Jump to content

MWbytes will not allow me to switch Rootkit Scan on.

muesik
 Share

Recommended Posts

muesik

muesik

Posted
Posted

Malwarebytes  Premium version 3.1.  Message on loading about needing to go to settings as full protection not in place.  Settings showed rootkit scanning off; also Web Protection not on.  Web Protection slider moves to "on" but shows "Starting...".  Rootkit slider moves to "On", but when scan is initiated it moves back to "Off" and won't scan rootkit.  Scan of everything else reveals no problems.  But now MWB won't open at all, even though MBAMService.exe is taking up over 60% CPU capacity.

Any ideas??

Link to post
Share on other sites
Firefox

Firefox

Posted
Posted

Hello and Welcome...

Lets try and get the latest version installed to see if it fixes your issues: https://downloads.malwarebytes.com/file/mb3

If it does not then please provide the logs below.

Let's try and get some logs first so the team can review them and see if they can tell what may be causing your issues....

  1. FIRST: Create and obtain Farbar Recovery Scan Tool (FRST) logs
  2. Download FRST and save it to your desktop
    NOTE: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
  3. Double-click to run FRST and when the tool opens click "Yes" to the disclaimer
  4. Press the "Scan" button
  5. This will product two files in the same location (directory) as FRST: FRST.txt and Addition.txt
    NOTE: These two files will be collected by the MB-Check Tool and added to the zip file for you
  6. NEXT: Create and obtain an mb-check log
  7. Download MB-Check and save to your desktop
  8. Double-click to run MB-Check and within a few second the command window will open, then click "OK"
  9. This will produce one log file on your desktop: mb-check-results.zip
  10. Attach this file to your forum post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area

Thank You,

Firefox

Link to post
Share on other sites
muesik

muesik

Posted
  • Author
Posted

I have opened this thread on the affected computer and installed the latest upgrade as advised.

  The system seems more stable: the moment that the upgrade deleted the existing installation, the CPU% dropped to about 30%.  When I posted first, it was MBAMServices.ex apparently causing the problem.  Since the upgrade it is no longer doing that.   CPU% hasn't gone up to 100 again (except briefly, when I load my browser Mozilla firefox).

However... Although I can now select Rootkit Scan, it does not appear in the progress train of circles on the "Scan" screen.

I am now working through FRST etc. and will post the results.

Link to post
Share on other sites
Firefox

Firefox

Posted
Posted
18 minutes ago, muesik said:

However... Although I can now select Rootkit Scan, it does not appear in the progress train of circles on the "Scan" screen.

Make sure you have it enabled to Scan for Rootkits (its off by default if I am not mistaken).

Look under Settings -> Protection -> Scan Options -> Turn on Scan for Rootkits

scan_for_rootkits.jpg.072fb46799be79f3eba26f5c577064e7.jpg

Link to post
Share on other sites
dcollins

dcollins

Posted
Posted

According to your configuration files, rootkit scanning is off. Can you try the following please?

  1. Navigate to Settings -> Protection
  2. Turn on "Scan for Rootkits"
  3. Navigate to Settings -> Application
  4. Navigate back to Settings -> Protection
  5. Check your "Scan for Rootkits" setting

Does the setting stay on when you navigate away and go back?

Link to post
Share on other sites
muesik

muesik

Posted
  • Author
Posted

Just opened MWB again.  The rootkits switch was off.  But I switched it on to check before I ran the FRST check.  .  If I then go to teh Scan screen and run a scan, teh circle is not in the train .  If I then go back to  the Protection tab, the rootkit switch is off.  I can repeat this process: switch on rootkit, run a scan, no rootkit circle; back to Protection tab, rootkit switch off.

Link to post
Share on other sites
muesik

muesik

Posted
  • Author
Posted (edited)

I suppose I should have checked this before...  If I I put the Scan for Rootkit switch on, then close MWB and open it again, the Scan for Rootkit switch is off.  Nothing to do with running scans.  But I can't get the Scan for Rootkit switch to stay on, scanning or not.  That explains why the FRST scans indicated that the switch was off.

So... I ran  a FRST scan with the rootkit switch on. (see pic) in case it helps.  Results attached.

image.png.38e81444cce2dbe250e9c3278e2b6474.png

mb-check-results.zip

Edited by muesik
unclear description
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted (edited)

Hello @muesik

Looking at your logs it looks like you're having a few programs crashing which is probably affecting the others too, including ours.  The main one being McAfee

Also, even though you're using Firefox as your default browser you should upgrade Internet Explorer to version 11 as it is integrated into the operating system and is a security risk by continuing to run version 8

My suggestion would be to uninstall McAfee temporarily, then reboot. Then see if Malwarebytes is still having an issue running or not and let me know.

 

You're also running old, compromised versions of Java. You should uninstall all of these. If you really need Java make sure it's up to date all the time.

Java(TM) 6 Update 15 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416015FF}) (Version: 6.0.150 - Sun Microsystems, Inc.)
Java(TM) 6 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216015FF}) (Version: 6.0.150 - Sun Microsystems, Inc.)
Java(TM) SE Development Kit 6 Update 15 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160150}) (Version: 1.6.0.150 - Sun Microsystems, Inc.)
 

Thank you

Ron

 

Edited by AdvancedSetup
Link to post
Share on other sites
muesik

muesik

Posted
  • Author
Posted

Many thanks for this, Ron.

(1)  I will try uninstalling McAfee and follow up as you suggest.  I have for some time excluded MWBytes files from McAfee scans; perhaps I have not included them all.  The following pic shows what I have excluded:

image.png.eaa85031eacddd9a9014ea46258a8d5e.png

(2) This whole business began when I reinstalled WIndows 7 a couple of months ago.  MWBytes 3.1.1 was working fine before then.  The 200+ updates needed to bring OS into line with today's Win 7 have caused me major problems; not least because Windows Update stopped working and I had to get around that.  I have installed all security updates, but ought not to upgrade to IE 11 until I have installed some other Windows updates, which are currently failing.  I could try prioritising IE11, as long as it doesn't then compromise some of the other Win7 updates waiting in the wings.  The securtiy angle is, as you say, important.

(3) I am not knowledgeable enough to know whether I need Java!!  I use the internet quite a lot, not for streaming but for information, plus the occasional software download.  I'll update anyway.

Link to post
Share on other sites
muesik

muesik

Posted
  • Author
Posted

Right.  You need to know this...

I disabled every bit of McAfee, switched on Rootkit Scan, and it held when I put MWB off and on again.  So I tried a full MWB scan.  Rootkit scan appears in the progress train: hurrah!  But having rootkit-scanned 320 items, it not only hangs (10 minutes and counting) but locks up the computer.  I can't even take a pic of the screen to show you.  Task Manager shows requests for other software queuing (Snipping Tool, Word, for example)  and I have had to change computers to add this info.  CPU usage minimal.

If I try to cancel the scan, that fails.  I can kill MWB with the corner-X; but computer is still locked up.  Nothing will load at all; MWB won't reload either

I am waiting for a change; haven't tried reboot yet.  But that's a bit tricky too, because of the 90+ win7 updates pending that it wants to install.  I usually get around that by doing a hard break.  That'll unlock the computer alright; but it might also lose valuable diagnostic information.

Next move??

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

As long as no Windows updates have actually started the install process, then they won't be lost and will pick back up again after a restart. At this point it looks like you'll need to do a hard restart.

For now, don't use the rootkit scanner until we get your other issues with updates resolved. There are means, methods, tools to fix that stuff.

It's quite late for me and I'll probably be heading out soon. We can pick back up on this again sometime tomorrow.

Ron

 

Link to post
Share on other sites
Firefox

Firefox

Posted
Posted

FYI here are the files that need to be excluded in your McAfee... (in case you my have missed any)

I would like you to add these files to your Anti-Virus exclusions list as mentioned in this FAQ HERE (my list below includes the exe files as well)
 

  • C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\MbamPt.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
  • C:\Windows\system32\Drivers\farflt.sys
  • C:\Windows\System32\drivers\mbae64.sys
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\MBAMChameleon.sys
  • C:\Windows\System32\drivers\MBAMSwissArmy.sys
  • C:\Windows\System32\drivers\mwac.sys

Also please exclude the following folders too: (The complete folder)

  • C:\Program Files\Malwarebytes\Anti-Malware
  • C:\ProgramData\Malwarebytes\MBAMService

Link to post
Share on other sites
muesik

muesik

Posted
  • Author
Posted (edited)

More thanks.  Things appear to be improving following all the helpful suggestions.  Situation not helped by my having installed an older version of Win 7 and trying to catch up with the multitude of upgrades.  Win platform is not as stable as I wd like.  But the resolution of the conflict with McAfee is really sorting stuff out.  There are some here that I had missed.

Edited by muesik
Incomplete info
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Once you think things are working a bit better, if you still need help then reboot the computer a couple of times and then run a new FRST scan with a new Additions.txt log and post those back and let us know what issues you're still having and we'll see what we can do to help you out further.

Cheers

Ron

 

Link to post
Share on other sites
muesik

muesik

Posted
  • Author
Posted

Hi, Ron

Everything appears to be back to normal this morning.  Done a complete MWB scan in 4 mins (took 28 yesterday).  CPU% at normal levels.  Your collective advice appears to have settled the punch-up between MWB and McAfee, which was at the bottom of it all.  I would say that my attempts to complete Win 7 upgrades (ongoing problem) have contributed to the slowdown, and I've suspended that pro tem so I can use my computer rather then wrestling with it.

If problems reappear related to MWB I will follow your latest advice and send you the results of another FRST scan.

Besy wishes

Mik

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept