Azeunkn0wn Posted April 23, 2017 ID:1119373 Share Posted April 23, 2017 (edited) I have this suspicious popups in my PC: asking for upgrading/downloading and install yahoo stuff and chromium. so, I decided to scan all of my drive while i'm away. so I start a custom scan, selecting all internal storage drives, and start. It was stuck at scanning for rootkits. for four hours. In reports tab, there's no scan report related for it. Probably because I forced terminate the app to stop the scan. It was stuck. MB-CheckResult.txt Edited April 23, 2017 by Azeunkn0wn Link to post Share on other sites More sharing options...
Firefox Posted April 23, 2017 ID:1119377 Share Posted April 23, 2017 Hello and Welcome back... Will the scan complete if you only do a threat scan instead of a custom scan? Also there are more logs needed for them to be able to see what may be happening... Please read the following and attach to your next reply the 4 requested logs - Diagnostic Logs (the 4 logs are: mbam logs zipped, FRST.txt, Addition.txt and mb-checkResult.txt) NOTE: More info about the latest Malwarebytes 3.0.6 CU4.1 HERE; MB 3 User Guide ONLINE; MB 3 User Guide PDF; MB 3 FAQ: Malwarebytes 3.0 - Frequently Asked Questions Please let us know how it goes. Thank You, Firefox Link to post Share on other sites More sharing options...
Azeunkn0wn Posted April 23, 2017 Author ID:1119396 Share Posted April 23, 2017 This bug only occurs when Scan Rootkits is enabled. FRST.txt logs.zip MB-CheckResult.txt Addition.txt Link to post Share on other sites More sharing options...
Firefox Posted April 23, 2017 ID:1119435 Share Posted April 23, 2017 Thanks, lets wait for @dcollins or @AdvancedSetup to review your logs so they can see what may be going on... Link to post Share on other sites More sharing options...
dcollins Posted April 24, 2017 ID:1119561 Share Posted April 24, 2017 Can you please perform the following steps as they are listed so we can figure out what file(s) are causing this issue? Restart your computer Open Malwarebytes Go to Settings -> Application Turn on the 'Event Log Data' option Start a scan with rootkits enabled Wait for the process to hang Wait 3-5 minutes If you can stop the scan, do it If the scan stopped, go to Settings -> Application and turn off the 'Event Log Data' option If the scan didn't stop, continue to the next step Navigate to C:\ProgramData\Malwarebytes\MBAMservice The ProgramData folder may be hidden. If you can't see it, you'll need to type the path manually or turn on showing hidden files/folders Right click the logs folder and choose Send to -> Compressed (Zipped) folder Upload the logs.zip file from your desktop to your response Link to post Share on other sites More sharing options...
Azeunkn0wn Posted April 24, 2017 Author ID:1119573 Share Posted April 24, 2017 Scan stucked. here are the latest logs. logs.zip Link to post Share on other sites More sharing options...
dcollins Posted April 24, 2017 ID:1119597 Share Posted April 24, 2017 In step 8 above, were you able to click "Cancel" to stop the scan? Link to post Share on other sites More sharing options...
Azeunkn0wn Posted April 24, 2017 Author ID:1119601 Share Posted April 24, 2017 17 minutes ago, dcollins said: In step 8 above, were you able to click "Cancel" to stop the scan? No, cance button disables the buttons and popup message to confirm cancel but does nothing after confirming (yes). Buttons (Pause | Cancel) were enabled after close the window and maximize back. I archived the log folder after trying to cancel scam twice and while malwarebytes is still running and scanning. Not yet terminated on task manager. Link to post Share on other sites More sharing options...
dcollins Posted April 24, 2017 ID:1119609 Share Posted April 24, 2017 Ok, after the scan hangs, if you open up task manager and click More Details -> Details, is mbamservice.exe in this list? IF YES: Restart the computer Open up Malwarebytes Start a scan Wait for the process to hang Wait 2-3 minutes Open up Task Manager, click More Details -> Details Find mbamservice.exe in the list Right click mbamservice.exe and choose Create dump file When the process is done, a dump file should be created and the path will be listed Please upload that crash dump. Note that the dump file may be too large to upload here, if it is, please upload the file to wetransfer.com and send the file to dcollins@malwarebytes.com IF NO: Close Malwarebytes by right clicking the icon in the System Tray and choosing Quit Malwarebytes Download the attached ProcDump.zip file Place procdump.zip in C:\ Right click on procdump.zip and then choose properties In the window that pops up, click the unblock button near the bottom and then click ok Extract procdump.zip. Check that the extracted files are in the directory "C:\Procdump" Right click "mbamservice_procdump.bat" and select Run as administrator. If you did the steps correctly you will see the following: Open Malwarebytes again Run a threat scan with MBAM 3.0. When MBAMSERVICE.exe crashes it should close that command window and generate a memory dump file in "C:\Procdump". Please upload that crash dump. Note that the dump file may be too large to upload here, if it is, please upload the file to wetransfer.com and send the file to dcollins@malwarebytes.com procdump.zip Link to post Share on other sites More sharing options...
Azeunkn0wn Posted April 24, 2017 Author ID:1119643 Share Posted April 24, 2017 my Internet is too slow for uploading big files. can I compress it? It reduced to 30% of it's size. will upload via GoogleDrive sometime today. Link to post Share on other sites More sharing options...
Azeunkn0wn Posted April 24, 2017 Author ID:1119649 Share Posted April 24, 2017 Here is the dump file:https://drive.google.com/file/d/0B0GQavmqu8lHWC1ycnpESGw4VFU/view?usp=sharing Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 25, 2017 Root Admin ID:1119736 Share Posted April 25, 2017 Hello @Azeunkn0wn The logs show that you're running Malwarebytes in Compatibility mode. D:\Program Files\Malwarebytes\Anti-Malware\mbam.exe REG_SZ ~ RUNASADMIN Please remove all compatibility settings from Malwarebytes and the registry. This can and will cause issues with our program. Also, not sure if you're aware or not but this computer is setup to steal and Pirate software from Adobe which is illegal. I'd also recommend you run a full disk check and temp cleaner. Please Run TFC by OldTimer to clear temporary files: Download TFC from here and save it to your desktop. http://oldtimer.geekstogo.com/TFC.exe Close any open programs and Internet browsers. Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning. Please be patient as clearing out temp files may take a while. Once it completes you may be prompted to restart your computer, please do so. Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files. Next, Please click on the "Search the web and Windows" box. Then type in CMD.EXE and when it shows on the start menu right click and select "Run as administrator" In the command prompt please type the following exactly. CHKDSK C: /R This will tell Windows to run a full disk check, however you'll get the following, telling you it cannot run because it's in use. Press the Y key to tell it to run on the next restart of the computer. Quote Microsoft Windows [Version 10.0.10586] (c) 2015 Microsoft Corporation. All rights reserved. C:\WINDOWS\system32>CHKDSK C: /R The type of the file system is NTFS. Cannot lock current drive. Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N) Then restart the computer and let it run. Then find and copy the disk check entry from the Event Logs and paste back the results here. How to Read Event Viewer Log for Chkdsk (Check Disk) in Windows 10 Then open Malwarebytes and check for updates. Then click on Scan, and Threat Scan and Start Scan. It should now run and complete the scan without issue. Please let me know how it goes. Thank you Ron Link to post Share on other sites More sharing options...
Azeunkn0wn Posted April 25, 2017 Author ID:1119758 Share Posted April 25, 2017 Yes, I'm aware there are software installed from illegal sources. I'm not using adobe products, iI use browser to view pdf. doing full scan, hoping to find some apps with cracks and uninstall them I just made the app run as admin while troubleshooting, forgot to turn it off. will follow instructions and report later Link to post Share on other sites More sharing options...
dcollins Posted April 25, 2017 ID:1119798 Share Posted April 25, 2017 I've passed your memory dump off to one of our engineers to take a look. Just for clarification, did you use Task Manager to create the dump or the Procdump instructions? Link to post Share on other sites More sharing options...
Azeunkn0wn Posted April 25, 2017 Author ID:1119923 Share Posted April 25, 2017 dump made via task manager Link to post Share on other sites More sharing options...
Azeunkn0wn Posted April 26, 2017 Author ID:1119965 Share Posted April 26, 2017 still stuck in rootkits. will reinstall Malwarebytes. If this doesn't fix it, I'll reinstall my Windows 10. It's a good time for a fresh install Windows 10 Creators Update anyway. Link to post Share on other sites More sharing options...
dcollins Posted April 26, 2017 ID:1120071 Share Posted April 26, 2017 (edited) I would start with a clean install of Malwarebytes to see if that helps. You can use mb-clean to help out with this from the following URL: xxx After looking over the memory dump and the logs, we think this is a UI only issue and that your scan is actually completing successfully but the UI is not updating. Out of curiosity, do you do anything else when you start a scan? Post updated [02/12/2021 - AdvancedSetup] The following MBST tool should be used to perform a clean removal and reinstall https://support.malwarebytes.com/hc/en-us/articles/360039023473-Uninstall-and-reinstall-using-the-Malwarebytes-Support-Tool Edited February 13, 2021 by AdvancedSetup updated information Link to post Share on other sites More sharing options...
Azeunkn0wn Posted April 26, 2017 Author ID:1120090 Share Posted April 26, 2017 sometimes. like watching a movie or browsing the web. When troubleshooting, I leave my PC alone while Malwarebytes is scanning. and about that 4hours scan in the first post, I rebooted it and left it scanning all my drives. There was not much disk activity in task manager related to malwarebytes. Link to post Share on other sites More sharing options...
Azeunkn0wn Posted April 26, 2017 Author ID:1120093 Share Posted April 26, 2017 (edited) used mb_clean, rebooted, installed again, updated, and test scanning with 'scan for rootkits' enabled. still stuck. by the way, my C: drive is compressed, and Malwarebytes was installed at D: (now at C: after mbam_clean installation) There is no disk activity related to malwarebytes. Edited April 26, 2017 by Azeunkn0wn Link to post Share on other sites More sharing options...
dcollins Posted April 26, 2017 ID:1120125 Share Posted April 26, 2017 Thanks, I'm going to try enabling compression to see if that makes a difference, though it shouldn't. Are ou using the normal Windows compression (right click drive, check the "Compress" option) Link to post Share on other sites More sharing options...
dcollins Posted April 26, 2017 ID:1120130 Share Posted April 26, 2017 Good news! I've been able to replicate the issue by turning on compression. Reporting this now! Link to post Share on other sites More sharing options...
Azeunkn0wn Posted April 26, 2017 Author ID:1120138 Share Posted April 26, 2017 Yes, I did the normal windows compression. I used that since I only have 64GB SSD for my drive C: Glad we found the problem. Link to post Share on other sites More sharing options...
Firefox Posted April 26, 2017 ID:1120140 Share Posted April 26, 2017 I have found that compressing a drive causes a lot of issues with software as well as making the computer run slower.... best solution is to get larger hard drives... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 26, 2017 Root Admin ID:1120148 Share Posted April 26, 2017 +1 @Firefox Windows compression has been around for ages but has been flaky the entire time too. Link to post Share on other sites More sharing options...
Porthos Posted April 26, 2017 ID:1120149 Share Posted April 26, 2017 13 minutes ago, AdvancedSetup said: +1 @Firefox Windows compression has been around for ages but has been flaky the entire time too. +100 Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now