Scanning for rootkits

[jcrackcorn]

Scanning for rootkits takes forever and a day. Does it EVER end?

[Firefox]

Hello and Welcome

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:
NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

• Download Malwarebytes Support Tool
• Once the file is downloaded, open your Downloads folder/location of the downloaded file
• Double-click mb-support-X.X.X.XXXX.exe to run the program
  
  • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
    
  
  
• Place a checkmark next to Accept License Agreement and click Next
• You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!"
• Click the Advanced Options link
  
• Click the Gather Logs button
  
• A progress bar will appear and the program will proceed to gather troubleshooting information from your computer
• Upon completion, click OK
• A file named mbst-grab-results.zip will be saved to your Desktop
• Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
   

  To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.
  
  

One of our experts will be able to assist you shortly.

[exile360]

Enabling the rootkit scan does cause scans to take substantially longer due to the fact that the rootkit scanner/driver performs raw, low level disk and file analysis which is much slower and far more resource intensive.  This is the primary reason that it is disabled by default.  That said, it shouldn't take too long, however that also depends on the type of scan being run.  I would highly recommend only using rootkit scanning when performing a Threat scan because that particular scan type was designed deliberately to look in all of the known locations where malware installs, including rootkits, so enabling rootkit scanning for a custom or full scan will take much longer but will be very unlikely to actually find any active threats/rootkits that the Threat scan would not (particularly since rootkits by their very nature are limited to only installing in specific locations such as the boot partition of the active system drive, the drivers folder under X:\Windows\System32\drivers where "X" is the drive letter of the partition where Windows is installed and a few other areas, all of which are included in the Threat scan when rootkit scanning is enabled.

With that said, other software running on the system may also slow things up such as other antivirus/anti-malware software or other disk or system monitoring software.  And of course if the system is currently infected, that can also slow things down.  In these cases it might help if you were to boot into Safe Mode and try the scan there to see if it is able to complete more quickly, but only as a last resort as it is far easier for Malwarebytes to identify threats when they are active, running in normal mode (though specifically with regards to rootkits it doesn't likely make much difference if any as they should still be evident to the scanner even in Safe Mode).

If you are performing a Threat scan and it is taking a long time, then please do follow the instructions above from Firefox as that will help us to try and figure out what might be causing the problem.