Jump to content
bithead

3.4.5 sends PC into coma

Recommended Posts

I've been running the free version of MWB for about a year on a PC running Windows 10 Education 64-bit.  On 4/9 I received a message indicating that an update existed and opted to install it.  I was surprised that the update also installed the Premium Trial version in the process, considering that my 14-day trial was over many months ago.

I leave this PC on 24x7, and on the morning of 4/10 I found it to be unresponsive. After several minutes of trying to get to where it could be gracefully shut down, I gave in and held down the power button until it powered off.  On 4/12, this happened again, and again on 4/13.  On 4/13, I ran chkdsk in case all of the ill-advised power-cycling had created new problems - it was running when I left for the weekend.  

On Monday 4/16, all seemed OK - chkdsk claimed not to find any problems and the PC was working.  Then on the morning of 4/17, the same issue occurred.  On 4/17, I uninstalled MWB and on 4/18, all was OK again.  On 4/18 I reinstalled the Premium Trial v3.4.5.  On 4/19 (today), the PC was unresponsive again. 

Reliability Monitor shows one MWB crash on 4/10, the morning after the update, but none since then:

Source
Malwarebytes Service

Summary
Stopped working

Date
‎4/‎10/‎2018 3:58 AM

Status
Report sent

Description
Faulting Application Path:    C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe

Problem signature
Problem Event Name:    APPCRASH
Application Name:    mbamservice.exe
Application Version:    3.1.0.643
Application Timestamp:    5ab294e4
Fault Module Name:    arwlib.dll
Fault Module Version:    3.0.0.613
Fault Module Timestamp:    5aa00e7b
Exception Code:    c0000005
Exception Offset:    00000000000740a9
OS Version:    10.0.16299.2.0.0.256.121
Locale ID:    1033
Additional Information 1:    d8c4
Additional Information 2:    d8c441bd4da5afc4fe4d1382535a0af4
Additional Information 3:    e237
Additional Information 4:    e237b1077cfe4cdb6fa9f1a1f1352556

Extra information about the problem
Bucket ID:    f8ebba856b271b24a932adb7713cbe29 (1815704603174157865)
 

The only other AV on this machine is Windows Defender, and it has been running on it "forever".  It seems the 3.4.5  version of MWB is at odds with something on this PC, causing it go comatose in the middle of the night, and I'm looking for a cure that doesn't involve the power button.  TIA for any assistance.

 

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven't done so already, please run these two tools and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Farbar Recovery Scan Tool (FRST)
    1. Download FRST and save it to your desktop
      Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
    2. Double-click to run FRST and when the tool opens click "Yes" to the disclaimer
    3. Press the "Scan" button
    4. This will produce two files in the same location (directory) as FRST: FRST.txt and Addition.txt
      • Leave the log files in the current location, they will be automatically collected by mb-check once you complete the next set of instructions
  • MB-Check
    1. Download MB-Check and save to your desktop
    2. Double-click to run MB-Check and within a few second the command window will open, press "Enter" to accept the EULA then click "OK" 
    3. This will produce one log file on your desktop: mb-check-results.zip
      • This file will include the FRST logs generated from the previous set of instructions
      • Attach this file to your forum post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Share this post


Link to post
Share on other sites

We've seen a couple reports like this, but have had trouble finding the root cause so far. Can you please grab the logs mentioned above so we can take a look? Thanks!

Share this post


Link to post
Share on other sites

I think I have the same problem.

Some aspects of Windows freezes for a long time while other works like nothing is wrong.

For example starting new programs won't work.

There are no crashes or similar in event log. Only thing that is off is that there is a high cpu usage in code running from arwlib.dl

I have so far always rebooted to fix this so I don't really know if it fixes it self if I just waited long enough. But that would be more than 10 minutes

This doesn't happen often. Have a feeling it may be happening after I haven't used the computer for a while and it has been in sleep state since last use.

 

/Chris

Share this post


Link to post
Share on other sites

It makes sense that arwlib.dll would be involved as that's a component of Ransomware Protection (ARW stands for Anti-Ransomware) and the Ransomware Protection component is fairly notorious for creating higher background resource usage than the other real-time protection components.  I suspect that disabling Ransomware Protection would resolve the issues being reported without the need for a system restart if you are able to turn it off.  It can be disabled by right-clicking the Malwarebytes tray icon and clicking Ransomware Protection: On or by switching the setting beneath Settings>Protection>Ransomware Protection: Prevents malware infections to the Off position.

Share this post


Link to post
Share on other sites

While that may be true about arwlib.dll, turning it off would not fix the cause of the problem.  If that dll is the culprit then it seems that it is misbehaving in a way that over time consumes resources that are never released back to the OS. 

And, no offense intended, but who is to say you're not baiting me to disable the ARW feature, thereby opening myself to a ransomeware attack?

Share this post


Link to post
Share on other sites

I reported the same issue last week. PC freezes up during the night. Malwarebytes ransomware protection is the cause. It was supposed to be fixed in the latest update but was not. Turning off ransomware fixes the issue. Just for grins I turned ransomware back on last night. This morning my PC was frozen again. Running the last few nights without it results in a non frozen PC in the morning. Except for last night. I am leaving ransomware protection off from now on. And if it does not get fixed before my 1 year subscription expires I will just go back to the free version when it does expire.

Share this post


Link to post
Share on other sites
1 hour ago, bithead said:

While that may be true about arwlib.dll, turning it off would not fix the cause of the problem.  If that dll is the culprit then it seems that it is misbehaving in a way that over time consumes resources that are never released back to the OS. 

And, no offense intended, but who is to say you're not baiting me to disable the ARW feature, thereby opening myself to a ransomeware attack?

That's correct, it's an issue with the Ransomware Protection component.  Disabling it isn't a solution, just a temporary workaround until it (hopefully) gets fixed by the Developers.

I'm ranked as an "expert" here on the forums, have been a member here pretty much since the beginning, back before Malwarebytes Anti-Malware even existed (during the days of RogueRemover), worked for Malwarebytes as their first QA, then their first Product Manager and was employed by them for approximately 8 years and now work for them as an independent contractor helping out here on the forums where I have over 18,000 posts currently.  Were I some new, unknown user then sure, I could see reason for suspicion, but Malwarebytes wouldn't grant the rank of expert to anyone they didn't trust to give sound advice here on the forums (no one can become an expert without the approval of the Malwarebytes forum administrators who themselves are employees of the company).

One more thing you must understand is that Ransomware Protection isn't actually a preventative protection module as much as it is a failsafe.  It monitors for known ransomware behavior in memory by watching the activities/actions of the various processes and threads running in memory and flags anything that trigger a detection based on its behavioral rules.  It's sort of like a HIPS with limited scope.  For the most part, the other protection components in Malwarebytes should be fully capable of preventing infection, especially the more proactive components like Web Protection and Exploit Protection which guard against infection by defeating threats much earlier in the attack chain by blocking the known sources of malware as well as defeating the exploits which are the most common means of ransomware infiltrating systems in the first place, so the addition of the Ransomware Protection component is more of a fallback measure just in case something gets past the other modules and becomes active on the system and then tries to encrypt files.  Even the Malware Protection component, which uses more traditional threat signatures as well as more advanced heuristics and file structure based 0-day threat detection algorithms would see a threat before the Ransomware Protection module would because it analyzes processes as soon as they attempt to launch into memory, before they have the opportunity to perform any actions like attempting to encrypt files or do any of the other things that might set off Ransomware Protection.

I'm not saying it's a good idea to leave it off all the time, but if the system isn't functional to the point where your choices are to wait for a fix from the Developers and either live with the problem (which isn't viable if the system is rendered unusable due to the performance issues), to terminate Malwarebytes completely or uninstall it, or simply to disable a single module while still retaining the protection of all the other layers in Malwarebytes, then the last option is by far the safest as well as the most viable, assuming the problem is as severe on your system as it is on others' who have reported these issues where their systems end up pretty much locking up eventually.

Obviously the decision is yours on what to do, I'm just offering a possible workaround while we await a fixed version of Malwarebytes.  It isn't something that can be fixed by adding an exclusion or changing some inconsequential setting unfortunately.  That's why the Support guys are in these threads gathering data.  They know that the issue has no fix right now and they are trying to acquire enough data to replicate the issue and find the root cause of the problem for the Developers so that they can hopefully fix it in a future Malwarebytes release, otherwise they'd have an FAQ up on what to do to fix the issue, but they don't.

Share this post


Link to post
Share on other sites

ram220 - Thanks for the confirmation.  Of course another solution is to uninstall MWB and move on to something else.  This trial period is not making the product look very appealing.

Share this post


Link to post
Share on other sites

exile360 - Thanks for the additional explanation.  As for me being suspicious, I'd say it's general paranoia more so than suspicion.  Although I will admit that while writing my previous reply from a mobile device, I missed your "experts" rating off to the side.

Share this post


Link to post
Share on other sites

No worries, I just wanted to explain why I was giving the advice that I was and why Ransomware Protection, while nice to have, isn't nearly as critical or proactive as many of the other layers of protection in Malwarebytes 3 that operate to thwart attacks much earlier in the attack chain.

Share this post


Link to post
Share on other sites

Running without Ransomware Protection enabled, it took longer, but over the weekend the PC went comatose again.  Guess I'll try without running MWB at all and see what happens...

Share this post


Link to post
Share on other sites

Would you mind testing out the new beta to see if it resolves this issue?  If so, then open Malwarebytes and go to Settings>Application and scroll down to the bottom of the page where it says Beta Application Updates and enable the option underneath, then scroll back up to the top of the page and click on the Install Application Updates button and you should be prompted to download/install the new beta release.  Allow it to download and install and then reboot if required to complete the installation process then test to see if it fixes this issue or not.

If you do decide to try the beta, please let us know how it goes.

Thanks

Share this post


Link to post
Share on other sites

The beta seems to have worked so far. My wallpaper engine loaded my wallpaper fast like usual, whereas before it took minutes to load. Opened chrome and task manager pretty fast too. Steam took a while but it was installing an update so I think everything is ok. I will let you know If something goes wrong.

Share this post


Link to post
Share on other sites

Yeah, when Steam is loading/installing an update it usually takes quite a while to load up/display the first window and tray icon etc. (I use Steam myself) so that's pretty typical, with or without Malwarebytes.

Thanks for testing and please do let us know if you run into any issues, but hopefully the beta's got it corrected for you.

Share this post


Link to post
Share on other sites

Is malwarebytes supposed to show in the system tray? I remember it did but I don’t see it there anymore. Just wondering .

Share this post


Link to post
Share on other sites

Yes, it should, at least if you're running the paid/Premium version or the free trial of the Premium version.  If it isn't, there could be a problem with its installation.

Edited by exile360

Share this post


Link to post
Share on other sites

Yes I am using the premium version. It’s not a big deal, as long as malwarebytes works I’m fine.

Share this post


Link to post
Share on other sites

Well, the process for the tray is called mbamtray.exe and should be launched automatically by MBAMService.exe.  Make sure both are running, and if not, try restarting the system one more time to see if that resolves it.  If it doesn't, go ahead and do the following:

  1. Download and run the Malwarebytes Support Tool
  2. Accept the EULA and click Advanced Options on the main page (not Get Started)
  3. Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply

Share this post


Link to post
Share on other sites

Checked task manager and no malwarebytes programs are running. I will use that tool to attach logs soon.

 

edit: I manually ran the tray application from the folder and it is there now.

Edited by Cody712

Share this post


Link to post
Share on other sites

In my task manager I don’t see a show processes from all users.  But under the details tab I do see a MBAMservice.exe running.

Share this post


Link to post
Share on other sites

Ah, understood, thanks.  If you open Malwarebytes, does it show all of the protection components as being enabled/on (look at the upper right side of the Dashboard tab)?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.