Jump to content

Understanding the Report

Recommended Posts

I installed Premium last week and two scans have run. The first one took about an hour 40 mins (1:39:27) and scanned 520,805 objects - per the log report. Tonight the scan ran again but took 3:21:52 while also reportin 520,805 scanned objects. I didn't use the PC during tonight's scan but when I looked in on the progress at one point the app was reporting well into 900,000 objects scanned. Can anyone explain the discrepancy in the 900,000 vs the reported 520,805? And, why tonight's scan took almost two hours longer? (The first scan I *don't think* I was using the PC either - but maybe it went to sleep overnight?) Thanks in advance!

Link to post
Share on other sites

  • Staff

***This is an automated reply***


Thanks for posting in the Malwarebytes 3 Help forum.


If you are having technical issues with our Windows product, please do the following: 


If you haven't done so already, please run these two tools and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Farbar Recovery Scan Tool (FRST)
    1. Download FRST and save it to your desktop
      Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
    2. Double-click to run FRST and when the tool opens click "Yes" to the disclaimer
    3. Press the "Scan" button
    4. This will produce two files in the same location (directory) as FRST: FRST.txt and Addition.txt
      • Leave the log files in the current location, they will be automatically collected by mb-check once you complete the next set of instructions
  • MB-Check
    1. Download MB-Check and save to your desktop
    2. Double-click to run MB-Check and within a few second the command window will open, press "Enter" to accept the EULA then click "OK" 
    3. This will produce one log file on your desktop: mb-check-results.zip
      • This file will include the FRST logs generated from the previous set of instructions
      • Attach this file to your forum post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area

One of our experts will be able to assist you shortly.


If you are having licensing issues, please do the following: 


For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 


Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

  • Staff

Greetings :)

What types of scans are these, Custom scans?  I ask  because that's a really long time and a very large number of items for it to be scanning.  For reference, it is generally best to primarily rely on the Threat scan as it was developed specifically by the threat Research team to look in all of the places that malware likes to hide and install itself, and besides that, even if a threat were active on your system but running from a non-standard location, Malwarebytes would still likely catch it because it checks all processes/threads/modules loaded into memory and the files that they belong to regardless of where they are located and it also checks all known loading points such as the various startup folders and RUN keys in the registry along with the Uninstall keys and many others in order to locate threats and their various traces/components, and thanks to a special capability within the scan engine called Linking, it is able to trace a threat's installation across multiple locations and objects based on as few as a single detected trace (such as a single startup entry in the registry and/or a single file found on disk) which it can use to extrapolate where other components are installed/hiding so that it is able to strip out all components of an infection (this is also one of the key reasons why Malwarebytes is known for having such excellent remediation capabilities).  The Research team can also modify/add to the locations checked during the default Threat scan through database updates without having to push out a new program version so whenever a new location is found to be used by malware, they can add it and have it included in the default scan type which means it is as dynamic as it needs to be since they can change it on the fly.

That said, I do not know why there was such a large discrepancy between the number of objects scanned during the scan and the total number of objects scanned at the end, however it may have been a bug with the scan engine or database which also might account for the difference in total scan times.  For example there is a known issue where occasionally the scan will get stuck in a "loop" of sorts inside a directory while recursively checking within a nested folder structure and it will cause it to appear to be scanning the same location over and over with the name of the directory repeating itself so that might be it.  There are also occasional problems caused by some rules/signatures in the database, and since it is almost certain that different databases where used during the two scans given the time between them, this could definitely account for it as well.

If you would like us to take a look at what's going on during scans you should do the following:

Create a Process Monitor Log:

  • Create a new folder on your desktop called Logs
  • Please download Process Monitor from here and save it to your desktop
  • Double-click on Procmon.exe to run it
  • In Process Monitor, click on File at the top and select Backing Files...
  • Click the circle to the left of Use file named: and click the ... button
  • Browse to the Logs folder you just created and type MB3 Log in the File name: box and click Save
  • Exit Process Monitor and open it again so that it starts creating the logs
  • Open Malwarebytes and perform your scan.  Allow it to run until it completes.
  • Close Process Monitor
  • Right-click on the Logs folder on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
  • Please attach the Logs.zip file you just created to your next reply, or if it is too large, please upload it to WeTransfer and provide us with the link to the file

You should also download and run the Malwarebytes Support Tool, and after accepting the EULA, click Advanced Options at the bottom and then click on the Gather Logs button then attach the mbst-grab-results ZIP folder it creates to your next reply here.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.