Jump to content

why right click to scan individual files , load full scan settings


Recommended Posts

Hi,

                  I presume there is some bug in scanning individual file or folder in malware bytes scan. It some times load the 3 ring action tabs, update, prescan and file scan. But mostly i experienced a bug, that even though it is available in right context menu, scanning of individual file loads 5 ring action tabs. update, prescan, and all scan including heuristic scan screen.

                        One would like to scan individual files after downloading to be scanned with malware bytes. If one selects, and it loads 3 rings then it is correct. But there is bug in the latest and recent version of malware bytes that it loads the full scan screen.

                             The matter was referred to help, and reinstalling of mb ofcourse solved the problem but only temporarily. Each time i select a file for scanning, it loads the total scan screen, which will take much time. Could any one give solutions to this

                               Just uninstalling and reinstalling one reputed application involves lot of time. Pl

Link to post
Share on other sites

  • Replies 69
  • Created
  • Last Reply

Top Posters In This Topic

Hi:

The attached screen shot shows what I see when I perform a context menu scan of a single file (in this case I was scanning my KIS installer file, a large binary). (NOTE: the scan completed in 7 seconds; I merely grabbed the screen cap before it finished.)

I'm not sure if this is what you are reporting, or if it's normal, but it would seem to be.
During a context menu file scan, MBAM is not scanning the registry or memory, so I would not expect to see those features listed in the scanner GUI.

(Also, for the record, this sort of scan is probably better suited to your AV.  MBAM only targets certain file types for certain types of malware.)

Please let us know if you need more help.

Thanks,

2016-08-31_10-14-55.png

Edited by daledoc1
clarification
Link to post
Share on other sites

Hi, I know, i expect this screen, but i get the whole scan screen containing 5 rings. That means entire file scanner. Is there a bug in the program. I sometime get this screen, but mostly get the total scan screen, That is the reason , why i came to this forum. I have uninstalled and reinstalled, but this behaviour recurs

Link to post
Share on other sites

Hi:

That is indeed puzzling.

I'm not sure why you are seeing the behavior you report, as I cannot reproduce it on my system.
I'm likewise puzzled by the report that reinstalling MBAM fixes the issue only temporarily.

In order for us (especially the forum staff) to be able to better assist you, it would help if you could please do the following:

  • Provide your Help Desk Ticket number & whether that ticket is still open; AND
  • Tell us whether your MBAM reinstall exactly followed the "best practices" recommended in this pinned topic, using the special removal tool and rebooting the computer when prompted by that tool: MBAM Clean Removal Process 2x

Thank you,

Link to post
Share on other sites

Hi,l Tim E attended the query and the ticket no is #1071265. . I have closed the ticket , as the solution worked temporarily.. I do not know, why could not you make it. But when i selected the individual files, it was happening. I once again uninstalled as per your linked procedure and installed and updated and scanned the first time , the threat scan. I will try and capture a pic if it recurs.

                                     Tim E has given the solution of total uninstall and reinstall. But the problem resolved only temporarily. I closed the ticket, by thanking him and informing the mb support , that i will raise the issue in the forum

Link to post
Share on other sites

Hi:

Thank you for the additional information.

Next, I suggest that you please follow the advice in this pinned topic: Diagnostic Logs
Then, please ATTACH all 3 logs to your next reply.
The 3 logs are: FRST.txt, Addition.txt, and CheckResults.txt

IF you have previously run FRST on this computer, please either delete the previous logs or move them to another folder before running the tool.
Also: please download a FRESH copy of FRST from the download site.
Please be sure there is a check-mark in the "Addition.txt" option before running the tool.

I have escalated your case to the forum staff.
Please be patient waiting for them to respond, as it is a 3-day holiday weekend in the U.S., where most of them are based.

Thank you again,

 

Link to post
Share on other sites

4 minutes ago, jraju said:

Hi, Where is more options button to click browse to enclose my 3 logs. I have run the two tools and has 3logs

The "More Options" button is no longer present in IPS v4.

Either drag/drop the files to the area below, or use the "choose files" link to navigate to their location and attach them (just like you did for the screen shot).:)

Thanks!

2016-09-04_8-28-37.png

Link to post
Share on other sites

  • Root Admin

Hello @jraju

In reviewing your logs it shows that you're running MBAM in compatibility mode. It cannot be run in compatibility mode otherwise, it will have unexpected issues.

If at all possible, no programs should be run in compatibility mode unless they simply just will not run otherwise. If that's the case, personally I'd recommend finding another program that does not need to run in compatibility mode. Please review the following and if you can remove all of them, as a minimum, though, you must remove MBAM from the compatibility setting.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
    C:\Windows\System32\ALSNDMGR.CPL
    D:\hprinterdriver\HP_Vista_SF_Ph1.exe
    C:\Program Files\MonitorTest\monitortest.exe
    C:\Windows\System32\igfxcfg.exe
    
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
    C:\Program Files\ScreenCamera\ScrCam.exe
    C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
    D:\intelgraphics\Setup.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
 

This is not malware related, but are you 100% sure you need and use the Nero InCD service? I've used Nero for over a decade and it's a great program but I never had a need to use the InCD program.  If you do use it, then go ahead and leave it. If not then I'd highly suggest removing all the items that allow it to run and use resources unnecessarily.

I see you're also running the following Tweaking program. This is just my own personal feelings, to me the use of Tweaking is for a last ditch effort trying to fix the computer and nothing else has worked. It's not a tool to run over and over, etc. Personally, if it were my own computer and it was so bad off I could not fix it then I'd fdisk format, and reinstall Windows. I see no need to keep running the tool on a daily basis.

(Tweaking.com) C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe

You're also running Nero Check from 2006, another program that I personally find no use for or need to be running it. That program was written over 10 years ago for another Operating System.

HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)

You're running WinPCap, nothing wrong with that, but it is an old installation and setup as a Remote Capture, again, okay if you're aware and it's doing what you want. If not then you may want to look at removing it.

https://www.winpcap.org/docs/docs_412/html/group__remote.html

S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

I'm not sure what this file is but there are only 84 other entries for it on a Google search, which can often be an indicator of a file that's either been modified or is not a trusted file. You should upload it to http://virustotal.com and have them scan it to make sure the file is safe.

 

S1 mwescontroller; \??\C:\Windows\system32\drivers\mwescontroller.sys [X]

FRST indicates it cannot find the file but it could be because it's locked.

You also have an old compromised version of Java on your computer. I would highly recommend that you fully uninstall all versions of Java. If at all possible try not to use Java. It is often compromised.

Why are you flusing the DNS every time the computer starts? It already updates DNS on each restart on it's own. Did you create the file, and why?

Task: {D9D574E1-2C50-4247-B50E-5D99517EDD78} - System32\Tasks\flushdns => C:\dnsfulsh.bat [2016-05-28]

You have an Alternate Data Stream on your C:\Windows\Temp folder. It should be removed.

AlternateDataStreams: C:\ProgramData\TEMP:EEDA5B17 [232]

 

There are various reasons that can cause this error, but it too needs to be resolved.

Application errors:
==================
Error: (09/04/2016 06:24:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt> with error: The specified server cannot perform the requested operation.
.

 

You have other programs crashsing which can potentially corrupt other programs and cuse them to not function as expected. You should correct this issues.

Error: (09/04/2016 02:37:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShowTime.exe, version: 3.2.3.1, time stamp: 0x455cad60
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdadb
Exception code: 0xc0000005
Fault offset: 0x0002fc47
Faulting process id: 0xab4
Faulting application start time: 0x01d2068b04101147
Faulting application path: C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 11370ecc-727f-11e6-8e12-00167694db5f

Error: (09/04/2016 02:37:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShowTime.exe, version: 3.2.3.1, time stamp: 0x455cad60
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdadb
Exception code: 0xc0000005
Fault offset: 0x0002fc47
Faulting process id: 0xab4
Faulting application start time: 0x01d2068b04101147
Faulting application path: C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 0db1172c-727f-11e6-8e12-00167694db5f

Error: (09/04/2016 10:17:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: lrio.exe, version: 2.1.28.29072, time stamp: 0x56eb1932
Faulting module name: lrio.exe, version: 2.1.28.29072, time stamp: 0x56eb1932
Exception code: 0x40000015
Fault offset: 0x0008a494
Faulting process id: 0xf48
Faulting application start time: 0x01d2066775a20d09
Faulting application path: C:\Program Files\Intel\Telemetry 2.0\lrio.exe
Faulting module path: C:\Program Files\Intel\Telemetry 2.0\lrio.exe
Report Id: b4696bd7-725a-11e6-9a71-00167694db5f

 

I would also recommend you do a Full Disk Check

CodeIntegrity:
===================================
  Date: 2016-08-30 07:55:05.687
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


Open an elevated admin command prompt and type in the following.

 

CHKDSK  C:  /R

Then it will say it cannot lock the drive. Press the Y key and then the Enter key. Then restart the computer and let the disk check run. It should take at least ten minutes to run and can take many hours to run depending on the speed of your computer.

Please correc all of the items above. If you need help with any of them then let us know.

Thank you

 

Ron

 

 

Link to post
Share on other sites

Thanks for the answer.

                     I will remove incd and nero. But tweaking.com, i only use it occasionally. It repairs when you need specific repair. I do not know wincap. I will look in to it. I have not selected any compatibility mode myself. It is default, how to know it to change it. So far, i have uninstalled and reinstalled dozen times the Malware Bytes. But i do not know, wincap program. I never downloaded anything like that as far as i know.

                                            First say, how the default malware bytes changes to compatible mode?

Link to post
Share on other sites

Hi, I do not know how to edit post once sent.

                             I also would like to know, whether those programs like printer drivers etc. It is auto installed drivers. How to check those. Should i go to properties, compatible to change those in to windows 7.

                                   Moreover, flushdns, is a bat file i have made to flush dns once in one hour, so that i could not have any internet access problem. Should i remove that from task schdule. pl advise. Should i also change the MB compatibility to windows 7.

Link to post
Share on other sites

  • Root Admin

MBAM does not set itself to any compatibility mode, but how it got there does not matter, let's just remove it. If you right click on the shortcut for MBAM then select Properties. Then click on the Compatibility tab. Then click on the button on the bottom "Change settings for all users" - then uncheck anything that's checked. Then click OK.

There should be no need to clean DNS like that. It's designed to cache it so you don't have to keep looking up names. Yes, I would recommend you remove it.

I can help you to remove some of the settings if you want for WinPCap.

Do not mess with other drivers.

 

 

Link to post
Share on other sites

Hi, I removed incd and nero totally with revo uninstaller. Secondly, i removed winpcap. I do not know, how it entered the system. Is it Windows program or some third party. Please tell. I have also removed dns flushdns bat from task scheduler. I will uncheck compatibility and then check whether it fixes the problem. But is not there a bug in MB.Please tell something about winpcap, particularly how it could have entered my system

Link to post
Share on other sites

  • Root Admin

WinPCap is installed normally for the purposes of capturing network traffic. Often for some programs trying to find the location of media files like those from Youtube and other sites with videos so that they can be downloaded and saved. In other cases it's used for programs like WireShark that allow you to capture all network traffic to try to locate issues with the network or possibly someone trying to attack a system. There are some other reasons it could be there as well. Most of the time it's installed from another program and not directly it'self, as it's more of a helper application.

Please uncheck the compatiblity settings, then restart the computer and run a new scan with FRST and make sure you place a check mark in the Additions.txt check box and post back both new logs as attachments and I'll check back on you again sometime tomorrow.

Thank you

 

Link to post
Share on other sites

  • Root Admin

Please open an elevated admin command prompt. Then copy and paste the following into the command prompt. Then press the Enter key. You should get a reply message that says:   The operation completed successfully.

REG DELETE "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers" /v "C:\Program Files\Malwarebytes Anti-Malware\mbam.exe" /f

Then run copy/paste the following entry.

REG DELETE "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers" /v "C:\Users\intel\Desktop\mbam-check-2.3.2.0.exe" /f

Then run the following MBAM CLEAN routine one more time. Install MBAM and update it and Activate it if it's a paid version, and let us know if you have any other issues with MBAM now.

Please uninstall your current version of MBAM and reinstall the latest version using the following guide. MBAM Clean Removal Process 2x

 

Link to post
Share on other sites

Yes . I did the chkdsk /r and found nothing problematic. I also used your command prompt command and got that successful message. But while i ran the clean tool, there was a error popup flashed for a second, when i clicked to reboot my computer. I could not see the words of error. It contained exceptions something...a error message, i suppose,  I have a download speed of 850kbs. But the malware bytes having 22 mb, takes much time to download, the speed reduced to 13 kbs.

                                                         I will try to check the mb after installing the program

 

Link to post
Share on other sites

Hi, After following your reg fix, the problem seems to have been solved. I tried a file and a folder scan, which was scanned successfully.

Would you kindly say what the problem my system has, or it is a bug in your program, that it was residing and your reg kill program removed those entries. I would love to have your detail.Did that mean that those entries are not uninstalled while uninstalling malware bytes . I have done more than a dozen time uninstall and reinstall.

                                 But let me suggest one thing. update should not be always open , when one opts for individual files for scan. Otherwise, it will check for updates , which may take time to scan an individual files. UPdate is a kind of option to be left to users. For eg. the data base is March 16 and the update to till date takes much time. Just imagine low internet connectivity, the update would take more time.

                                              If you just , enable prescan features loading and scan, it would be a boom to the users.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.