Jump to content
Xirw

Hangs during registry scan

Recommended Posts

When I run mbar-1.10.3.1001.exe, every time I get to the scanning registry part, the program stops working after that and it won't let me kill the process. (Says Access Denied)

 

Its been awhile since I've used this forum but I've attached some logs which might help figure this out.

 

forum.rar

Share this post


Link to post
Share on other sites

Greetings,

I'm not sure why it's getting hung up during the scan, but the self-protection driver it uses to guard itself against termination by malware is the most likely reason you're unable to kill its process and why you're seeing an access denied message when you try.

Please try running Malwarebytes to see if it is able to complete a scan:

Download and install Malwarebytes 3 from here and once installed, open it and navigate to Settings>Protection and under Scan Options enable the Scan for rootkits option then return to the Dashboard tab and click on the Scan Now button and allow it to scan your system for threats then have it remove anything it finds, then restart the system if prompted to complete the threat removal process.

Please let me know how it goes.

Thanks

Share this post


Link to post
Share on other sites

Hey thanks for the reply. I have done all that and it came up clean (even with the rootkit option enabled) 

Do you think this has something to do with ZoneAlarm? Ever since it got last updated about a month or two ago, I think it was around that time I noticed mbar started doing this. Because it always would finish fine before. 

Share this post


Link to post
Share on other sites

That's certainly a possibility.  If ZA is interfering with MBAR's driver or scan engine that could easily cause such behavior, and if you're using the paid version of ZA it's even more likely as it uses Kaspersky I believe as its AV engine, which has been known to occasionally have conflicts with some Malwarebytes components and drivers.  You can test that theory by temporarily disabling ZA if you wish, then trying an MBAR scan again, though it really shouldn't be necessary from a security standpoint as MBAR currently has no capabilities or detection signatures included in it that haven't been integrated into Malwarebytes 3 with rootkit scanning enabled.

By the way, as long as ZA doesn't start in Safe Mode, you can try scanning with MBAR there if you have trouble disabling ZA in normal mode, though again it really isn't necessary I don't think since you got Malwarebytes 3 to complete a scan.

Share this post


Link to post
Share on other sites
5 hours ago, exile360 said:

That's certainly a possibility.  If ZA is interfering with MBAR's driver or scan engine that could easily cause such behavior, and if you're using the paid version of ZA it's even more likely as it uses Kaspersky I believe as its AV engine, which has been known to occasionally have conflicts with some Malwarebytes components and drivers.  You can test that theory by temporarily disabling ZA if you wish, then trying an MBAR scan again, though it really shouldn't be necessary from a security standpoint as MBAR currently has no capabilities or detection signatures included in it that haven't been integrated into Malwarebytes 3 with rootkit scanning enabled.

By the way, as long as ZA doesn't start in Safe Mode, you can try scanning with MBAR there if you have trouble disabling ZA in normal mode, though again it really isn't necessary I don't think since you got Malwarebytes 3 to complete a scan.

It is 100% zone alarm free edition. I first tried in Safe mode which made it work, then normally with ZA disabled and it worked. Thanks for all your help. 

Share this post


Link to post
Share on other sites
On 9/18/2018 at 12:52 AM, exile360 said:

Excellent, thanks for the confirmation.  If there's anything else we can assist you with please let us know.

Thanks

Unfortunately there is. I don't know if I should make a new topic for this or not so just let me know. Having Game Mode permanently on for ZoneAlarm seemed to work for that, but I noticed that with ObjectDock enabled, it hangs at the very same spot.

When I boot windows with ObjectDock disabled, it works fine. This was completely out of nowhere since MBAR always worked fine with me for years with ObjectDock.

I don't understand what happened. And its not just MBAR. Another program that used to work fine with ObjectDock was a ps3 emulator called rpcs3 but for whatever reason that program wont boot either unless objectdock is disabled.

I can't even say that there was any kind of update to ObjectDock recently because I haven't updated it in a long time.

Share this post


Link to post
Share on other sites

That is odd.  It sounds like perhaps either something else on your system is interacting with ObjectDock to cause this, or else perhaps there is some kind of corruption going on with some aspect of ObjectDock itself.

I suppose the first thing to try would be to reinstall ObjectDock and then restarting your system to see if that alleviates the issue.  Please give that a try first, and if unsuccessful, see if perhaps there is a new version of ObjectDock available and try installing that instead of your existing version to see if that fixes the problem.

If the problem still persists then maybe running chkdsk /r from an administrative command prompt would help.  To do so, click on START and type in cmd and then when you see cmd.exe listed at or near the top of the START menu, right-click on it and select Run as administrator and then click Yes if prompted by User Account Control.  In the command prompt window that opens type the following and then press Enter and allow it to complete, allowing it to restart your system if prompted to do so to complete the repair process:

chkdsk /r

More information on using chkdsk can be found here.

Share this post


Link to post
Share on other sites
16 minutes ago, exile360 said:

That is odd.  It sounds like perhaps either something else on your system is interacting with ObjectDock to cause this, or else perhaps there is some kind of corruption going on with some aspect of ObjectDock itself.

I suppose the first thing to try would be to reinstall ObjectDock and then restarting your system to see if that alleviates the issue.  Please give that a try first, and if unsuccessful, see if perhaps there is a new version of ObjectDock available and try installing that instead of your existing version to see if that fixes the problem.

If the problem still persists then maybe running chkdsk /r from an administrative command prompt would help.  To do so, click on START and type in cmd and then when you see cmd.exe listed at or near the top of the START menu, right-click on it and select Run as administrator and then click Yes if prompted by User Account Control.  In the command prompt window that opens type the following and then press Enter and allow it to complete, allowing it to restart your system if prompted to do so to complete the repair process:

chkdsk /r

More information on using chkdsk can be found here.

Thanks I'll try that later when I get home and update you on how it goes. The only thing that would make sense at this point would be corruption. I think it came from a time when I had to use Acronis and objectdock was installed on a separate disk so that technically didn't get restored when I restored the older date of my OS. So I'm hoping it's just that. 

Share this post


Link to post
Share on other sites

Ah, that makes sense.  If it had something like its configuration files stored on the disk that wasn't restored while other copies were in memory while it was running and there's a clash between what the config files say and info in the registry and/or on disk on the local disk that was restored that could well have caused such corruption.

Hopefully the reinstall resolves it, but definitely keep us posted.

Thanks

Share this post


Link to post
Share on other sites
4 hours ago, exile360 said:

Ah, that makes sense.  If it had something like its configuration files stored on the disk that wasn't restored while other copies were in memory while it was running and there's a clash between what the config files say and info in the registry and/or on disk on the local disk that was restored that could well have caused such corruption.

Hopefully the reinstall resolves it, but definitely keep us posted.

Thanks

Hey, just wanted to say that after reinstalling ObjectDock everything seems to be finally working again. Thanks again for all your help!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.