Jump to content

MBAM Runs Long


Recommended Posts

Running MBAM 2.2.1.1043. Within the last month, a scan that used to complete in 1 hour now takes 4 hours, without finding any malware. It seems to be scanning the winsxs folder for an exceptionally long while. Have been using Panda AV for 3 years. Nothing else has changed. Any suggestions? Thanks.

Link to post
Share on other sites

Hi, @bilvihur, and Welcome to MB.

You've posted your request for help in the topic area dedicated to the new MalwareBytes 3.0 Product.

I'm asking that a Forum moderator move your topic to the appropriate forum for MBAM 2.0 issues (and then delete this post to not confuse users).

 

Link to post
Share on other sites

  • Root Admin

Actually, this is the correct forum. We've renamed the product line and as such the forum name.

Quote

Have questions or problems with Malwarebytes 3.0 (previously known as Malwarebytes Anti-Malware)? Post them here.

Thanks

Let us get some logs please.

Please read the following and post back the 3 requested logs as an attachment.
 
Diagnostic Logs
 
Thanks

Link to post
Share on other sites

  • Root Admin

The computer does not appear to be infected. The Event Logs though are showing the the Volume Shadow Copy service is having issues which can cause all sorts of problems including slow disk response.

You need to look at fixing the Volume Shadow Copy Service in order for the computer to run well.

 

Quote

Application errors:
==================
Error: (12/07/2016 09:00:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3152838073-2291101931-1222875224-1004.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {3d84f402-8719-463b-bd36-997cce836b01}

Error: (12/07/2016 09:00:07 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d963a0c2-20c7-461e-bc80-c655475b1855}

Error: (12/06/2016 09:00:03 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d963a0c2-20c7-461e-bc80-c655475b1855}

Error: (12/06/2016 09:00:03 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3152838073-2291101931-1222875224-1004.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {3d84f402-8719-463b-bd36-997cce836b01}

Error: (12/05/2016 09:00:07 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d963a0c2-20c7-461e-bc80-c655475b1855}

 

Please review the following article to see if they can correct this issue for you.

How to troubleshoot Microsoft Volume Shadow copy Service errors

http://kb.macrium.com/knowledgebasearticle50010.aspx

 

Once that's been fixed and you no longer get any errors in the Event Logs about VSS then run a full disk check on the C: volume.

Please run a Full Disk Check on your system drive.  If needed here are some links on how to run a Disk Check.


On Windows 7 the disk check log is in the Event Logs under Application with a heading source of  Wininit
 

How to Run Disk Check in Windows 7

How to Read the Event Viewer Log for Check Disk (chkdsk) in Vista, Windows 7, and Windows 8

You need to run a Full disk check which is 5 steps, not the basic one which is 3 steps. If you have any questions please let me know.

Thanks, Ron

 

Link to post
Share on other sites

I ran the VSSfix 64 bit utility from Macrium. It didn't give any error feedback. Then I ran CHKDSK with fix file system errors and recover bad sectors (5 steps). When I got back Win 7 had rebooted. MBAM took the same amount of time (4.5 hours) to complete both before and after running the utilities. Most of the time seems to be spent in WINSXS.Before.JPG

After.JPG

Link to post
Share on other sites

  • Root Admin

Personally, don't think you'd need to scan archives very often unless you're dealing with archive files from other users or downloads on a regular basis. It was an often requested feature a while back so we added it, but if that's not your normal pattern of data use then it probably wouldn't be needed much. No harm in doing one maybe once a month just to be sure though.

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.