Jump to content

Recommended Posts

Let's try and get some logs first so the team can review them and see if they can tell what may be causing your issues....

  1. If that does not correct the issue, then please read the following and attach to your next reply the 3 requested logs - Diagnostic Logs (the 3 logs are: mb-check-results.zip, FRST.txt, Addition.txt)


Please let us know how it goes.


Thank You,

Firefox

Link to post
Share on other sites

  • Root Admin

What is this file for?

C:\Program Files\Instant_Restore_Point.vbs

Can you zip it up and attach it so I can review it. No such file should run from the root of the Program Files folder.

The logs also show signs of a possible infection. I will go ahead and move your topic to the Malware Removal forum and give you some instructions for scans to check and remove unwanted items.

Question: Do you really still use Real Networks? I thought they had pretty much almost gone out of business.

(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe

 

Link to post
Share on other sites

  • Root Admin

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 02

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Link to post
Share on other sites

Hello Ron. As far as I can remember this file: C:\Program Files\Instant_Restore_Point.vbs is something written for me to automatically create a restore point on boot-up which is what happens.  Every now and again I empty the old points to save space.

I've done everything you suggested and attached all the relevant log files.  I had run the FRST earlier this evening but this is the latest log generated as is the Addition log.

JRT.txt

AdwCleaner[C0].txt

SophosVirusRemovalTool.log

FRST.txt

Addition.txt

Link to post
Share on other sites

I will need to observe activity for 48hrs at least as the problem was (as I first indicated) intermittent.

I followed your instructions because I had to assume MB would not create problems while busy repairing them; however, the removal of my instant restore point script by Sophos was not appreciated.  Fortunately, I have it stored and am able to re-install it: but I have to tell you, I am not inclined to allow clean-up programs free access to my system.

You suggested I was harbouring viruses et al, would you please indicate where they appear in the logs I sent you, assuming some were found.

Link to post
Share on other sites

Just booted up and here we are again: see attached screenshots.  MB3 has a big chunk of my memory yet is not actually doing anything.  Turning MB3 off does not release the memory; I have to do a restart to achieve that.

After yesterday's exercises in adware and virus removal you asked: "How is the computer running now?"

What did you actually do to potentially effect a cure?screenshot_Thu_Jun_29_20_43_04.png.62a42af7c82951bbf77248e07c0ab93f.pngscreenshot_Thu_Jun_29_20_43_59.thumb.png.66b3b14388a9efd00d3f57532b4cc9da.png 

Edited by Urbanspaceman
typo
Link to post
Share on other sites

  • Root Admin

Actually that is pretty low memory usage and is quite normal for our program.

Here is from my own machine

malwarebytes_service_memory.jpg

 

As for virus, no one said you had a virus. Said you had possible infection items, which you did. The JRT and AdwCleaner did remove PUP junk from your system.

Most security programs are going to be suspicious of a VBScript running from the Task Scheduler as they should be. It is not a standard installation on any Windows computer and is using a technology well known for infecting computers. It has no idea what the purpose of the script is for and why I asked you myself what it was for. Glad you were able to restore it on your own.

 

Link to post
Share on other sites

You used the term "infections" which is vague and could refer to a virus, a PUP et al; hence my erroneous conclusion.

It is not "pretty normal" for your program.  In the instance displayed above, it was a significant proportion of my total memory usage; in other instances it has been far, far higher: 84%, as I informed you in my initial missive.  And this, while it was not actually doing anything - as was indicated by being shut down without change.  'Pretty Normal', while inactive, my system uses around 22% total memory.

I do not want a 3rd party program grabbing big chunks of memory unnecessarily, then refusing to let them go without doing a re-start; it is not only unacceptable, it is decidedly suspicious.

I will repeat my question from the previous email: what have you actually done to resolve my problem and warrant your response: "How is your computer running now?" ?

MB3 makes some very alluring claims - in particular, regarding recent global attacks - and, as a consequence, I have been prepared to expend time, and pay attention to its proper functioning within my system; but I have to tell you: I am rapidly running out of patience.

You have a reputation for troublesome products - and this is not a beta freebie: I paid for it and I expect it to behave appropriately; I should not have to tell you that.

My subscription renewal is due very soon; I expect your product to be functioning satisfactorily before I consider buying another year's license.  That is not unreasonable, is it?

Link to post
Share on other sites

I sent a PM with all the collected data to one of the Gurus at Windows 7 forum who told me it is not MB3 that is hogging my memory.

Simple answer: look elsewhere.  You said that it was pretty normal, he agreed with you.

I can stop worrying about MB3 as it appears to be functioning as it should be.

Wanted you to know.

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.