Jump to content

Malwarebytes 3.3.1 Performance

Aventura
 Share

Recommended Posts

Porthos

Porthos

Posted
Posted
5 minutes ago, Aventura said:

Malwarebytes Premium 3.3.1 rebooted my PC without my permission while I was reading an article on line.

How to prevent such mishap in future ?

Regards

Let's try and get some logs first so the team can review them and see if they can tell what may be causing your issues....

  1. FIRST: Create and obtain Farbar Recovery Scan Tool (FRST) logs Tell any program that blocks it to ignore or allow. It IS SAFE.
  2. Download FRST and save it to your desktop
    NOTE: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
  3. Double-click to run FRST and when the tool opens click "Yes" to the disclaimer
  4. Press the "Scan" button
  5. This will produce two files in the same location (directory) as FRST: FRST.txt and Addition.txt
    NOTE: These two files will be collected by the MB-Check Tool and added to the zip file for you
  6. NEXT: Create and obtain an mb-check log
  7. Download MB-Check and save to your desktop
  8. Double-click to run MB-Check and within a few second the command window will open, then click "OK"
  9. This will produce one log file on your desktop: mb-check-results.zip
  10. Attach this file to your forum post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area
Link to post
Share on other sites
Porthos

Porthos

Posted
Posted (edited)
54 minutes ago, Aventura said:

I am eager to hear your verdict allowing you to  review the created three log files.

Quote

"autoClean" : true,            "autoRestart" : true,     

Uncheck the box in the below screenshot.

 

auto restart.png

Edited by Porthos
Link to post
Share on other sites
Aventura

Aventura

Posted
  • Author
Posted

Porthos,

I appreciate for your prompt help.

I unchecked "Restart computer when required for threat removal" that option is under Edit Scheduled Scan advanced settings. I have never looked at the advanced settings.

So, Malwarebyte is set as a default for Autorestart  like Windows 10 when an update gets downloaded. In Windows 10 I spotted that trick but I did not recognize that MB uses the same.

Also,  I set as exclusions the mentioned six MB executable files and six system files in Norton Security.

Regards

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
1 hour ago, Aventura said:

The problem with my PC happened on 12/10/2017 between 6 and 8 PM.

The log below shows the time and detection.

 

569A6C965F497A05502A9A134A553388F763152302DED94C2BCDA33FBAAFBC6B
{
   "applicationVersion" : "3.3.1.2183",
   "clientID" : "b032fa8a-cd77-11e7-bc3f-00123f7393b4",
   "clientType" : "scheduledScan",
   "componentsUpdatePackageVersion" : "1.0.262",
   "cpu" : "x86",
   "dbSDKUpdatePackageVersion" : "1.0.3461",
   "detectionDateTime" : "2017-12-10T22:18:16Z",
   "fileSystem" : "NTFS",
   "id" : "04ff66a9-ddf8-11e7-947e-00123f7393b4",
   "isUserAdmin" : true,
   "licenseState" : "licensed",
   "linkagePhaseComplete" : true,
   "loggedOnUserName" : "System",
   "machineID" : "",
   "os" : "Windows 10 (Build 16299.64)",
   "schemaVersion" : 5,
   "sourceDetails" : {
      "objectsScanned" : 269625,
      "scanEndTime" : "2017-12-10T23:23:30Z",
      "scanOptions" : {
         "pumHandling" : "detect",
         "pupHandling" : "detect",
         "scanArchives" : true,
         "scanFileSystem" : true,
         "scanMemoryObjects" : true,
         "scanPUMs" : true,
         "scanPUPs" : true,
         "scanRookits" : true,
         "scanStartupAndRegistry" : true,
         "scanType" : "threat",
         "useHeuristics" : true
      },
      "scanResult" : "completed",
      "scanStartTime" : "2017-12-10T22:18:16Z",
      "scanState" : "completed",
      "type" : "scan"
   },
   "threats" : [
      {
         "linkedTraces" : [

         ],
         "mainTrace" : {
            "cleanAction" : "quarantine",
            "cleanContext" : {
            },
            "cleanResult" : "successful",
            "cleanResultErrorCode" : 0,
            "cleanTime" : "2017-12-10T23:24:00Z",
            "generatedByPostCleanupAction" : false,
            "id" : "17776d84-ddf9-11e7-8aa9-00123f7393b4",
            "linkType" : "none",
            "objectMD5" : "",
            "objectPath" : "HKU\\S-1-5-21-2583165754-1090462461-3440209073-1001\\SOFTWARE\\csastats",
            "objectSha256" : "",
            "objectType" : "regKey",
            "suggestedAction" : {
               "chromeExtensionOther" : false,
               "chromeExtensionPreferences" : false,
               "chromeExtensionSecurePreferences" : false,
               "chromeExtensionSyncData" : false,
               "chromeUrlOther" : false,
               "chromeUrlSecurePreferences" : false,
               "chromeUrlSyncData" : false,
               "chromeUrlWebData" : false,
               "fileDelete" : false,
               "fileReplace" : false,
               "fileTxtReplace" : false,
               "folderDelete" : false,
               "minimalWhiteListing" : false,
               "moduleUnload" : false,
               "noLinking" : false,
               "physicalSectorReplace" : false,
               "priorityHigh" : false,
               "priorityNormal" : false,
               "priorityUrgent" : false,
               "processUnload" : false,
               "regKeyDelete" : true,
               "regValueDelete" : false,
               "regValueReplace" : false,
               "treatAsRootkit" : true,
               "useDDA" : false
            }
         },
         "ruleID" : 260986,
         "rulesVersion" : "1.0.3461",
         "threatID" : 2,
         "threatName" : "PUP.Optional.InstallCore"
      }
   ],
   "threatsDetected" : 1
}

Link to post
Share on other sites
Aventura

Aventura

Posted
  • Author
Posted

I understand that.

The Quarantine log file shows event PUP.Optional. InstallCore effecting the registry key HKU on 12/10/17 at 6:24 PM.

In my opinion, MB engineering should redesign the software: When MB finds anything rather putting this PUP in  quarantine  - it  reboots the PC when scheduled scan overlaps  the time

frame when a user operates the machine.

The user shall be allowed later to reboot the PC.   

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept