w0lfrun Posted June 3, 2019 ID:1315576 Share Posted June 3, 2019 Have activated the pro version of MBAM as I was just using it to do periodic scans. I have activated MBAM to startup with windows startup. My question is, how long should it take for the mbamtray.exe icon to appear? I have timed it and it takes anywhere to from 80secs. to almost a 100secs.. Is this normal? Other tray icons appear instantly so I am curious as it seems on the slow side. Windows 7 64bit system here. Link to post Share on other sites More sharing options...
Staff Malwarebytes Posted June 3, 2019 Staff ID:1315577 Share Posted June 3, 2019 ***This is an automated reply*** Hi, Thanks for posting in the Malwarebytes 3 Help forum. If you are having technical issues with our Windows product, please do the following: Spoiler If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply: NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Download Malwarebytes Support Tool Once the file is downloaded, open your Downloads folder/location of the downloaded file Double-click mb-support-X.X.X.XXXX.exe to run the program You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent. Place a checkmark next to Accept License Agreement and click Next You will be presented with a page stating, "Get Started!" Click the Advanced tab on the left column Click the Gather Logs button A progress bar will appear and the program will proceed with getting logs from your computer Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so: Click "Reveal Hidden Contents" below for details on how to attach a file: Spoiler To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button. One of our experts will be able to assist you shortly. If you are having licensing issues, please do the following: Spoiler For any of these issues: Renewals Refunds (including double billing) Cancellations Update Billing Info Multiple Transactions Consumer Purchases Transaction Receipt Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 Thanks in advance for your patience. -The Malwarebytes Forum Team Link to post Share on other sites More sharing options...
exile360 Posted June 4, 2019 ID:1315629 Share Posted June 4, 2019 Greetings, It depends on your hardware and the other startups on your system to a certain extent obviously, but that definitely sounds like longer than normal. Please do the following so that we may take a look at your configuration to try and determine what might be the cause of the slow startup: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Thanks Link to post Share on other sites More sharing options...
w0lfrun Posted June 4, 2019 Author ID:1315657 Share Posted June 4, 2019 6 hours ago, exile360 said: Greetings, It depends on your hardware and the other startups on your system to a certain extent obviously, but that definitely sounds like longer than normal. Please do the following so that we may take a look at your configuration to try and determine what might be the cause of the slow startup: Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply Thanks mbst-grab-results.zip Link to post Share on other sites More sharing options...
exile360 Posted June 4, 2019 ID:1315659 Share Posted June 4, 2019 Thanks. Unfortunately it looks like the tool was unable to run some components due to being unable to access the internet. If you wouldn't mind, please try running the tool again, this time ensuring that you are connected to the internet and that the tool isn't being blocked by your firewall then upload the new ZIP file. I also found references to these programs in your logs and it is possible that one or more of them is slowing down Malwarebytes so if you haven't excluded Malwarebytes/configured it as a trusted application in these programs, assuming they also launch on startup then that could also be a contributing factor: NoVirusThanks Sandboxie Windows 10 Firewall Control VoodooShield I also spotted references to COMODO, though I'm unsure what COMODO program is installed. Also keep in mind that running too many security apps at the same time may also be affecting system performance as some combinations may not get along very well so you also might try disabling and/or removing each of those one at a time and restarting after each to see if removing or disabling any one or more of them helps. Link to post Share on other sites More sharing options...
w0lfrun Posted June 4, 2019 Author ID:1315660 Share Posted June 4, 2019 OK. Disabled VD shield and Firewall protection so hopefully this will work now. Am surprised about Comodo though. Ran the cleanup tool to clear it out, must be some remnants left over. mbst-grab-results.zip Link to post Share on other sites More sharing options...
exile360 Posted June 4, 2019 ID:1315693 Share Posted June 4, 2019 Thanks, it looks like it ran correctly that time. I'm seeing a lot of AV references, likely leftover components/traces from past installs. Some for Avast, Kaspersky, and there also appears to be at least one Group Policy restriction, though I'm not certain exactly what it is: GroupPolicy: Restriction ? <==== ATTENTION I also noticed UAC is not configured to its default setting: Consent Prompt Behavior Admin: Off Those last two likely aren't related but I thought you should be aware, especially if you didn't make those changes yourself. That said, I think I've discovered the root of the problem. Aside from having a pretty large number of security tools running at startup, you're running a pretty old system; a Pentium D from 2006 (I used to have the precursor to your model chip; the Pentium D 830 3.0GHz so I'm pretty familiar with its level of performance): Pentium(R) D CPU 3.40GHz Malwarebytes is a fairly demanding app, especially on startup and when launching scans as it has to load its various drivers and databases into memory, so that's likely the cause of the delay, just waiting its turn and doing its work to get its various components into memory while all those other startups are running, and since you've got a CPU that is limited to 2 threads and has relatively low IPC compared to most modern chips/systems, that likely accounts for the delays. As for the traces of those other AVs I found, if you want to try to remove them (I would if it were me), the following tools should prove useful: Avast Uninstall UtilityKaspersky Removal Tool Instructions for resetting UAC to its default settings can be found on this page if you wish to do so. The leftovers from COMODO probably either need to be removed by hand or by reinstalling the program temporarily then removing it normally via Programs and Features using its built in uninstaller, then if needed you can give the uninstall tool a shot again (I say this because you mentioned you already ran it, and also because they actually highlight that users should try the built in uninstaller first, and I suspect it is because they probably aren't thoroughly cleaning up every trace of the program which explains the leftovers we found): Comodo Uninstaller Tool Anyway, I hope this helps. I realize it isn't likely to eliminate the performance issue you're seeing with Malwarebytes, but it still may help your overall system performance and it doesn't hurt to remove these leftovers from past AVs as they can lead to issues with other programs sometimes. Link to post Share on other sites More sharing options...
w0lfrun Posted June 4, 2019 Author ID:1315695 Share Posted June 4, 2019 4 hours ago, exile360 said: Thanks. Unfortunately it looks like the tool was unable to run some components due to being unable to access the internet. If you wouldn't mind, please try running the tool again, this time ensuring that you are connected to the internet and that the tool isn't being blocked by your firewall then upload the new ZIP file. I also found references to these programs in your logs and it is possible that one or more of them is slowing down Malwarebytes so if you haven't excluded Malwarebytes/configured it as a trusted application in these programs, assuming they also launch on startup then that could also be a contributing factor: NoVirusThanksSandboxieWindows 10 Firewall ControlVoodooShield I also spotted references to COMODO, though I'm unsure what COMODO program is installed. Also keep in mind that running too many security apps at the same time may also be affecting system performance as some combinations may not get along very well so you also might try disabling and/or removing each of those one at a time and restarting after each to see if removing or disabling any one or more of them helps. No other security apps are running but MBAM with only malware protection on. The MBAMtray.exe still takes app. 80 seconds to load. The new malwarebytes support tool download is in the above. Edit: just read your reply as I was typing this. Link to post Share on other sites More sharing options...
w0lfrun Posted June 4, 2019 Author ID:1315696 Share Posted June 4, 2019 4 minutes ago, exile360 said: Thanks, it looks like it ran correctly that time. I'm seeing a lot of AV references, likely leftover components/traces from past installs. Some for Avast, Kaspersky, and there also appears to be at least one Group Policy restriction, though I'm not certain exactly what it is: GroupPolicy: Restriction ? <==== ATTENTION I also noticed UAC is not configured to its default setting: Consent Prompt Behavior Admin: Off Those last two likely aren't related but I thought you should be aware, especially if you didn't make those changes yourself. That said, I think I've discovered the root of the problem. Aside from having a pretty large number of security tools running at startup, you're running a pretty old system; a Pentium D from 2006 (I used to have the precursor to your model chip; the Pentium D 830 3.0GHz so I'm pretty familiar with its level of performance): Pentium(R) D CPU 3.40GHz Malwarebytes is a fairly demanding app, especially on startup and when launching scans as it has to load its various drivers and databases into memory, so that's likely the cause of the delay, just waiting its turn and doing its work to get its various components into memory while all those other startups are running, and since you've got a CPU that is limited to 2 threads and has relatively low IPC compared to most modern chips/systems, that likely accounts for the delays. As for the traces of those other AVs I found, if you want to try to remove them (I would if it were me), the following tools should prove useful: Avast Uninstall UtilityKaspersky Removal Tool Instructions for resetting UAC to its default settings can be found on this page if you wish to do so. The leftovers from COMODO probably either need to be removed by hand or by reinstalling the program temporarily then removing it normally via Programs and Features using its built in uninstaller, then if needed you can give the uninstall tool a shot again (I say this because you mentioned you already ran it, and also because they actually highlight that users should try the built in uninstaller first, and I suspect it is because they probably aren't thoroughly cleaning up every trace of the program which explains the leftovers we found): Comodo Uninstaller Tool Anyway, I hope this helps. I realize it isn't likely to eliminate the performance issue you're seeing with Malwarebytes, but it still may help your overall system performance and it doesn't hurt to remove these leftovers from past AVs as they can lead to issues with other programs sometimes. OK. Thanks for the help and I will use the above tools to clean up the above mess.🙁 Link to post Share on other sites More sharing options...
exile360 Posted June 4, 2019 ID:1315699 Share Posted June 4, 2019 Sounds good, please let me know how it goes, and if there is anything else we might assist you with please don't hesitate to ask. By the way, if you want any guidance or assistance with any of the more general PC stuff not specifically related to Malwarebytes, we do have a General PC Help area located here where you can post to seek advice and tips. There are some very knowledgeable individuals around here who frequent these forums, including enthusiastic volunteers with many years of experience as well as Malwarebytes staff members who are always willing to lend a hand with diagnostics and troubleshooting as well as offering general computing advice. It's totally up to you obviously, and you definitely seem to be pretty knowledgeable in your own right, but just in case you find it useful I figured I'd let you know about it. Link to post Share on other sites More sharing options...
w0lfrun Posted June 4, 2019 Author ID:1315723 Share Posted June 4, 2019 46 minutes ago, exile360 said: Sounds good, please let me know how it goes, and if there is anything else we might assist you with please don't hesitate to ask. By the way, if you want any guidance or assistance with any of the more general PC stuff not specifically related to Malwarebytes, we do have a General PC Help area located here where you can post to seek advice and tips. There are some very knowledgeable individuals around here who frequent these forums, including enthusiastic volunteers with many years of experience as well as Malwarebytes staff members who are always willing to lend a hand with diagnostics and troubleshooting as well as offering general computing advice. It's totally up to you obviously, and you definitely seem to be pretty knowledgeable in your own right, but just in case you find it useful I figured I'd let you know about it. Thanks again. Ran avast, kaspersky and comodo clean up tools in safe mode. Avast found a lot of stuff to my surprise, Kaspsersky a moderate amount and comodo found nothing. ?? lol. I kind of think that windows10firewall control has/had a connection with comodo dns in some way. As I recall, others complained about in the windows10firewall forum. Just a thought. As far as the computer goes it is getting long in the tooth as I purchased it with XP on it. Am an old guy with an old computer. LOL. Cheers. Link to post Share on other sites More sharing options...
exile360 Posted June 4, 2019 ID:1315749 Share Posted June 4, 2019 Hehe, no worries, I can relate. I held on to my old Smithfield Pentium D system for the longest time. By the time I replaced it I'd rebuilt it like 3 times, transplanting it from its original Gateway BTX motherboard/case into a new case, swapped motherboards, added a second TV tuner, upgraded the RAM, added tons of additional drives/storage, added a second DVD-ROM drive and upgraded the graphics card like 3 or 4 times over several hardware generations (for gaming, obviously). It started with XP Media Center Edition 2005 on it, I eventually installed a second boot partition to multiboot Windows Vista Beta 2 when it went public for testing and upgraded that through the various betas and release candidates and finally ended up installing Vista Ultimate x64 on it and ran it that way for years. I actually fell in love with Vista and thought it was even better than XP (and still do, though you need the hardware to run it properly; too many early systems that shipped with Vista weren't really up to spec to run it well and driver support from hardware manufacturers was terrible for the first several months even though MS gave them more than a year to prep for its release as they had access to the internal alpha/beta builds and all the WDDM documentation/APIs long before the public caught wind of it and were still calling it Longhorn, not to mention NVIDIA's controversial issues with their laptop GPUs and drivers that caused many headaches that people blamed on MS/Vista when in fact it was a case of defective graphics chips produced by NVIDIA) and finally replaced it with a little 13" Samsung laptop with Windows 7 which I eventually replaced with a monsterous desktop replacement 15.6" laptop with a full desktop i7 CPU and discrete GPU (something similar to what I have now, though my current system is newer and more powerful). Anyway, regarding Comodo, here are the entries I'm seeing in your logs; it looks like several WFP entries are being left behind: Registered WFP Filters ================================== FWPM_LAYER_ALE_AUTH_CONNECT_V4 COMODO ConnectV4 COMODO ConnectV4 FWPM_LAYER_ALE_AUTH_CONNECT_V6 COMODO ConnectV6 COMODO ConnectV6 FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4 COMODO AssignmentV4 COMODO AssignmentV4 FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V6 COMODO AssignmentV6 COMODO AssignmentV6 FWPM_LAYER_ALE_RESOURCE_RELEASE_V4 COMODO ResourceReleaseV4 COMODO ResourceReleaseV4 FWPM_LAYER_ALE_RESOURCE_RELEASE_V6 COMODO ResourceReleaseV6 COMODO ResourceReleaseV6 Link to post Share on other sites More sharing options...
w0lfrun Posted June 5, 2019 Author ID:1315914 Share Posted June 5, 2019 23 hours ago, exile360 said: Hehe, no worries, I can relate. I held on to my old Smithfield Pentium D system for the longest time. By the time I replaced it I'd rebuilt it like 3 times, transplanting it from its original Gateway BTX motherboard/case into a new case, swapped motherboards, added a second TV tuner, upgraded the RAM, added tons of additional drives/storage, added a second DVD-ROM drive and upgraded the graphics card like 3 or 4 times over several hardware generations (for gaming, obviously). It started with XP Media Center Edition 2005 on it, I eventually installed a second boot partition to multiboot Windows Vista Beta 2 when it went public for testing and upgraded that through the various betas and release candidates and finally ended up installing Vista Ultimate x64 on it and ran it that way for years. I actually fell in love with Vista and thought it was even better than XP (and still do, though you need the hardware to run it properly; too many early systems that shipped with Vista weren't really up to spec to run it well and driver support from hardware manufacturers was terrible for the first several months even though MS gave them more than a year to prep for its release as they had access to the internal alpha/beta builds and all the WDDM documentation/APIs long before the public caught wind of it and were still calling it Longhorn, not to mention NVIDIA's controversial issues with their laptop GPUs and drivers that caused many headaches that people blamed on MS/Vista when in fact it was a case of defective graphics chips produced by NVIDIA) and finally replaced it with a little 13" Samsung laptop with Windows 7 which I eventually replaced with a monsterous desktop replacement 15.6" laptop with a full desktop i7 CPU and discrete GPU (something similar to what I have now, though my current system is newer and more powerful). Anyway, regarding Comodo, here are the entries I'm seeing in your logs; it looks like several WFP entries are being left behind: Registered WFP Filters ================================== FWPM_LAYER_ALE_AUTH_CONNECT_V4 COMODO ConnectV4 COMODO ConnectV4 FWPM_LAYER_ALE_AUTH_CONNECT_V6 COMODO ConnectV6 COMODO ConnectV6 FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4 COMODO AssignmentV4 COMODO AssignmentV4 FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V6 COMODO AssignmentV6 COMODO AssignmentV6 FWPM_LAYER_ALE_RESOURCE_RELEASE_V4 COMODO ResourceReleaseV4 COMODO ResourceReleaseV4 FWPM_LAYER_ALE_RESOURCE_RELEASE_V6 COMODO ResourceReleaseV6 COMODO ResourceReleaseV6 Interesting. Don't know how I would get rid of those entries as the comodo cleanup tool doesn't find them. That answers what is was saying about the sphinx firewall and the comodo problem. Just to add, after I used the avast cleanup tool, I noticed and new entry Avast in the registry HKLM\Software\Wow6432node that I couldn't delete. Even used the RegAssassine and it couldn't delete as it was hidden from it. Couldn't take control as there was error after error popping up. Anyway I did a re-image with macrium and case solved. Now as the firewall goes, I ditched Sphinx and now running MB Windows Control Firewall and all is well. My question is how can I see if those Comodo entries are still in the WFP log file? Link to post Share on other sites More sharing options...
exile360 Posted June 5, 2019 ID:1315915 Share Posted June 5, 2019 You can just run the Malwarebytes Support Tool again and check the mbst-check-results.txt file under the Registered WFP Filters near the end of the log and look for these entries: FWPM_LAYER_ALE_AUTH_CONNECT_V4 COMODO ConnectV4 COMODO ConnectV4 FWPM_LAYER_ALE_AUTH_CONNECT_V6 COMODO ConnectV6 COMODO ConnectV6 FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V4 COMODO AssignmentV4 COMODO AssignmentV4 FWPM_LAYER_ALE_RESOURCE_ASSIGNMENT_V6 COMODO AssignmentV6 COMODO AssignmentV6 FWPM_LAYER_ALE_RESOURCE_RELEASE_V4 COMODO ResourceReleaseV4 COMODO ResourceReleaseV4 FWPM_LAYER_ALE_RESOURCE_RELEASE_V6 COMODO ResourceReleaseV6 Link to post Share on other sites More sharing options...
w0lfrun Posted July 7, 2019 Author ID:1321112 Share Posted July 7, 2019 On 6/3/2019 at 4:40 PM, w0lfrun said: Have activated the pro version of MBAM as I was just using it to do periodic scans. I have activated MBAM to startup with windows startup. My question is, how long should it take for the mbamtray.exe icon to appear? I have timed it and it takes anywhere to from 80secs. to almost a 100secs.. Is this normal? Other tray icons appear instantly so I am curious as it seems on the slow side. Windows 7 64bit system here. Have got the mbamtray icon to appear now down to around 37secs.. Have enabled "Delay Protection for 15 secs." and disabled "Enable Self-protection module" and running Malware and Anti Exploit protection only. Browser is Firefox running in the protection of Sanboxie. Also am back to using Spinx Windows10 Firewall free version. This old rig is purring along quite nicely now in Windows 7. 🙂 Link to post Share on other sites More sharing options...
exile360 Posted July 7, 2019 ID:1321136 Share Posted July 7, 2019 Excellent, I'm glad you got it working. If you haven't already, I'd definitely suggest upgrading to the new 3.8 version of Malwarebytes as it fixed a LOT of compatibility issues with the Web Protection component so it might be worth another try to see if you can get that to work with your configuration. Worse comes to worse you can just disable the module again if it still doesn't work. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 7, 2019 Root Admin ID:1321167 Share Posted July 7, 2019 You can download the latest installer from the following link https://www.malwarebytes.com/mwb-download/thankyou/ If you'd like further investigation into your computer I would suggest posting in the following forum and we can dig in deeper. https://forums.malwarebytes.com/forum/7-windows-malware-removal-help-support/ Thanks Ron Link to post Share on other sites More sharing options...
w0lfrun Posted July 8, 2019 Author ID:1321179 Share Posted July 8, 2019 Thanks. I already have version 3.8.3.2965 via the internal updater. Link to post Share on other sites More sharing options...
exile360 Posted July 8, 2019 ID:1321188 Share Posted July 8, 2019 Very good, did you get a chance to test to see if things are any better with Web Protection in the new build? I'm curious to know if the issue was resolved as they did make a lot of changes and improvements to Web Protection in this release. Link to post Share on other sites More sharing options...
w0lfrun Posted July 8, 2019 Author ID:1321202 Share Posted July 8, 2019 1 hour ago, exile360 said: Very good, did you get a chance to test to see if things are any better with Web Protection in the new build? I'm curious to know if the issue was resolved as they did make a lot of changes and improvements to Web Protection in this release. Activated web protection and no slow ups, and the mbamtray icon actually loads a few seconds faster. Now with Exploit Protection I can verify that it's working in FireFox by using Sysinternals Process Explorer to verify that Anti-Exploit is embedded in FF by seeing the Mbae64.dll.. My question is how can I verify the same with Web Protection. I checked in Process Explorer and I don't see any entries by Malwarebytes pertaining to Web Protection. Would there be .dll there that I should be looking for? Other than the previous, FF is running well with Web Protection activated. Link to post Share on other sites More sharing options...
exile360 Posted July 8, 2019 ID:1321203 Share Posted July 8, 2019 Yes, that's expected. Web Protection loads directly into the network stack via WFP (Windows Filtering Platform; the same set of APIs used by the Windows Firewall); it doesn't rely on loading directly into individual processes the way that Exploit Protection does. To test it simply try to visit iptest.malwarebytes.com and you should see it blocked. You can also test by trying to ping the site via the ping command (Web Protection guards all network connections, not just your web browsers; this is also how it blocks malicious incoming connections from the outside). Link to post Share on other sites More sharing options...
w0lfrun Posted July 8, 2019 Author ID:1321266 Share Posted July 8, 2019 The info about "Web Protection guards all network connections" is really a game changer for me. It's a keeper. Also, the iptest worked as described both with FF in sandboxie and out. Thanks for all the info. much appreciated. Link to post Share on other sites More sharing options...
exile360 Posted July 8, 2019 ID:1321277 Share Posted July 8, 2019 You're very welcome, I'm glad to be of service Yep, the Web Protection component works through a driver that runs directly in the network stack. It is controlled and monitored by the service (MBAMService.exe) as is the case for all of the protection components (one of the reasons Malwarebytes has so few processes in memory; a real advantage for remaining relatively light on resources/CPU). Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 8, 2019 Root Admin ID:1321518 Share Posted July 8, 2019 As this issue is now resolved, I will go ahead and close this topic now. Thank you @exile360 for helping out @w0lfrun Ron Link to post Share on other sites More sharing options...
Recommended Posts