Jump to content
ChrisWhit

150+ hour long scan & still going????

Recommended Posts

Hi- I'm new to forum and mediocre level when it comes to computer savviness.  Sorry too if I didn't look hard enough here for a similar thread.

I'm in the process of upgrading (memory and adding internal drive) a 5 yo Dell XPS 8700 desktop because of general slowness but am first trying my best to clean up computer and troubleshoot a common 100% disk use issue.  I (re)installed the free version of MB and found a few threats on my 1 TB hard drive, quarantined those, and then decided to scan a 8 TB external drive that is usually connected and is nearly full (might be the problem?) mostly with disorganized backups and recovered files and a lifetime of my own photos (i.e., not risky stuff pulled off the internet). 

The scan has now been running for 152+ hours (almost a week), covering >16M files, and only appears about halfway done based on the green fill of the MB taskbar icon. It advanced from Scan File System to Heuristics at least once but is now doing both of those simultaneously and has identified 67 supposed threats so far- 61 of those are "Riskware.ExtensionMismatch" jpegs. It seems to keep getting stuck on single files, and usually tiny ones- for example has being currently scanning a 2 kb (not a typo) .htm in one of my recovery folders for more than 12 hours now?

Am I doing something wrong or overlooking something obvious?

Should I just let this scan run another week or whatever it takes to finish? 

Can/should I go and just delete the meaningless file it is stuck on?

Thanks,

Chris

Share this post


Link to post
Share on other sites

Hi- your 8tb harddisk looks like have a bad sector. Please scan it with "CrystalDiskInfo" program and take precaution if "hdd health" is bad👍

Share this post


Link to post
Share on other sites

Hi ChrisWhit.

Is there anything else that you need at this point ?

Sincerely.

Share this post


Link to post
Share on other sites

Good question!  The scan finally stopped at ~180 hours with the same threats I stated above.  I quarantined everything and deleted all the really suspicious stuff but am not sure what to make of the "Riskware.ExtensionMismatch" on the ~60 jpegs?  Are those really a threat?  I think they're all just back-ups of pictures I have elsewhere.

Secondly, is there any reason/explanation for the scan taking this long?  I'm reluctant to ever do it again on an external drive if it will tie it up for more than a week?  Could it be as simple as the drive being too full?

Thanks

Share this post


Link to post
Share on other sites

As far as " Riskware.ExtensionMismatch "  see the following write-up in the Malwarebytes Threat Center

https://blog.malwarebytes.com/detections/riskware-extensionmismatch/

 

When you look ( thru File Explorer / Windows Explorer ) at some of those Jpegs ..... did you look close at them if they had double extensions  in the file-name ?

How confident are you about the origin & security of those Jpegs?

As to why the scan ran for so long, a lot has to do with the sheer numbers of files on that drive, the types of files they are.

Share this post


Link to post
Share on other sites

I would highly recommend you run a disk check on the external drive.  E - run from an elevated admin command prompt.

Example, assuming the drive is E:

CHKDSK  E:  /f

Now, that said.... 16 million files is going to take a LONG time with any security software. There really is no reason to do a Full scan more than once. Malware does not just randomly show up in folders. All known locations of malware are already scanned via normal Threat Scan.

However, I do have other non malware advice concerning your drive. Just a reminder that if that drive were to fail tomorrow and could not be recovered would that be an acceptable loss for you? If not then I would highly recommend that you obtain another drive with the same or higher space capacity and back that drive up. Then once it's backed up disconnect it from the system. If an infection were to hit the main computer it could very easily encrypt or otherwise damage the data on a backup drive too.

 

Share this post


Link to post
Share on other sites
On 7/19/2019 at 4:38 PM, AdvancedSetup said:

I would highly recommend you run a disk check on the external drive.  E - run from an elevated admin command prompt.

Example, assuming the drive is E:


CHKDSK  E:  /f

Now, that said.... 16 million files is going to take a LONG time with any security software. There really is no reason to do a Full scan more than once. Malware does not just randomly show up in folders. All known locations of malware are already scanned via normal Threat Scan.

However, I do have other non malware advice concerning your drive. Just a reminder that if that drive were to fail tomorrow and could not be recovered would that be an acceptable loss for you? If not then I would highly recommend that you obtain another drive with the same or higher space capacity and back that drive up. Then once it's backed up disconnect it from the system. If an infection were to hit the main computer it could very easily encrypt or otherwise damage the data on a backup drive too.

 

Thanks- Did CHKDSK and all was fine and do have physical and cloud back-ups.

Share this post


Link to post
Share on other sites
On 7/19/2019 at 4:21 PM, Maurice Naggar said:

As far as " Riskware.ExtensionMismatch "  see the following write-up in the Malwarebytes Threat Center

https://blog.malwarebytes.com/detections/riskware-extensionmismatch/

 

When you look ( thru File Explorer / Windows Explorer ) at some of those Jpegs ..... did you look close at them if they had double extensions  in the file-name ?

How confident are you about the origin & security of those Jpegs?

As to why the scan ran for so long, a lot has to do with the sheer numbers of files on that drive, the types of files they are.

Thanks Maurice.  When I look at those quarantined jpeg files- 1 restored back to its original folder- nothing appears any different than the thousands of other similar files in the same folders.  And they are (almost) all my own images, not stuff pulled off the internet, so I have no reason to suspect origin or security issues.  But when I rescanned the folder with a restored jpeg from quarantine it was again identified as a threat the second time.  The article you linked doesn't help me understand why any of these were flagged or if I should be worried about them?

Share this post


Link to post
Share on other sites

I am understanding that all the image files in question are on a drive that is not the C drive.  I understand you to say that you trust those files.

Given that, I would opine that you may relax regarding those images.   I am a bit curious as to the File name and extension on that image file.

You say it was re-quarantine, so it is likely to be quarantined again the next time that you do a full scan on that same drive.

Share this post


Link to post
Share on other sites

All these file extensions are .jpg.  Most have file names like ABC_2019.10.07_1234.jpg and are in a long list of files with sequential names, so it's very strange to me that only ~60 of some millions and millions of files were flagged this way.  Could it be how they were edited in something like Adobe Lightroom that may have then imbedded some editing data/code in those files?  I know there is an option in Lightroom for saving edits within the files themselves rather than just within the catalog files.  

Secondarily, is there some other way/software to scan them to make sure they haven't been "infected" with something?

 

Share this post


Link to post
Share on other sites
16 minutes ago, ChrisWhit said:

Most have file names like ABC_2019.10.07_1234.jpg

What is the exact name of that specific file?

Share this post


Link to post
Share on other sites

The one I restored and requarantined is: CT12A_2016.11.10_3239.JPG and again all the surrounding files (....3238, .....3240...) were fine.

Others quarantined include:

CT12B_2016.12.18.JPG

IMG_0228(5).JPG

PICT1262.JPG

PL1 12-5-2011 10-34-00 PM.JPG

08140350.JPG

Some were renamed by me, others are obviously default names.  I may not have specified before that all these files were recovered from an external drive via SeaGate Recovery Service (I think?) and haven't been opened by me since that recovery 2 years ago?

Share this post


Link to post
Share on other sites

Can you please post the actual scan log that detected those files. You can send it via private message if you like. If possible also one of the images flagged from the log so that I can verify

Thanks

Ron

 

Share this post


Link to post
Share on other sites

I think I'm all set everyone.  Not sure what happened but turns out none of these files are the actual jpegs I assumed they were based on names.  Something must have been messed up on a disk recovery. 

You guys are great- much appreciated.

Chris

Share this post


Link to post
Share on other sites

That explains the detection of "Riskware.ExtensionMismatch"  the contents of the file being a PE while the file extension was JPG.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.