Jump to content

Recommended Posts

My main MS Word editing machine is an older Dell laptop (XPS L702X) running Windows 7--Dell informs me it can NOT be upgraded to Windows 10 due to not being supported via drivers, etc. Of course I found this after giving Windows 10 a try last summer, and after finding the fan ran continuously, backed out and reverted to Windows 7 again. I've been using the free version of Malwarebytes for ages on 5 household machines which consist of two Windows 10 Dell and Acer laptops (all purchased within the last 6 months), an older Toshiba laptop running Windows 8.1 and a Dell XPS desktop system about 3 years old running Windows 10, plus this errant machine.

When MWB 3 came out, I was impressed by how well it worked on two of the Windows machines and decided to purchase licenses for the full versions:  I now have a 5 license paid version of Malwarebytes 3.x.  This new version is installed on the Windows 10 desktop (runs flawlessly), the new Dell Windows 10 laptop (runs flawlessly) and this problematic older Dell laptop running Windows 7.

Each scan I run, either the default or a custom including root kits and limited to the C drive, will hang between 30k and 65k files scanned.  It just stops and will spin endlessly on some random file.  Sometimes but not always, memory will get jammed when it hangs and it becomes very difficult to close an open browser that's been sitting idle and reboot the machine.

Attached are the required files.

Hope this information is helpful.  I may have to revert to the Malwarebytes 2.x version.  Will my new license work with that version? 

JW_MBAM_LOGS.zip

MB-CheckResult.txt

Addition.txt

FRST.txt

Link to post
Share on other sites

It looks like MBAM is crashing in the background. Can you please follow the instructions below to grab a crash dump for us please?

  1. Close Malwarebytes by right clicking the icon in the System Tray and choosing Quit Malwarebytes
  2. Download the attached ProcDump.zip file
  3. Place procdump.zip in C:\
  4. Right click on procdump.zip and then choose properties
  5. In the window that pops up, click the unblock button near the bottom and then click ok
    Screen Shot 2016-12-21 at 11.06.23 AM.png
  6. Extract procdump.zip.
  7. Check that the extracted files are in the directory "C:\Procdump"
  8. Right click "mbamservice_procdump.bat" and select Run as administrator.
    • If you did the steps correctly you will see the following:
      procdump_running.png
  9. Open Malwarebytes again
  10. Run a threat scan with MBAM 3.0.
  11. When MBAMSERVICE.exe crashes it should close that command window and generate a memory dump file in "C:\Procdump".
  12. Please upload that crash dump. Note that the dump file may be too large to upload here, if it is, please upload the file to wetransfer.com and send the file to dcollins@malwarebytes.com

procdump.zip

Link to post
Share on other sites

On 3/7/2017 at 5:14 PM, dcollins said:

It looks like MBAM is crashing in the background. Can you please follow the instructions below to grab a crash dump for us please?

  1. Close Malwarebytes by right clicking the icon in the System Tray and choosing Quit Malwarebytes
  2. Download the attached ProcDump.zip file
  3. Place procdump.zip in C:\
  4. Right click on procdump.zip and then choose properties
  5. In the window that pops up, click the unblock button near the bottom and then click ok
    Screen Shot 2016-12-21 at 11.06.23 AM.png
  6. Extract procdump.zip.
  7. Check that the extracted files are in the directory "C:\Procdump"
  8. Right click "mbamservice_procdump.bat" and select Run as administrator.
    • If you did the steps correctly you will see the following:
      procdump_running.png
  9. Open Malwarebytes again
  10. Run a threat scan with MBAM 3.0.
  11. When MBAMSERVICE.exe crashes it should close that command window and generate a memory dump file in "C:\Procdump".
  12. Please upload that crash dump. Note that the dump file may be too large to upload here, if it is, please upload the file to wetransfer.com and send the file to dcollins@malwarebytes.com

procdump.zip

Deven, see end of thread, I've posted the file you requested.

Link to post
Share on other sites

Thanks for the crash dump @Boss281, I'm still researching the crash dump for more information.

While I'm doing that, are you able to grab one more set of logs for me? The following instructions will show you how to get what we need.

  1. Open Malwarebytes and navigate to the Settings pane
  2. On the Application tab, scroll down and turn on the Event Log Data option
  3. Start a threat scan
  4. Wait for the scan to hang up again (if you're unsure, 10 minutes is probably a good estimate)
  5. Navigate to C:\ProgramData\Malwarebytes\MBAMService
  6. Right click the Logs folder and choose Send to... -> Compressed (Zipped) folder
    1. This should create a zip file on your desktop named logs.zip
  7. Upload the created zip file here

This is similar to the logs you provided in your first post, but with the Event Log Data which will give us quite a bit more information about what's happening. Once done, you can restart your computer, and turn the Event Log Data option off so your logs don't get too large.

Link to post
Share on other sites

3 hours ago, dcollins said:

Thanks for the crash dump @Boss281, I'm still researching the crash dump for more information.

While I'm doing that, are you able to grab one more set of logs for me? The following instructions will show you how to get what we need.

  1. Open Malwarebytes and navigate to the Settings pane
  2. On the Application tab, scroll down and turn on the Event Log Data option
  3. Start a threat scan
  4. Wait for the scan to hang up again (if you're unsure, 10 minutes is probably a good estimate)
  5. Navigate to C:\ProgramData\Malwarebytes\MBAMService
  6. Right click the Logs folder and choose Send to... -> Compressed (Zipped) folder
    1. This should create a zip file on your desktop named logs.zip
  7. Upload the created zip file here

This is similar to the logs you provided in your first post, but with the Event Log Data which will give us quite a bit more information about what's happening. Once done, you can restart your computer, and turn the Event Log Data option off so your logs don't get too large.

Here you go...

logs.zip

Link to post
Share on other sites

On 3/9/2017 at 10:30 AM, dcollins said:

Thanks for the crash dump @Boss281, I'm still researching the crash dump for more information.

While I'm doing that, are you able to grab one more set of logs for me? The following instructions will show you how to get what we need.

  1. Open Malwarebytes and navigate to the Settings pane
  2. On the Application tab, scroll down and turn on the Event Log Data option
  3. Start a threat scan
  4. Wait for the scan to hang up again (if you're unsure, 10 minutes is probably a good estimate)
  5. Navigate to C:\ProgramData\Malwarebytes\MBAMService
  6. Right click the Logs folder and choose Send to... -> Compressed (Zipped) folder
    1. This should create a zip file on your desktop named logs.zip
  7. Upload the created zip file here

This is similar to the logs you provided in your first post, but with the Event Log Data which will give us quite a bit more information about what's happening. Once done, you can restart your computer, and turn the Event Log Data option off so your logs don't get too large.

David, I haven't heard back from you for a long time.  Is this Windows 7 problem still being researched?

Link to post
Share on other sites

2 hours ago, dcollins said:

We believe we have figured out the cause, and are now working on a possible solution. You can try turn off anti-ransomware protection under Settings -> Protection, but I'm not sure if that will allow your scans to finish

Devin, actually it did work!  The scan completed after 11 minutes on 400k files.  That said, the secondary issue of slowing the system down a bit (memory leak in Win7 perhaps) seems to be there, so I'm rebooting and will just run it once a week then close down until you have a fix. Thanks!

Link to post
Share on other sites

Actually, I'm uninstalling my licensed copy of MWB 3.x from this Windows 7 machine and reinstalling the 2.x version.  While I can successfully scan by turning off the anti-ransomeware function, it still locks up the system now and then or at least slows it down to a painful level.  Keep me posted on a fix I can test.

Link to post
Share on other sites

  • 2 weeks later...
2 minutes ago, arbrich said:

Having same issue here consistently with Windows 7 and Symantec Endpoint Protection 14. Cannot quit Malware or end the process (says I do not have permission). Any update on a fix for this hanging ??

Thanks

I have Symantec Endpoint Protection 12 and have no issues, have not used 14 yet.... have you tried added exceptions?

I would like you to add these files to your Anti-Virus exclusions list
 

  • C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe


I also suggest adding these to the exclusion list in your Antivirus software.
 

  • C:\Windows\System32\drivers\mbae64.sys
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\MBAMChameleon.sys
  • C:\Windows\System32\drivers\MBAMSwissArmy.sys
  • C:\Windows\System32\drivers\mwac.sys
  • C:\Windows\system32\Drivers\farflt.sys

 

Link to post
Share on other sites

I just added all those exceptions. The strange thing is it runs for a couple days without issue then just seems to lock up and only a reboot can get MBAM "unlocked"

Would like to know what they found and what the planned fix is  that dcollins was eluding to above.

Link to post
Share on other sites

15 hours ago, Boss281 said:

An earlier post indicated there were suspicions on what the issues were for both the scanner getting stuck on files and hanging, and also the eventual slow down if not lock up of a Win 7 system.  Any news that can be shared?

The issue was that MBAM was crashing while scanning. This should be resolved in our new CU4 beta which is available here:

 

Link to post
Share on other sites

OK, So I have been testing the BETA since last week and so far so good on the Windows 7 machine. IT has not crashed again since and was doing so every time it auto scanned.

When will this be released so I can install on our other affected machines or should I go ahead and install the BETA on them ?

Also will there be an easy "in APP" upgrade for this (ie.. clicking the "Install Application updates" button) or better yet auto update ?

Let us know.

Thanks

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.