Jump to content

Malware Bytes Finishes too Quickly?


Recommended Posts

I was running a virus/custom scan of my C: Drive with "Scan for Rootkits" checked as well as the other 3 which were default selections.  Also the PUP/PUM's are treated as Malware.

Also, after posting I had 2 "normal" (i.e. >1 hr) scans, but today it's back to 20 sec's.

I attached an example of each.

Andy Bouffard

MB_2016-0620_20secs.txt

MB_2016-0619_1Hr,51mins.txt

Link to post
Share on other sites

The 20 seconds scan only scanned 279 objects, while the 2h one scanned 842,259. Since it's a custom scan, my guess is that you didn't scan the same things in both scans (since it's a custom one). How long does it takes for a threat scan to complete?

Link to post
Share on other sites

Hi, 

See attached for a Threat Scan that I just did.  Coincidentally the 1st time I attempted to do so, it did an anomalous  "Quick" scan where it seemed to skip over the different scan segments.  I did a shut down and waited for a minute (hopefully to flush out the memory) and when I restarted it seemed to run properly.

Ordinarily I my practice before this "Quick Scan" problem happened, was that I only did a scan on a weekly basis (if I remembered.

Could you expand upon the "wearing out" the SSD point - I would have guessed it might have been a consideration with a standard hard drive with mechanical parts, but with an SSD, it would seem that reading a little or a lot from it would be all the same to it.

Andy Bouffard

MB_2016-0621_ThreatScan.txt

Link to post
Share on other sites

Your threat scan log looks normal to me. 10 mins, over 300,000 files scanned. Currently running one as well to see.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2016-06-21
Scan Time: 9:07 PM
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.06.22.01
Rootkit Database: v2016.05.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Yoan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 468367
Time Elapsed: 12 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Edited by Aura
Link to post
Share on other sites

5 hours ago, olduser said:

How exactly a scan would put  "wear and tear" on a SSD drive? I thought a scan would just "read" from a drive.

That's a good question. 

Usually one uses the terminology of "wear and tear" to be associated with physical constructs associated with use, abrasion, handling and life span.  However with electronic devices there are "wear and tear" associated aspects.  Take a filament light bulb.  As the filament is heated it "boils off" electrons and tungsten.  To reduce the effects of boiling off electrons and tungsten, The bulb the filament is encased in is either placed in a vacuum or a a non-reactive gas is pumped in under pressure.  In effect that increases its life span and reduces its associated wear and tear.

In Sold State Drives we are talking about nonvolatile Random Access Memory ( RAM ).  It is deemed nonvolatile RAM because when the electric current is stopped, the circuit retains its state.  The state being a "1" or "0".  The circuit used is typically a Negative AND gate or NAND.  In the case of this kind of electronic circuit, and other forms, the gate "flips" to into either the "1" or "0" state numerous times.  It is this action that is a "wear and tear" factor.  There is additional circuitry for error correction.  However as the number of errors increase the ability to overcome them by the error correction circuitry decreases.  Therefore there is a life span associated with the device based upon the ability of the device to stave off errors.

It is the constant changing of state from "1" to "0" ( and "0" to "1" ) that constitutes wear and tear on a Sold State Drive based upon the resiliency of the semiconductor material.

 

Link to post
Share on other sites

You are quoting me.  I am not Firefox. But, he's a great guy so I am flattered.

You are assuming that a scan is all read.  That is not true especially if you are scanning with an "On Demand" scanner with a fully installed Anti Virus application installed performing "On Access".  There will be caching and extraction going on that will perform file reads and file writes. 

Malwarebytes' Anti-Malware ( MBAM ) defaults to scanning Archive and Self Extracting (SFX) Archive files using the formats of;  ZIP, RAR, 7zip, CAB and MSI with SFX formats from;  ZIP, 7zip, RAR and NSIS executables.  For example, if a CAB files has 10 files embedded in the file MBAM will extract, and write, adn then scan all 10 files.  Depending on how the anti virus performing on "On Access" and how it is configured and what vendor's application that is, it too may open, extract, write and scan files.

You may argue that the process open files handles for read more than it opens files handles for write and that would be true.  However any modern OS is chock full of the file types described so there will be a significant level of files writes even though you are just performing an "On Demand" scan with MBAM.  What I have described is just based upon the anti malware scanning process indicating how they will perform writes when files are being scanned for possible malicious content.  However the OS will also react according with its own caching and search indexing operations as well.

I am well acquainted with Solid State Drives.  I had a Dell representative in my office ( he was always there for my office mate ) on a weekly basis.  We had a very interesting discussion on SDD Data Sanitization based upon the fact they can not be degaussed nor can bit pattern re-writes thoroughly wipe the data based upon 1DoD Specifications.

----

1.  Unclassified Computer Hard Drive Disposition Sanitization - Linton Wells II, June 2001

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.