Jump to content

Resolving host issues

thompssp
 Share

Recommended Posts

thompssp

thompssp

Posted
Posted

Mattock.....I've had the same issues over the past several months. Seems like it started around February or March. Rebooting the PC seemed to clear it up temporarily, but then the slow load times for site pages start again a few hours later. I've even cleared the Chrome DNS several times (which doesn't help) and I also turned off the real time Web protection in Malwarebytes. Nothing worked for me.

I've seen all of these steps that they keep posting to try and clear this up, but this is obviously becoming an issue for numerous people. Searching Google proves this... even in the Microsoft forums. The only thing that solved this for me was completely removing Malwarebytes. Now web pages load super fast like they should in Chrome and Edge. I've had no issues for the past several weeks. It's unfortunate becuase I would like to keep using their software, but not with these types of headaches.

The reply you received above is an automated reply from a Bot. I've seen it pop up on several posts regarding this issue. I haven't seen any resolutions though unless I overlooked one.

Link to post
Share on other sites
thompssp

thompssp

Posted
  • Author
Posted

I'm curious to see how this works out. I'm no software genius, but turning off most of the protection of the software doesn't seem like a valid fix to me. What's the point in using it, if you turn half of it off? 

Not that it means much, but I can also vouch for the fact that turning off Web Protection does not work with this issue.

Link to post
Share on other sites
exile360

exile360

Posted
Posted
11 minutes ago, thompssp said:

I'm curious to see how this works out. I'm no software genius, but turning off most of the protection of the software doesn't seem like a valid fix to me. What's the point in using it, if you turn half of it off? 

Not that it means much, but I can also vouch for the fact that turning off Web Protection does not work with this issue.

Does disabling Ransomware Protection alone correct the issue?

Link to post
Share on other sites
exile360

exile360

Posted
Posted

OK, so you're referring to the issue that occurs over time, more like a memory leak or I/O issue, not the issue where the system is slow from the start.

Yes, please see if Ransomware Protection makes a difference and let us know.  You also might try the latest beta if you haven't already.  I don't know if it addresses your specific issue, but it does include a lot of fixes for protection so it's worth a try if you haven't yet.  If you wish to do so, enable beta updates under the General tab in settings.  You can access settings by clicking the small gear icon in the upper right of Malwarebytes.  Once beta updates are enabled, go to the About tab which is also under settings, then click the blue Check for updates link and Malwarebytes will download and install the latest beta.  Restart the system and test to see if the issues are resolved.

If you perform any of the above testing, please let us know how it goes and if any issues still remain or not.

Thanks

Link to post
Share on other sites
thompssp

thompssp

Posted
  • Author
Posted

Hi Exile360. So I've done a clean reinstall using the Malwarebytes support tool. I've also turned off Ransomware protection for now.

Yes. Usually once the PC is first turned on, the websites load normally. After a few hours, I get the resovling host issue and pages load extremely slow. Usually takes about a minute or two minutes for a page to load at that point. Turning off Web protection was the only thing I had tried so far other than flushing the chrome DNS. Neither of those worked. After uninstalling Malwarebytes, everything has worked just fine for about a week so it's apparently something in malwarebytes is causing the hangup. I will keep an eye on this today and tomorrow, and let you know if it still persists or if it seems to continue. Who knows, maybe the freash reinstall might help.

Sorry for hijacking your post Mattock....

Link to post
Share on other sites
exile360

exile360

Posted
Posted

It may also be worth a try to disable Web Protection then restart the system.  Once the issue occurs and things slow down it might be too late for disabling Web Protection to have an effect.

I'll ask the forum moderators to split our discussion into a separate thread so that you may both receive individual assistance.

Link to post
Share on other sites
pal1000

pal1000

Posted
Posted
16 hours ago, Porthos said:

@pal1000 Does it happen with Web protection off? If so turn off ransomware protection instead.

 

Ransomware protection was already off during the whole time I waited for this issue to strike. I'll test with web protection off, but due to the nature of this issue it could take anywhere between 1 day and 2 weeks with possibility to take even longer if component updates are released to either beta or stable channels.

Link to post
Share on other sites
pal1000

pal1000

Posted
Posted

Tested with both ransomware and web protection off and it turns out I didn't have to wait long for issue to manifest. Just like last time a definition update caused pending file operations, then on next boot slow DNS resolution manifested again, but slightly less severe thanks to web protection being off, With issue in effect I disabled MB start with Windows, rebooted and collected logs with support tool.

mbst-grab-results.zip

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
7 minutes ago, pal1000 said:

With issue in effect I disabled MB start with Windows, rebooted and collected logs with support tool.

@pal1000Your logs are missing the following so let get them manually.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

Link to post
Share on other sites
pal1000

pal1000

Posted
Posted

I knew for months that slow DNS resolution can be caused by either malware or web protection and sometimes both simultaneously. I almost always keep ransomware protection off and exploit protection and self defense seam to be the most stable parts.

Here is a set of logs with active slow DNS resolution caused by web protection. I made sure FRST logs are in there. It looks like support tool hasn't produced FRST logs even when slow DNS resolution problem was inactive. Web protection was already set to off when logs where collected, but due to this problem causing affected drivers to be unresponsive to stop command, it was still running.

I'll be back with similar logs for malware protection. There, the slow DNS resolution happens on next boot after a definition update causes pending file operations for files under 

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\IrisPlugins

as spotted in registry 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager

 

mbst-grab-results-web-protection-problem.zip

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted

@pal1000 I took a quick look at the logs and noticed you have many devices disabled.

Quote

==================== Faulty Device Manager Devices ============

Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Integrated Webcam
Description: USB Video Device
Class Guid: {ca3e7ab9-b4c3-4ae6-8251-579ef933890f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel(R) Management Engine Interface
Description: Intel(R) Management Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Dell Wireless 1703 Bluetooth
Description: Dell Wireless 1703 Bluetooth
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek USB 2.0 Card Reader
Description: Realtek USB 2.0 Card Reader
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Realtek Semiconductor Corp.
Service: RTSUER
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted
On 6/28/2020 at 7:12 AM, Zeroth57 said:

Thanks, I will turn off the web protection and update this post one way or the other.

 

Hello.

Just so all readers are aware....

A new program version along with a new Component package for Malwarebytes for Windows was just announced on June 30th 2020.

Please be sure that you see the announcement

https://forums.malwarebytes.com/topic/257102-malwarebytes-41/?do=findComment&comment=1391173

 

The latest MB version  is    4.1.2.73    with Component   1.0.972 

 

image.png.9d784ea94e56eb77eb84f27fd353207b.png

Link to post
Share on other sites
pal1000

pal1000

Posted
Posted
4 hours ago, Porthos said:

@pal1000 I took a quick look at the logs and noticed you have many devices disabled.

 

Yes, I have a habit of disabling devices that I don't use or that I use very rarely especially when representing privacy or security risks:

- Realtek PCIe FE Family Controller is disabled because I almost always connect through wireless adapter;

- webcam and microphone are disabled until needed, privacy risk;

- Intel display audio driver is not installed and appropriate device is disabled because I don't connect external monitors, there is no HDMI or DisplayPort connection involved;

- never used card reader functionality so I disable it;

- bluetooth is a security nightmare and same is Intel Management engine. There are some edge cases where Intel ME may be needed but they mostly have to do with CPUs from newer generations.

Link to post
Share on other sites
exile360

exile360

Posted
Posted

Just FYI, disabling, crippling, or even flat out removing (or simply never installing) the Intel IME driver does nothing to mitigate any risks to security and potential vulnerabilities.  IME is built into the CPU itself, residing on its own silicon and if enabled in the firmware, can enable direct remote access and full control over the system's hardware, even if it is not booted into an operating system (and even if no hard drive or SSD is installed as it runs directly from the chip itself and houses its own proprietary OS).

I know all of this because much like yourself, I am concerned about privacy and security.  There is a method to actually disable IME, however it is risky, requires special equipment, isn't possible on all systems and can only be trusted as far as Intel's own functions/APIs allow, because the method used is the same one they provided to the NSA when they were concerned about the feature in their own systems.  This also means that if there is any security flaw/vulnerability or unaccounted for functionality when in this mode which would enable remote access, the system remains vulnerable.  There is no way to truly turn the IME 'off', and in fact the CPU will not post/function unless it is present and active because it handles part of the earliest phase of starting the system and Intel made it this way deliberately so that there is no way to use the CPU without it.

You can learn more at the following links:

Researchers Find a Way to Disable Much-Hated Intel ME Component Courtesy of the NSA
How to remote hijack computers using Intel's insecure chips: Just use an empty login string
NEUTRALIZING INTEL’S MANAGEMENT ENGINE
Sakaki's EFI Install Guide/Disabling the Intel Management Engine
What is MINIX? The most popular OS in the world, thanks to Intel
4 exploitable bugs plague Intel Management Engine: Patch now
Computer vendors start disabling Intel Management Engine

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

A personal observation:

Using  the latest MB version  is    4.1.2.73    with Component   1.0.972    with all Real-time protections on.   Windows 10 with latest Build and updates.

I have not seen the browser hangups / stalls / or the Chrome "resolving host hang".

 

Matter of fact I currently have 6 browsers open with multiple tabs.

EDGE, PaleMoon, Firefox, Brave, Chrome.   +  Comodo IceDragon

and no issues going into   & back out of sleep mode, either, by the way.   No issues   after manual scanning with MB.

Edited by Maurice Naggar
Link to post
Share on other sites
pal1000

pal1000

Posted
Posted
1 hour ago, Porthos said:

@pal1000 This is a Vostro 2521 laptop? Do you have the newest bios and Wireless drivers available installed?

https://www.dell.com/support/home/en-us/product-support/product/vostro-2521/drivers

Wireless driver is newer than what Dell provides, it's Qualcomm's generic driver for their 802.11b/g/n 2.4GHz cards from MUC. Dell Wireless 1703 is a Qualcomm based card. Anyway the driver is from July 2019, long before this MB problem came into existence. I just checked, no newer driver is available on Dell or MUC website.

BIOS is up-to-date at A16.

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
16 minutes ago, pal1000 said:

Wireless driver is newer than what Dell provides, it's Qualcomm's generic driver for their 802.11b/g/n 2.4GHz cards from MUC. Dell Wireless 1703 is a Qualcomm based card. Anyway the driver is from July 2019, long before this MB problem came into existence. I just checked, no newer driver is available on Dell or MUC website.

BIOS is up-to-date at A16.

Just covering as many hardware bases as I can. Basically like I would do on my workbench.

When I had similar issues I turned off auto scans and restarted after I ran a manual scan each time.

I still have them off and had not taken the time turn it back on to re test.

The only other option left is to go back to an older version before this issues started and turn off program updates. I have had to do that on 3 out of about 400 clients.

 

Link to post
Share on other sites
pal1000

pal1000

Posted
Posted
On 7/1/2020 at 2:42 AM, AdvancedSetup said:

Please open an elevated admin command prompt and type in the following.

PERFMON  /REPORT

Then wait and once the report is completed go ahead and choose File, Save-As and then zip up the file and post back the results please.

 

For me this command never finishes even if Malwarebytes isn't running. I also ran 

sfc /scannow

and it found no integrity violations. Maybe I disabled something it depends on like Windows defender or scheduled maintenance task.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.