe, ehtray.exe, ehsched.exe - to the web exclusions lists in MBAM. No dice.
  • Adding C:\Windows\ehome to the malware exclusions list also didn't work.
  • Adding the IP addresses of my client Media Center Extenders to the web exclusions list also didn't work. 
  • Shockingly, turning malware and web protection off did NOT stop the MBAM process for other users! The only way to stop it is to kill the process.

I'm not sure what I may have missed, but any help here would be appreciated.

Link to post
Share on other sites

Hello and :welcome: :

 

We will need to wait for staff or a forum expert for help with this.

 

Until then, it would help to have a bit more system info.

Please read the following and attach to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)

 

Thanks,

 

Thanks for the welcome. 

My logs are attached.

logs.7z

Link to post
Share on other sites

  • Root Admin

Does this issue happen when you don't load MBAM at startup? Normally the only time CPU is used is during a database update or a scan.

Please remove all scheduled tasks from MBAM temporarily. Logon with each user account and verify there are no scheduled tasks.

Then restart the computer and verify if the issue remains or not. There should be no need for MBAM to be using CPU at this point.

Link to post
Share on other sites

Does this issue happen when you don't load MBAM at startup? Normally the only time CPU is used is during a database update or a scan.

 

So far I've only ever had it set up so that MBAM loaded on startup. I can try to test to see if loading if after startup affects anything - not sure if you were asking me to do that.

 

Please remove all scheduled tasks from MBAM temporarily. Logon with each user account and verify there are no scheduled tasks.

Then restart the computer and verify if the issue remains or not. There should be no need for MBAM to be using CPU at this point.

 

I should not that this issue was happening before I ever set up a scheduled task of any kind. Also, I only ever set up a scheduled task for the main user, Admin. I am not capable of logging in as McxN-MEDIA - only the Media Center Extenders can do that, and whatever password they use is not known to me. 

 

Regardless, I'll remove all scheduled tasks and get a new set of logs to illustrate that scheduling doesn't seem to be the issue.

Link to post
Share on other sites

I just removed my one scheduled task, shut off realtime and web protection, and shut off MBAM loading on startup. Upon restart, and connecting a Media Center Extender, no mbam process was running at all, and everything was working fine (er, save for not being protected by mbam). Immediately after starting MBAM, the mbam.exe process showed up under the MCE's user name, gobbling up 20%+ of CPU.

 

Changing it so that MBAM did start with the computer, but still without realtime or web protection, had the same result.

 

Logs for both tries are attached.

no-startup.7z

startup-without-protection.7z

Link to post
Share on other sites

Sorry, my point is does this happen without MBAM. If you uninstall MBAM do you have this issue ?

 

Just refreshed the page, sorry. If the MBAM suite never starts (first try in last post), then mbam.exe never starts - mbam.exe is what is using up all that CPU time. I'd imagine that if I uninstalled MBAM, um, I'd get the same result :)

Link to post
Share on other sites

  • Root Admin

Hmmm just doesn't make sense that MBAM would be scanning. If you want to view it further we'll need to look at it in the malware removal forum, this sub section of the forum does not allow us to run many tools.

Please open a new topic in this forum and explain that I've asked you to and that I will help you

https://forums.malwarebytes.org/index.php?/forum/7-malware-removal-help/

Then post back the link to your new topic and we'll look at running some other tools to see what's going on.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.