Jump to content

High CPU consumption


Nazareno

Recommended Posts

Hello @Solitario:

The Malwarebytes' developers/staffers/helpers must have good data for a quality fault analysis.  Thank you for the data archive.  The Malwarebytes' developers/staffers have written a recently updated data gathering tool to assist their analysis.  Please download/run the following Malwarebytes written data gathering support tool, on the system in question, freshly restarted in the Windows NORMAL boot mode:

  1. Download the trusted, Malwarebytes authored arwlogs.exe utility/tool and save to a system Administrator's desktop of the system in question.
  2. arwlogs.exe is an information gathering tool that neither installs nor does it make system/registry hive changes.
  3. Single right-click the j1Bynr2.png&key=c55e643d4ec26aa771880d2d  arwlogs.exe icon and select RunAsAdmin.jpg  Run as administrator.
  4. If a Windows User Account Control (UAC) alert/prompt for arwlogs.exe appears, select the "Yes" button to continue.
  5. If a Windows SmartScreen warning alert/prompt for arwlogs.exe appears, select "More info" then select the "Run anyway" button to continue.
  6. A Command window will appear and its contents may be mostly ignored.
  7. When "Press any key to continue . . . " appears at the bottom of the Command window, type an Enter key to close the window.
  8. A zipped archive (yyyy-mm-dd-{COMPUTERNAME}.zip) should have been generated to the system Administrator's desktop.
  9. Delete arwlogs.exe from the Administrator desktop.
  10. Attach the above zipped archive to your next reply in this topic.

Although more data may be required, after the requested data is posted, the Malwarebytes' team can commence their analysis.  Thank you always for your assistance.

Edited by 1PW
Link to post
Share on other sites

Hello @Solitario:

A cursory examination of the data logs did not produce an immediate reason for increased CPU use.  Rather than a simple re-install of MBARW BETA, please consider a clean install of MBARW BETA 8 (v0.9.17.661) that guarantees the highest integrity and file/directory ownership:

1) Please delete any previous copies of the MBARW_Setup.exe file(s) from the system in question.
2) Close all open user applications followed by a conventional Windows-based uninstall of Malwarebytes Anti-Ransomware through the Windows system Control Panel.
3) If MBARW Beta was uninstalled successfully, all of the possible following sub-directories will have been deleted from a typical Windows 10 x64 system:

   "%ProgramFiles%\Malwarebytes\"                      
   "%ProgramData%\MalwarebytesARW\"

4) If any of the above sub-directories remain, please delete them manually.  If necessary, any remaining/uninstalled sub-directory may need to be deleted in the Windows 10 Safe mode.
5) Execute a conventional Windows restart to the Normal Windows boot mode and log-in through an Administrator's account. <===IMPORTANT!
6) Using an Administrator's account only, download a fresh MBARW_Setup.exe file and save to the Administrator's Desktop from the New version - BETA 8 - now available! topic.
7) Single right-click the saved MBARW_Setup.exe file and left-click RunAsAdmin.jpg  Run as administrator from the context menu and continue.
8) Upon a successful clean install, please restart the computer in a conventional manner to the Windows 10 Normal boot mode.

Please reply to your topic with the status of your reported issue.  Thank you for testing the perpetual MBARW BETA and your valued feedback.

VT analysis of a known good MBARW_Setup.exe download from Malwarebytes' CDN: https://www.virustotal.com/file/d083b763222c24669a03fb6db66d300ec99ae2ff7d43b581fbef4f5a2ac05578/analysis/1495802106/

 

Edited by 1PW
Link to post
Share on other sites

Hello @Solitario:

I agree that the Windows 10's MBAM Service CPU use should be at 0% on an otherwise idle system.

The data produced by the Farbar Recovery Scan Tool (FRST64) logs may be of further troubleshooting assistance.

  1. Please download FRST64.exe to an Administrator's desktop only.
  2. Single right-click the FRST.gif icon and select RunAsAdmin.jpg Run as administrator to start the tool in the passive reporting mode.
  3. If a Windows User Account Control (UAC) alert/prompt window for FRST64.exe appears, select the "Yes" button to continue.
  4. If a Windows SmartScreen warning alert/prompt window for FRST64.exe appears, select "More info" then select the "Run anyway" button to continue.
  5. When the FRST's (x64) GUI opens, left-click "Yes" button in the Disclaimer of warranty window.
  6. Please do not uncheck any Whitelist boxes.  Ensure that only the Optional Scan's Addition.txt box is checked.
  7. Select the "Scan" button and wait until the tool has run to completion.  (About 3-5 minutes or less.)
  8. The FRST64 tool should have written two log files to the Administrator's desktop (FRST.txt and Addition.txt) and will also open them with the system's default text editor.
  9. Close the two FRST text report windows and the FRST (x64) GUI window.
  10. Only attach the two (2) separate text (.txt) files to your next reply to this topic.

Thank you for your help.

Link to post
Share on other sites

Hello @Solitario:

Thank you for the perfect FRST logs.

As you may have read, the Windows Event Logs show that two MBARW files (mbarw.exe and MB3Service.exe) may be indirectly involved in Windows detected 0xc0000005 (Access Violation) application errors.

Question:  Is the MBAM Service/MB3Service CPU utilization percentage high, as you have illustrated, at all times?

As an extremely brief test, please temporarily suspend the Kaspersky product(s) from operating and then check to see if the MBAM Service CPU utilization percentage normalizes and then return all to normal operation.  Follow by replying to this forum topic with the results of that brief test.

A request will has been made to Malwarebytes' management for escalation regarding the system's issue.  Please understand that the U.S.A. (where much of the management and MBARW technical expertise lives) is celebrating a long weekend involving a federal holiday (Memorial Day).

Thank you for your patience and understanding.

Edited by 1PW
Escalated
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.