Jump to content

Malwarebytes freezes computer after virus attack


Recommended Posts

 

The story so far:

I was using Firefox in an unprotected mode by mistake. A webpage redirected me to a virus site and started to download a virus. I panic and switch it off at the mains, hoping a half-downloaded virus is better than a totally downloaded one.

When I switched the computer back on it took over 20 minutes to boot. I found out various system processes were hanging on start-up and being retried repeatedly, hence the delay. It seemed to have trouble with the software protection service and there are repeated errors in the events concerning the DCHP server.

Anyhow the first thing I do is run Malwarebytes antivirus, and it hangs at 19 seconds. That means a total crash where the keyboard interrupt is no more and the screen just shows what it last displayed. I try this process a few times and sometimes it is 19 seconds, sometimes I manage about 3.5 minutes.

I then go through a process of checking everything. I check the registry and clean it up with Ccleaner. I use the diagnostic tools of Windows to check system file integrity, run chkdsk, and of course I do a full scan using Defender. It was this that managed to find two viruses. Other than that Windows seems to report clean health.

The results mentioned Java/CVE-2010-0840 Here is a description:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840

The other one was trojandownloader:097M/Donoff

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=TrojanDownloader%3AO97M%2FDonoff

OK so having done all of that it was still taking over 20m to boot, the virus had knocked out the language bar so the keyboard would not work on the search box of Windows. I manually fixed that.

Then I try reinstalling Malwarebytes and find it reinstalls all the way to the last step, and where I press finish it freezes and then no program, just empty folders in the programs directory.

Then I try Chameleon. Now I thought I was getting somewhere, because it did successfully install the program, and it managed to update definitions. Now I’m running it with Chameleon protection and guess what? It freezes after only a few seconds into its initialisation sequence. I think I’ve tried the lot now except for the Windows reinstall. Fortunately the computer is still functional and most programs seems to work as normal, and no funny virus behaviour, but something does not like Malwarebytes, and I’ve never had this do it before, so clearly it is a virus which has got the better of it. Perhaps my issue could help you in your improvements to the product.

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column
    0. UI.png
  7. Click the Gather Logs button
    17. Advanced.png
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    19. System Repair Progress.png
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

Link to post
Share on other sites

Here is the log. One correction to my post above was I meant to say DCOM not DCHP. It keeps causing a system event error and this error recurs regularly, as if something is trying to do something and it can't. I have copied the details below.

It's Windows 10 by the way.


Log Name:      System
Source:        Microsoft-Windows-DistributedCOM
Date:          07/05/2019 22:51:26
Event ID:      10016

Task Category: None
Level:         Error
Keywords:      Classic
User:          DESKTOP-C4Q1RVC\Andrew
Computer:      DESKTOP-C4Q1RVC
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
 and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
 to the user DESKTOP-C4Q1RVC\Andrew SID (S-1-5-21-2696171996-3004693875-1020896668-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
    <EventID Qualifiers="0">10016</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2019-05-07T21:51:26.991821700Z" />
    <EventRecordID>14030</EventRecordID>
    <Correlation />
    <Execution ProcessID="588" ThreadID="7528" />
    <Channel>System</Channel>
    <Computer>DESKTOP-C4Q1RVC</Computer>
    <Security UserID="S-1-5-21-2696171996-3004693875-1020896668-1001" />
  </System>
  <EventData>
    <Data Name="param1">application-specific</Data>
    <Data Name="param2">Local</Data>
    <Data Name="param3">Activation</Data>
    <Data Name="param4">{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}</Data>
    <Data Name="param5">{15C20B67-12E7-4BB6-92BB-7AFF07997402}</Data>
    <Data Name="param6">DESKTOP-C4Q1RVC</Data>
    <Data Name="param7">Andrew</Data>
    <Data Name="param8">S-1-5-21-2696171996-3004693875-1020896668-1001</Data>
    <Data Name="param9">LocalHost (Using LRPC)</Data>
    <Data Name="param10">Unavailable</Data>
    <Data Name="param11">Unavailable</Data>
  </EventData>
</Event>

mbst-check-results.txt

Link to post
Share on other sites

Hi @AndrewC

Be very sure to run the Support tool  and attach the zip file  ( as per the automated reply above).   We cannot help you without that.

 

Chameleon tool is a older tool.   It is just not compatible with Malwarebytes 3 at all.  Just wished you had not used it.

Link to post
Share on other sites

12 minutes ago, Maurice Naggar said:

Hi @AndrewC

 

 

Chameleon tool is a older tool.   It is just not compatible with Malwarebytes 3 at all.  Just wished you had not used it.

No worries. I understand now why it did what it did. You see Malwarebytes3 had not installed on the system after I deleted it myself, so it must have installed an earlier version which should have been compatible. It asked if I wanted to install the later version but I declined. Besides, I had Malwarebytes3 originally and that exhibited similar behaviour, except it ran a little longer. At no time did it get into the main scan section. The reason I removed it was because I thought the virus may have corrupted its files. A clean install seemed like the best test of that theory.

Link to post
Share on other sites

Thanks for providing the zip file.   The reports reveal & Windows reports, it has Malwarebytes Anti-Malware version 2.2.1.1043

That is one entire version older than what is the current version .

That was the unfortunate by product of having run chameleon.   Lets not use it anymore.

 

Lets use the Support tool for the purpose of doing a clean new install for Malwarebytes for Windows.

Use this how-to-guide

Uninstall and reinstall using the Malwarebytes Support Tool
https://support.malwarebytes.com/docs/DOC-2674

 

At the end of that process, we need to see the installed version as 3.7.1.2839

 

Link to post
Share on other sites

OK, that almost worked. I ran the clean program, and after a lot of trouble I managed to get it to reboot, hence the delay in answering, and it worked fine until the very last stage. It had successfully downloaded, it had then got to the very end of the progress bar for the installation and did not get any further. After waiting a bit, I peeked into programs and saw a folder with stuff in it from the install, and then shortly after that the computer froze again. I’ve managed to get it to reboot, and checked and I think it has installed it, because the files appear to be there. It may have crashed because the install could have tried to load it. I do not want to reboot this machine more than necessary, so I would appreciate your advice on what to do next.

Link to post
Share on other sites

Yes it is there alright. Is this install supposed to start it when it had finished, because I think the same thing will happen? The other thing I wondered was whether it would help if I tried to create another of those zip files to help with the diagnosis of the crash before trying  start it.

If i do end up with having to reboot It will take me a while to get back online. It seems to need more than one attempt. Last time it took 45 minutes from switch on.

Link to post
Share on other sites

I have just completed the scan. It didn’t freeze at all, but it took a very long time during the first phase (at least 3.5hrs). Now it has finally finished and it reports a scan time of 3h:5m, 404411 items scanned and 0 threats detected.

Link to post
Share on other sites

Hi,

It is good to read that the Malwarebytes Scan did finish & that it found no malware & no PUP.

Start Malwarebytes one more time.    Look on the Dashboard summary.   Do all shows as in good status?

 

Now then, this pc runs on Windows 10.   Its Windows Defender is a powerful plus.    Please do a new scan with Windows Defender.

Link to post
Share on other sites

I ran Malwarebytes again and it did the same as it did before. No threats found, scan time 3hrs 7ms.

I'm doing a full scan with Defender now. This took a whole day to do before, mainly because there are huge numbers of files on my system. It's predicting it will finish in another 12hrs. I'll keep you posted when it has.

Link to post
Share on other sites

Hi,

Glad to hear that the scans report no infection.

If a Malwarebytes regular threat scan is taking 3 hours, that is something that is out of expected norms.

Question:   Is it possible that this system has a super huge number of ZIP (compressed) files ?

Link to post
Share on other sites

I don't think there is an abnormally large amount. I have the Visual Studio programming environment and I have huge numbers of library files and that sort of thing.

The time is taken in the prescan checks bit. It gets past the updates bit OK  and once it is out of the next section it behaves perfectly normally. In my recollection of normal operation the prescan bit would take about ten seconds at most.

My guess at what is happening is that part of that section is trying to access part of the Windows system and it can't do it, so it keeps on polling without a timeout. It could be linked to the startup problem, because it looks like some of the low-level services are having trouble getting started. Why this should be, I have no idea. Two possibilities exist. Either there is a virus which is undetected, or the virus messed up part of Windows which Windows, in its checks, had overlooked. We know all the system files are legit.

Link to post
Share on other sites

The first time I was careful to do nothing what-so-ever to it during the scan. I checked that everything was closed down, started it and left the computer alone until it reported it had finished. The second time I was using Firefox while I was scanning and it didn't make any difference at all.

Link to post
Share on other sites

Hi @AndrewC ,

You have done a scan with Windows Defender & reported "The full scan with Defender has completed successfully now and it has confirmed that it is clean. "

You have done 2 scans with Malwarebytes and nothing was tagged as malware  or PUP.

I would suggest the following steps with the goal being to see about reducing the scan run time.

[ A ]
A new clean re-install of Malwarebytes.
Uninstall and reinstall using the Malwarebytes Support Tool
https://support.malwarebytes.com/docs/DOC-2674

[ B ]

Next,
Start Malwarebytes.   Click Settings.  Now look on the Application tab.
Scroll down to Impact of scans on system.
Select the line for  "Manual scans have high priority and will finish more quickly".

Now, click the Protection tab.
Scroll down to Scan options.
On the line "Scan within archives"   click that to OFF.

Hopefully all these steps will lead to a lower  scan run-times.

There is no reason to think there is a infection, given the results of the prior scans.

Cheers,

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.