Jump to content
Winter

Slow operations - Windows 10 2004

Recommended Posts

Hey @exile360 @LiquidTension and @Porthos

Would BitLocker drive encryption at all be a factor in this?

Just a reminder: the core issue was that MBAM wasn't showing the performance hit obviously, it was causing System Interrupts to go bonkers.

I hadn't mentioned earlier that I'm using BitLocker.

Share this post


Link to post
Share on other sites
Posted (edited)

No, Bitlocker shouldn't have anything to do with it, at least as far as I am aware.  That said, if you are using the protected folders function in Windows Defender then that could cause issues.

Edited by exile360

Share this post


Link to post
Share on other sites
5 minutes ago, exile360 said:

No, Bitlocker shouldn't have anything to do with it, at least as far as I am aware.  That said, if you are using the protected folders function in Windows Defender then that could cause issues.

Okay, good to know.  Thanks!  I pondered after posting this - when I did the format/-reinstaill I didn't activate BitLocker right away, so yeah, we can rule that out. I was experiencing the issue before re-doing BitLocker (and I've got it on now, probably no relevant impact then).

Thanks for this. :)

Share this post


Link to post
Share on other sites

You're welcome, I just hope the issue is resolved soon.  In the meantime if you come up with anything else that eliminates the issue please let us know.

Thanks

Share this post


Link to post
Share on other sites
On 5/3/2020 at 2:06 PM, Winter said:

Thanks @LiquidTension - I have discovered that I can disable Malware Protection and the issues go away also.

Thanks for this information.

Can you try a clean boot (excluding Malwarebytes Service) and check if this has any impact when Malware and Ransomware Protection are both enabled?
https://support.microsoft.com/en-gb/help/929135/how-to-perform-a-clean-boot-in-windows

If you find the issue is still exhibited, we'll likely need to generate a Malwarebytes Service memory dump whilst in the issue state to take a closer look at what's going on.

Share this post


Link to post
Share on other sites
1 hour ago, LiquidTension said:

Thanks for this information.

Can you try a clean boot (excluding Malwarebytes Service) and check if this has any impact when Malware and Ransomware Protection are both enabled?
https://support.microsoft.com/en-gb/help/929135/how-to-perform-a-clean-boot-in-windows

If you find the issue is still exhibited, we'll likely need to generate a Malwarebytes Service memory dump whilst in the issue state to take a closer look at what's going on.

Sure - I'm in the middle of one other test and then I'll give that a try tonight and tomorrow. I wanted to see if I could confirm whether Ransomware and Malware are butting heads and causing the issue - with Ransomware disabled, things ran fine. I re-enabled it, disabled Malware, and rebooted. Once I confirm whether the problem returns after a few hours of this, I'll then switch gears and try your clean boot request.

Share this post


Link to post
Share on other sites
1 hour ago, LiquidTension said:

Great, thank you!

Happy to help - with luck this will get figured out!

Updates and strangeness:

1) No problems while Ransomware Protection disabled

2) Re-enable Ransomware Protection, disable Malware Protection, reboot...no problems, but I do notice that when Malware Protection is enabled, it eats my taskbar shortcuts. I like to pin Edge and File Explorer to the taskbar and those shortcuts are gone once Malware Protection is in place (I've noticed this phenomenon on installation, too).

3) On reboot (with Malware Protection disabled and everything else re-enabled), MalwareBytes no longer shows up in the system tray.

I'm going to try your request now - a Clean Boot with everything enabled. I should know by the end of the day if the problem shows up again.

I'll keep you posted!

Share this post


Link to post
Share on other sites
7 hours ago, LiquidTension said:

Great, thank you!

Ouch!  Well...this was interesting. I mentioned that at one point Windows Hello (camera-based facial recognition login) stopped working when I had Malware Protection enabled, and that this was no problem because I could use my PIN.

Well, setting up a clean boot got this Surface Pro into quite a state! It would fail to start the camera, tell me to use the PIN, then say "PIN unavailable". Despite trying many, many pre-boot things, I ended up having to format and reinstall again...so we're starting this experiment with another clean slate.

Clean install, MBAM with everything enabled brought Interrupts up to 100% and crippled my machine. Setting up a clean boot and restarting (I assume it's not *100%* clean and I left the MalwareBytes Service enabled), I'll now run it for a few hours like this and see what happens.

Share this post


Link to post
Share on other sites

3-4 hours later, running on a Clean Boot, things slow down, but periodically. If I'm patient, System Interrupts settles down again, but it still stays around the Top 5 / Top 10 CPU hogs in Task Manager (Task Manager --> Processes tab --> click CPU column to sort greatest to smallest load).  And then I can do some crazy task like, "open File Explorer" or "open a new browser tab" or "navigate to a new website" and Elsa comes back and freezes me again ("Elsa! My CPU! Let it go! Let it go!" :P )

Disabling Malware Protection didn't take more than a minute or so for the switch to flip. Disabling Ransomware Protection was similar.  Performance gets happy again and System Interrupts no longer hangs out near the top of a Processes sort by CPU%

@LiquidTension I'm working on getting you a  logfile from the tool - I'll post it here as soon as I can reboot.

Share this post


Link to post
Share on other sites

Re-enabled my basic startup stuff and am no longer in 'clean boot' state (for now). No difference in performance, things work as long as Malware Protection and Ransomware Protection are disabled. If only one is disabled, it seems like I *may* or *may not* have the slowdown at any given point in time.

Since the issue isn't making MBAM itself run high, but instead is cranking up Interrupts...does this have anything to do with the fact that anti-virus/malware apps need a low level of access to resources and (if this is still true?) pre-load underneath the OS layer?  I mean, I guess if that's the case and it's just spamming Interrupts at the OS, I'd likely see DPC / Watchdog violations I guess.

But! I'm just speculating, and I'm not a @LiquidTension or any other flavor of developer-type anymore. ^_^

I'm here, I'll be around if you want me to try anything else, and for now I'll just keep running with both the things turned off.

Share this post


Link to post
Share on other sites

@LiquidTension @exile360 @Porthos  just checking in. Still running with Malware Protection and Ransomware Protection disabled. This state works but still breaks Windows Hello. 

*some* MBAM is better than none! :)

Share this post


Link to post
Share on other sites
1 hour ago, Winter said:

*some* MBAM is better than none!

Personally I would rather go back to a version that works while waiting for a fix.

You also have the option of reverting to an earlier component package version, which will allow you to keep Protections enabled.
You can download this from here: https://malwarebytes.box.com/s/z6cravnwptrzx5tyjw36jq6zt6c7apsx

Once installed, you will need to disable the two update options found in Settings -> General -> Application updates to prevent the product from updating back to the affected version.

I suggest using the following clean install guide.

Please do the following Uninstall and reinstall using the Malwarebytes Support Tool

Please have lots of patience with the tool.  The first phase is a cleanup and does require a Windows Restart.
After the Restart, it may take 2 - 3 - 4 minutes till the Support tool screen shows up.   Please be patient and have faith.  Wait for it, whatever it takes.
The 2nd phase is where it offers to do a new Install. Say no and use the download from my above link and install the old version and disable the update before you do anything else.

 Let me know if that clears up the issue or not.

Share this post


Link to post
Share on other sites
5 hours ago, Porthos said:

Personally I would rather go back to a version that works while waiting for a fix.

You also have the option of reverting to an earlier component package version, which will allow you to keep Protections enabled.
You can download this from here: https://malwarebytes.box.com/s/z6cravnwptrzx5tyjw36jq6zt6c7apsx

Once installed, you will need to disable the two update options found in Settings -> General -> Application updates to prevent the product from updating back to the affected version.

I suggest using the following clean install guide.

Please do the following Uninstall and reinstall using the Malwarebytes Support Tool

Please have lots of patience with the tool.  The first phase is a cleanup and does require a Windows Restart.
After the Restart, it may take 2 - 3 - 4 minutes till the Support tool screen shows up.   Please be patient and have faith.  Wait for it, whatever it takes.
The 2nd phase is where it offers to do a new Install. Say no and use the download from my above link and install the old version and disable the update before you do anything else.

 Let me know if that clears up the issue or not.

Thanks for this! I'm pondering the idea.  Not sure if I'll time-travel or stick with latest & not-so-greatest, but if I do go this route I'll let you know how it goes. This is really helpful! :)

Share this post


Link to post
Share on other sites

Update!

 

@Porthos I decided not to time-travel until I could give at least one more version update of MalwareBytes a chance.

On 5/26 I got a prompt that MalwareBytes had an update that required a restart of the computer. 

Restarting surprised me with a Windows 10 update that was one of the biggies: KB4556803

https://support.microsoft.com/en-us/help/4556803/windows-10-update-kb4556803

I'm a little weirded out that this says it's an Insider Preview Build, so I'm looking into why this machine would be so close in on the build ring (the Insider program tells me this machine is set to 'Slow', but I thought I was an 'outsider' on this machine).

After the reboot, I re-enabled everything.  Things seemed to be working okay for a few days, even when on 5/28 I got a Surface Firmware update (109.3192.768.0) and then on 6/1 it started messing with my startup and slowing the system down again (and once again, disabling both Malware Protection and Ransomware Protection solved the problem).

This morning I got a scan result with flagged malware (I think a false positive - more below)

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/4/20
Scan Time: 2:47 AM
Log File: 42ffdbde-a62f-11ea-a3b8-bc838513b192.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.920
Update Package Version: 1.0.24982
License: Premium

-System Information-
OS: Windows 10 (Build 19041.264)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 309180
Threats Detected: 10
Threats Quarantined: 0
Time Elapsed: 3 hr, 11 min, 40 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 9
Malware.Generic.3986516729, HKLM\SOFTWARE\CLASSES\TYPELIB\{73522161-1B12-4D88-81DB-2C07C771F107}, No Action By User, 1000000, 0, , , , 
Malware.Generic.3986516729, HKLM\SOFTWARE\CLASSES\INTERFACE\{46D5CFD3-8AA0-473E-9099-AE1394214076}, No Action By User, 1000000, 0, , , , 
Malware.Generic.3986516729, HKLM\SOFTWARE\CLASSES\INTERFACE\{6884992D-C19A-47D2-AADC-9749E7C72AB4}, No Action By User, 1000000, 0, , , , 
Malware.Generic.3986516729, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{46D5CFD3-8AA0-473E-9099-AE1394214076}, No Action By User, 1000000, 0, , , , 
Malware.Generic.3986516729, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{6884992D-C19A-47D2-AADC-9749E7C72AB4}, No Action By User, 1000000, 0, , , , 
Malware.Generic.3986516729, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{46D5CFD3-8AA0-473E-9099-AE1394214076}, No Action By User, 1000000, 0, , , , 
Malware.Generic.3986516729, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6884992D-C19A-47D2-AADC-9749E7C72AB4}, No Action By User, 1000000, 0, , , , 
Malware.Generic.3986516729, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{73522161-1B12-4D88-81DB-2C07C771F107}, No Action By User, 1000000, 0, , , , 
Malware.Generic.3986516729, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{73522161-1B12-4D88-81DB-2C07C771F107}, No Action By User, 1000000, 0, , , , 

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Malware.Generic.3986516729, C:\PROGRAM FILES (X86)\MEDIAMONKEY\MEDIAMONKEYCOM.EXE, No Action By User, 1000000, 0, 1.0.24982, 40F9E942D9294A5CED9D6AF9, dds, 00749328

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Looking up these registry keys, they tie into a media player I use called MediaMonkey. I'm on the latest version, but it's an old program that runs with a helper app called the COM Elevator - looking up these registry keys keeps getting me back to a conversation thread where someone else's product was falsing on MediaMonkey. 

So I'm holding off on quarantining these for now, but I wanted to share and get this group's opinions.

Thanks everyone for your help along the way!

@LiquidTension

Share this post


Link to post
Share on other sites
11 minutes ago, Winter said:

OS: Windows 10 (Build 19041.264)

That is now the current release version of Windows.

12 minutes ago, Winter said:

Components Version: 1.0.920

I would suggest giving the beta a try.

2020-06-02_21h53_44.png.2808b73a5c316bfb06f557e398b1a1ad.png

At least get up to date with the current version.

 

Share this post


Link to post
Share on other sites
12 minutes ago, danull said:

I have the same MediaMonkey detection as Winter and wanted to report it in that forum you linked but the sticky only describes how to upload logs etc for prior versions of Malwarebytes and not 4.x....

 

2020-06-02_21h16_16.png

Share this post


Link to post
Share on other sites
44 minutes ago, Porthos said:

 

2020-06-02_21h16_16.png

 

Thank you!    Will come in handy in the future.    I updated MediaMonkey as well as forced an update on Malwarebytes (which had been updated yesterday) and the false positive has gone away.

 @Winter  you might want to try the same?

 

Share this post


Link to post
Share on other sites

@LiquidTension @Winter I have the same issue and after checking this thread decided that the intense slow down, hangs, black screens, i.e. the extremely painful experience, just isn't worth it.  It still isn't fixed, it's been going on for a while on here, I don't have time to mess about.  Off to another provider and giving up on premium Malwarebytes.  I tried to turn off the features like you did but Malware hung and crashed, it killed itself too, nice...  Uninstalling took a long time but eventually it worked through and INSTANTLY my computer came to life and MBAMService stopped trying to communicate 100TB with the internet and killing my CPU...

Share this post


Link to post
Share on other sites

Noted, I have seemed to also force updates and then seems to work better despite my settings having this "clocked in" to be done. Having still issues too. My new dilemna is logging off everything and then trying to shut the computer off...it will not power off completely, I have to "hard" to turn it off with pressing the power on/off button. Never had these issues prior to MWB premium that I was aware of.

Share this post


Link to post
Share on other sites

With this above note...I have reports back from MWB that everything is perfect...??? No POP-UPS, no other issues detected. Hmmm....

Share this post


Link to post
Share on other sites

Hi @Tsunami   

It is hard to help  in a topic that has multiple person's  /  different machines.   and, Exile360 had suggested earlier,  that you open up ( create ) a Topic in the malware-removal-help section.

If you will do that,  I can help you one to one.

When you do create that Topic,  please provide a summary of the current issues of this particular machine.   What else is it beyond the power off  function for Windows ?

If you wish,  I can split off your last 2 posts from today  and you and I can address the issue you have.   Please advise.

Sincerely,

Maurice

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.