Jump to content

Recommended Posts

I have this suspicious popups in my PC:
asking for upgrading/downloading and install yahoo stuff and chromium.

so, I decided to scan all of my drive while i'm away. so I start a custom scan, selecting all internal storage drives, and start.

It was stuck at scanning for rootkits. for four hours.

In reports tab, there's no scan report related for it. Probably because I forced terminate the app to stop the scan. It was stuck.
 

Untitled.png

MB-CheckResult.txt

Edited by Azeunkn0wn
Link to post
Share on other sites

Hello and Welcome back...

Will the scan complete if you only do a threat scan instead of a custom scan?

Also there are more logs needed for them to be able to see what may be happening...

  1. Please read the following and attach to your next reply the 4 requested logs - Diagnostic Logs (the 4 logs are: mbam logs zipped, FRST.txt, Addition.txt and mb-checkResult.txt)
  2. NOTE: More info about the latest Malwarebytes 3.0.6 CU4.1 HERE; MB 3 User Guide ONLINE; MB 3 User Guide PDF; MB 3 FAQ: Malwarebytes 3.0 - Frequently Asked Questions


Please let us know how it goes.


Thank You,

Firefox

Link to post
Share on other sites

Can you please perform the following steps as they are listed so we can figure out what file(s) are causing this issue?

  1. Restart your computer
  2. Open Malwarebytes
  3. Go to Settings -> Application
  4. Turn on the 'Event Log Data' option
  5. Start a scan with rootkits enabled
  6. Wait for the process to hang
  7. Wait 3-5 minutes
  8. If you can stop the scan, do it
    1. If the scan stopped, go to Settings -> Application and turn off the 'Event Log Data' option
    2. If the scan didn't stop, continue to the next step
  9. Navigate to C:\ProgramData\Malwarebytes\MBAMservice
    1. The ProgramData folder may be hidden. If you can't see it, you'll need to type the path manually or turn on showing hidden files/folders
  10. Right click the logs folder and choose Send to -> Compressed (Zipped) folder
  11. Upload the logs.zip file from your desktop to your response
Link to post
Share on other sites

17 minutes ago, dcollins said:

In step 8 above, were you able to click "Cancel" to stop the scan?

No, cance button disables the buttons and popup message to confirm cancel but does nothing after confirming (yes).

Buttons (Pause | Cancel) were enabled after close the window and maximize back. 

I archived the log folder after trying to cancel scam twice and while malwarebytes is still running and scanning. Not yet terminated on task manager. 

 

Link to post
Share on other sites

Ok, after the scan hangs, if you open up task manager and click More Details -> Details, is mbamservice.exe in this list?

IF YES:

  1. Restart the computer
  2. Open up Malwarebytes
  3. Start a scan
  4. Wait for the process to hang
  5. Wait 2-3 minutes
  6. Open up Task Manager, click More Details -> Details
  7. Find mbamservice.exe in the list
  8. Right click mbamservice.exe and choose Create dump file
  9. When the process is done, a dump file should be created and the path will be listed
  10. Please upload that crash dump. Note that the dump file may be too large to upload here, if it is, please upload the file to wetransfer.com and send the file to dcollins@malwarebytes.com

IF NO:

  1. Close Malwarebytes by right clicking the icon in the System Tray and choosing Quit Malwarebytes
  2. Download the attached ProcDump.zip file
  3. Place procdump.zip in C:\
  4. Right click on procdump.zip and then choose properties
  5. In the window that pops up, click the unblock button near the bottom and then click ok
    Screen Shot 2016-12-21 at 11.06.23 AM.png
  6. Extract procdump.zip.
  7. Check that the extracted files are in the directory "C:\Procdump"
  8. Right click "mbamservice_procdump.bat" and select Run as administrator.
    • If you did the steps correctly you will see the following:
      procdump_running.png
  9. Open Malwarebytes again
  10. Run a threat scan with MBAM 3.0.
  11. When MBAMSERVICE.exe crashes it should close that command window and generate a memory dump file in "C:\Procdump".
  12. Please upload that crash dump. Note that the dump file may be too large to upload here, if it is, please upload the file to wetransfer.com and send the file to dcollins@malwarebytes.com

procdump.zip

Link to post
Share on other sites

  • Root Admin

Hello @Azeunkn0wn

The logs show that you're running Malwarebytes in Compatibility mode.

D:\Program Files\Malwarebytes\Anti-Malware\mbam.exe    REG_SZ        ~ RUNASADMIN

Please remove all compatibility settings from Malwarebytes and the registry. This can and will cause issues with our program.

Also, not sure if you're aware or not but this computer is setup to steal and Pirate software from Adobe which is illegal.

I'd also recommend you run a full disk check and temp cleaner.

 

 

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

Next,


Please click on the "Search the web and Windows" box.

win10search.jpg.ab49407705b2ffa8728339ae


Then type in CMD.EXE and when it shows on the start menu right click and select "Run as administrator"

 

cmd_prompt_run_as_administrator.jpg.252a

 

In the command prompt please type the following exactly.

CHKDSK  C:  /R

This will tell Windows to run a full disk check, however you'll get the following, telling you it cannot run because it's in use.

Press the Y key to tell it to run on the next restart of the computer.

 

Quote

Microsoft Windows [Version 10.0.10586]


(c) 2015 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>CHKDSK C: /R
The type of the file system is NTFS.
Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another
process.  Would you like to schedule this volume to be
checked the next time the system restarts? (Y/N)

 

Then restart the computer and let it run.
Then find and copy the disk check entry from the Event Logs and paste back the results here.

How to Read Event Viewer Log for Chkdsk (Check Disk) in Windows 10

 

Then open Malwarebytes and check for updates. Then click on Scan, and Threat Scan and Start Scan. It should now run and complete the scan without issue.

Please let me know how it goes.

Thank you

Ron

 

Link to post
Share on other sites

Yes, I'm aware there are software installed from illegal sources. I'm not using adobe products, iI use browser to view pdf. doing full scan, hoping to find some apps with cracks and uninstall them

I just made the app run as admin while troubleshooting, forgot to turn it off. 

will follow instructions and report later

Link to post
Share on other sites

I would start with a clean install of Malwarebytes to see if that helps. You can use mb-clean to help out with this from the following URL: xxx

After looking over the memory dump and the logs, we think this is a UI only issue and that your scan is actually completing successfully but the UI is not updating. Out of curiosity, do you do anything else when you start a scan?

 

Post updated [02/12/2021 - AdvancedSetup]

The following MBST tool should be used to perform a clean removal and reinstall

https://support.malwarebytes.com/hc/en-us/articles/360039023473-Uninstall-and-reinstall-using-the-Malwarebytes-Support-Tool

Edited by AdvancedSetup
updated information
Link to post
Share on other sites

sometimes. like watching a movie or browsing the web. When troubleshooting, I leave my PC alone while Malwarebytes is scanning. and about that 4hours scan in the first post, I rebooted it and left it scanning all my drives. There was not much disk activity in task manager related to malwarebytes.

Link to post
Share on other sites

used mb_clean, rebooted, installed again, updated, and test scanning with 'scan for rootkits' enabled.
still stuck.

by the way, my C: drive is compressed, and Malwarebytes was installed at D: (now at C: after mbam_clean installation)
There is no disk activity related to malwarebytes.

Screenshot (425).png

Edited by Azeunkn0wn
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.