Jump to content

What exactly is happening with Prescan Operations


Recommended Posts

The reason I ask this is because this has proven to be the only problem I am having with Malwarebytes Premium running on a Windows 7 SP1 system, which is also a webserver and mail server.

 

Because my "box" is a server, it is important to me to try to keep my uptime and avoid unnecessary reboots, whenever possible. My only problems have come from Malwarebytes 2.1.8.1057 ( I believe this is the latest version) during scans, which I run manually once a day, usually in the morning.

 

I have been through the usual "drill", i.e., sending the requested files via email to support, doing the clean install, etc. and I am tired of going around in circles with this. It is the only software running on my system that does not consistently work.

 

I switched to manual scans after one to many "hangs" in prescan operations and finding my box has been running the scan for hours. I can't kill the process once the "hang" occurs and am forced to reboot. Clicking "Stop Scan" does nothing once the hang occurs.

 

I have tried several "tricks" to get around this problem...checking for updates first, then giving it a few minutes if an update was available, then checking again before running the scan. For a while I would shut down the scheduler service manually, exit malwarebytes, restarting the scheduler service and restarting Malwarebytes in an attempt to "mimic" a reboot but found that approach counter-productive.

 

Today, I checked for updates, waited a few minutes, then checked again and when "No update available" shows up, running the scan. The hang on prescan operations occured forcing another reboot. After the reboot, the scan runs fine.

 

I am not going to, once more, send the requested files, do yet another "clean install", etc. I would like to know what occurs during "prescan operations". My strategy for now will be to wait a little longer for after the manual update. I would also like to know how one can stop Malwarebytes, somehow, when it hangs. There should be some escape method that doesn't require completely rebooting my system.

 

In general, I really appreciate Malwarebytes Premium, and watching the malware and malicious IP's being blocked feel it is a great tool, so don't think I am only being belligerent, please.

 

I am only trying to fix a problem that occurs periodically. My two questions then are 1) What exactly is happening with Prescan Operations and 2) How can I stop Malwarebytes once it hangs, short of a reboot.

 

I think my 2nd question is part of the security features of Malwarebytes, perhaps. Yet there should be some fail-safe mechanism to stop the scan when it goes bad without a reboot.

 

Regards,

Axis

Link to post
Share on other sites

O.K., I am getting no answers to my questions, either via email, or on the forums. I realize the Malwarebytes people are extremely busy, but aren't we all?

I am attaching my CheckResults file, in case anyone sees anything useful.

So I got away with one day without needing to reboot on Prescan Operations hanging. I finally managed to kill it by stopping MBAM services, and killing in task manager. However, on restarting everything MBAM was not available in my system tray and I had no idea of what was going on or ability to scan again.

So I am attempting an answer to my own question. I am guessing that Prescan Operations loads the definitions and exceptions (I have no exceptions), prior to scanning. I know it also checks for updates, but because of my reported problem, and because my scan is manual, I always, check for updates first, wait several moments and do something else and then check again before running the scan. Safe guess?

So in addition to attaching the CheckResults file, I will mention that the scan only takes me (when it doesn't hang) about 7 minutes, largely because I my C drive is only 17.7 GB used on a 500 GB drive. As a server, I like to have as little as possible on my C drive that it is not necessary.

So, in addition to the attached file, I am going to ask a different question with this prelude, since installing Malwarebytes Premium, I have never 'caught' one Malware on my system during a scan, though many things are blocked and prevented during it's operation.

Would it be safe to simply run the scan on the one day a week I reboot my system? I know the recommended setting is to scan daily but I have to do something. It is either that, at this point, or revert to the free version which never seemed to have a problem with scanning. I simply cannot reboot my server/computer every day and expect anyone to visiting my pages to put up with periodic (daily almost) reboots.

I am trying to stay polite and not overly display my frustration with this issue. If I can get no support, I will need to do something...not sure what at this point.

Regards,
Axis

Link to post
Share on other sites

  • Root Admin

Your WMI Windows Management Interface is not working properly. Something is either blocking or preventing secure signed files from being verified. The integrity of some files are in question.

 

Not saying you're infected but you certainly have something going on or possibly damage from a previous infection. I would also recommend you remove the compatibility from the following file. No files if possible should be running with any type of compatibility settings.

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

    C:\Program Files\Kerio\Personal Firewall\PFWADMIN.exe

 

 

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.
 

Thank you

Link to post
Share on other sites

That Kerio personal firefwall was something I tried to install when, many years ago, when I first moved from Windows 2000 and jumped over XP and first built my new box and installed Windows 7. I received the message that it was incompatible with with windows 7. Uninstalled it.

 

It was never actually installed, but as you noticed, it apparently left it's mark in the registry. I removed the whole Kerio entry in the registry, as I wrote this post. I know I am not infected. Windows just does a terrible job cleaning registry keys from uninstalled (or in this case, never installed) registry keys. If I was infected, I would know it, and so would Bing, Google, etc. My websites would be blocked.

 

I have been talking via email to support people, one of whom notified me as to your "expert" level post here on the Forum. Today I went through this procedure. Upon first check of my PC/Server I made a restore point and ran disk clean up. Checked my sites and made sure all was well. Checked for updates. Received an update. Waited 5+ minutes. Did some folder backups and rechecked my sites. Turned off Malwarebytes for about 10 sec. and restarted Malwarebytes. (???) After it told me I was "fully protected", checked for updates again. No update availale. Took the plunge and ran the scan: 6 minutes and 5 sec. Results: 0 Malware and 0 non-Malware.

 

If there are "strange" things going on with Windows Management, I am probably the culprit, not some infection. Fact is, I don't like at all the way Windows "manages" things, it actually sucks, and over the years have made changes and stripped out things I neither wanted or needed. Now I have Windows the way I like it, not the "Windows Experience." I manage my system, not Windows.

 

I am going to have to find my way through this issue myself, I think, like I do almost everything else. I always win through. In the support email I asked if Malwarebytes is always on and I am always protected, did I really need to run daily scans. The support person said if Malwarebytes is always on, I was always protected. Regardless of what Windows thinks of me, or I think of Windows so-called "Management", I have the choice, apparently, of either scanning less frequently (like once a week just before I would do my usual weekly reboot) or reverting to the free version, which does not have the protection I like but never gave me any problems in scanning. I think I'll stay my first option.

 

People can talk about security all they want, but my machine has never been compomised by a virus. The reason I purchased Malwarebytes is the very first time I ran it (free version) I found one Malware and two PUP's. Since then every virus scan and every Malwarebytes Scan has come up "clean." We live in a world where everyone is trying to protect us; our operating systems, our browsers, and our anti-virus and anti-malware software. I am very safe in what I do. No one has ever "hacked" my server though I watch them try endlessly. My server is hardened and everything running on it is protected. On the personal side, I run Firefox as my browser (latest version), do not accept cookies except by adding exceptions, and run all mail through a old "MailWasherPro" program to filter out spam. My mail client is on a zip drive removed from my main drive...sorry...the point of this is that my Box is clean, and as of this morning has zero malware according to your software.

 

Thanks for your help. If you think  I am crazy or stupid for doing things the way I do, I can understand. The thing is, bottom line is, everything works and is "clean." I do things to make my box the "Axis" exprience, not the Windows experience.

 

Last note, no one has told me the answers to my original questions, though in posts above I took a guess at what happens in Prescan Operations. And, no one has told me how one can stop a "runaway" scan, short of a reboot. In the days that have passed, I have looked for others seeking the answers to the same question, but no one had any defintive solution though many, apparently have experiened the same problem. Not just here on Malwarebytes, but in other websites. I would be nice if "pause" or "stop" scan actually worked.

 

And a final comment, why does a reboot not only stop the runaway or stalled scan (that is obvious), but then allows a scan to run perfectly?

 

Thanks again...if you want to drop this issue, I'll make my way somehow. If you have something further you would like to say, I'm all ears.

 

Kind Regards,

Axis

Link to post
Share on other sites

I will get corrected if wrong...

 

The prescan loads the entire MBAM database ( however big it is at that time, it gets pruned form time to time) in to memory. Depending on what the system is doing memory and cpu wise that can take time or in your case stall. I don't know the answer to your stalling. Your computer being used as a web/mail server might be complicating things as it was not designed to run on computers doing server operations.

Link to post
Share on other sites

Thank you Porthos--

 

One thing I *did* change since yesterday: I run a small program called "CleanMem." I had a non-default setting of "clean system file cache memory" (which is triggered when Memory reaches a certain level), which I changed yesterday to only clean memory itself, which it every does so often. I like the program...everything runs faster, including my server. Maybe putting this back to not clean system file cache helped today.

 

A thought...time will tell.

 

Thanks and Regards,

Axis

 

 
Link to post
Share on other sites

  • Root Admin

Well it's your system but with WMI not working properly I can tell you no it is not "secure" but I'm not here to argue the issue. The way the computer is currently setup is not supported and no way to determine if the pre-scan issue is due to this or not. As you've indicated you'll manage this on your own then there does not appear to be much else we can do to assist you. If you wish to "fix" the broken items then let me know otherwise we would appear to be done here.

 

Thank you  again

 

Ron

Link to post
Share on other sites

I "found my way" on my "insecure machine" (with zero malware and zero virus's). Scanned 4 or 5 times without the hang. Happy Axis. Special thanks to Porthos for his clue about memory. I made and exception in Clean-Mem for the three main executables involved in Malwarebytes that excludes them from memory cleaning. I still follow the 'exit and restart' Malwarebytes similiar to that listed in first post only I don't bother with the stopping the scheduler service.

 

Thanks all...things are as fixed as they can be.

 

Regards,

Axis

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.