Jump to content

Context menu scan blocked by hosts .


Recommended Posts

 When I attempt to scan an individual file or folder from the context menu all I get is the Malwarebytes GUI .

Unless I disable my hosts file . The the right click context menu scan works fine .

I use a large hosts file & finding the exact blocked site would be difficult especially if there are multiple sites involved.

I would like to know the sites that Malwarebytes Anti-Malware attempts to contact when a context menu scan is selected .

Or what sites or web addresses does it "phone home" to ?

I have found a "workaround" . 

If I right click a file , select scan & let the GUI come up & then right click & select to scan a second time .

The file is scanned .

I did a regular uninstall with Windows of Malwarebytes Anti-Malware .

I didn't use the clean-up tool for this. (I've never needed to in the past).

Then after a reboot I installed a fresh downloaded Malwarebytes Anti-Malware from the installer .exe .

I'm using Windows 7 HP .

 

 

Link to post
Share on other sites

Hello and :welcome::

I've not seen that issue reported before.

I suppose it's possible that something in your hosts file is blocking it, perhaps because MBAM phones home to check for database updates as part of its pre-scan operations. (The same problem would likely occur for a Threat or other scan, not just the context menu scan.)
However, I don't know the precise URLs for this, or if that information can be publicly disclosed.

I understand that you have reinstalled MBAM, but that you did not use the removal tool.

So, the first steps for routine troubleshooting would be to perform a proper CLEAN reinstall, using the special removal tool to clear out wonky or corrupted settings. That may resolve the issue.

Let's try this first....

 

  1. Please follow the steps in this pinned topic to uninstall your current version of MBAM and reinstall the latest build - MBAM Clean Removal Process 2x
  2. If that does not correct the issue, then please read the following and attach to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: FRST.txt, Addition.txt and CheckResults.txt)
  3. NOTE: More info about v2.2.1 HERE; User Guide ONLINE; User Guide PDF; FAQ: Common Questions, Issues, and their Solutions


Please let us know how it goes.

Thank You,

Edited by daledoc1
clarify
Link to post
Share on other sites

 I have downloaded the recommended tools for the clean up.

I am using the free version of  MBAM .

Since you suggested: 

Quote

 (The same problem would likely occur for a Threat or other scan, not just the context menu scan.)

I'm running a Threat Scan first . It seems to be running with no problems .

It has reached the point of "Scan File System " where it will be for a while.

After the scan completes I will start the clean procedure .

The try to get the logs requested  & post those . 

Any thoughts on why selecting a file the second time with the GUI up makes the scan work ?

Link to post
Share on other sites

 The hosts file size is the cause .

The maximum lines in the hosts file is 363996 .

I can't say that number is set in stone because it might also be the total number of characters .

I don't have a way to calculate that.

The hosts file I tested with & had added to the hosts file I use came from:

https://www.hosts-file.net

It is a very large hosts file & I added it to the one I use which wasn't small.

When I tested for the size I just used the hosts-file.net one . As it was plenty large .

That way the one I use wasn't corrupted .

I didn't think it was a  Cryptoprevent conflict, Because I have used it for some time.

Everything was working before I added the large hosts file to mine.

I wasn't sure but I do think settings made by Cryptoprevent is responsible for the Attention's in the log file.

It's my understanding gpedit is where  Cryptoprevent does its' settings .

I will probably just use the workaround I posted above.

 

Link to post
Share on other sites

  • Root Admin

Difficult to say for sure. There are quite a few people that run a large hosts file and I don't recall anyone else complain of this issue. Please try the following and see if it help or not and let us know.

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and selectRun As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

 

 

Link to post
Share on other sites

 I have done as you requested ..

I ran  TFC.exe  & rebooted here is the TFC.txt file:

TFC.txt

I then ran  AdwCleaner  & did the Scan & the  "Clean" ..

All that was found was a Yahoo toolbar. I didn't know I had this as it never popped up in any browser I use.

I was glad to remove it .

BTW the " Report" button is now the "Logfile" button .

These are the log files:

AdwCleaner[S1].txt

AdwCleaner[C1].txt

This is the second scan after a reboot:

AdwCleaner[S2].txt

 

I hope it was OK to just attach the log files .I can copy & paste them if necessary.

 

I have a request for you . 

Download the hosts file from :  https://www.hosts-file.net

Try it on a Windows 7 Home Premium 32-bit OS if possible .

Then check an individual file with the right click context menu .

See if all that comes up is the GUI.

I usually use a modified hosts file but I used the one above just as it downloaded to test with.

For me it has the problem.

All I have to do is reduce the number of lines to 363996 or less & the context menu works.

With no other changes made.

 

Link to post
Share on other sites

I decided to test my laptop also.

I hadn't added the larger hosts file to it because of the problem with my desktop.

I copied the hosts file directly from my desktop to my laptop.

The difference is the laptop is Windows 7 HP 64-bit .

It can scan a individual file from the context menu.

So it is a 32-bit problem as well.

Link to post
Share on other sites

 Thanks .

Maybe it can be sorted out .

I also have an XP home 32-bit  or x86 partition on my laptop .

I tested it as well . With the much smaller older hosts file it did a scan from the context menu with no problem .

When I use the large current hosts file that I have in the Windows 7 .

The XP doesn't even open the GUI from the context menu . So of course it doesn't scan .

I didn't test with the amount of lines posted above but I expect that would make the scan work.

The problem seems to be with a large hosts file & a 32-bit or x86 Windows OS .

This is on two different computers  . On the laptop the Windows 7 64-bit or x64 worked with the large hosts file .

I do have a Vista  & an XP Pro both x86 on my desktop on separate hard drives ..

I can boot to them on startup instead of Windows 7 .

I can tests those but I expect the results will be the same .

Link to post
Share on other sites

  • Root Admin

Click the start button.
Type services.msc in the search box.
Click on services.msc in the search results.
Scroll down until you see "DNS Client" in the "Name" column.
Double click on "DNS Client."
Click the Stop button.
Then under "Startup Type:" change it to "disabled"
Then try running a context scan with MBAM and let us know if that fixes it for you..

 

Edited by AdvancedSetup
Link to post
Share on other sites

  • Root Admin

Not sure then what's going on. We had QC test and confirm that they too could duplicate the issue on XP and Windows 7 x86 but as soon as they disabled the DNS Client the issue went away. If you like we can take a look and see if perhaps your computer has some type of infection or other issues that might be preventing this fix from working for you.

 

Link to post
Share on other sites

Think you for the help you have given . I do appreciate the effort.

I think I will just use the work around .

It just requires right clicking a file waiting for the mbam GUI to appear (Dashboard screen).

Then right clicking the file again . Then the scan begins & completes .

In normal operation the scan begins immediately then a "Finish" screen appears .

After selecting the "Finish" button the Dashboard screen appears.

Since I have tried this with four different OS's on two different computers .

The two computers aren't networked other than using the same router .

No file sharing ,etc. With the only OS that works normally being Window 7 HP 64-bit .

I don't beieve I have an infection . Scans with my active & in active anti-virus programs would bear this out.

As well as running a full scan with mbam ,

mbam did find two entries it reported in the hosts file .

I hash tagged # those to "comments" which is the hosts file has the effect of disabling them .

The are : 127.0.0.1 id.google.de &  127.0.0.1 palsol.com .

If that helps figure out anything . 

 

 I understand why the QC Team thought the problem might be the DNS Client AKA DNS resolver or cache.

That is why I already had this disabled . A large hosts file can fill this cache beyond its' capacity .

I had been using a large hosts file previously to adding to it.

MBAM was working correctly with it.

My old hosts file is : 2183KB with 68015 lines .

The current one is: 15378KB with 454925 lines.

 

 This I suppose could be filling some other cache but I don't know which one that might be.

 

 I wanted to ask the QC Team when the tests were done .

Were the XP & Windows 7 x86 OSs done in VM or an active OS on a hard drive ?

I don't use any VM mounted OSs.

A VM mounted OS is usually "leaner" (less software installed).

While that can be good it is a lot less likely to have conflicts that a well loaded with software OS like I & a lot of people have.

 

This is where I think the QC Team should look :

The Dashbord GUI comes up when an individual file is selected to be scanned by right click in the context menu .

That isn't the normal behavior .  What in MBAMs programing would cause this ?

Then when the Dashboard GUI is on . Why would the second right click to select the scan work ?

Even if the cause the QC Team found . A full DNS Client activates this . Why & what is the reason that MBAMs programing reacts this way ?

To put it a second way : Why does it matter to MBAM what the DNS cache is like on whether it does a right click individual scan .

MBAM programing shouldn't be using that as a "trigger" mechanism .

 

 In the end I intend to continue to use a large hosts file .

I can live with the workaround.

Maybe this can be fixed in a new version . I hope it will be & that is one of the reasons I posted.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.