Jump to content

Malwarebytes takes a long time to open


Recommended Posts

I posted in the windows section and was asked to run Farbar and post here.  My issue is that Malwarebytes takes at least 5 minutes to load and stabilize.  It reports not responding for a while.

I attached the Farbar files.  Not sure where the threat scan logs are located.  Didn't see one so named under logs in program data

 

Addition.txt FRST.txt

Link to post
Share on other sites
  • Root Admin

Hello @sc204

Please go into Control Panel, Programs, Programs and Features and uninstall the following

Bonjour
 

 

 

I assume you're running this Miner on your own?

Shortcut: D:\Users\schal\Desktop\start.bat - Shortcut.lnk -> D:\ZCash\Downloads\Zec Miner 0.3.4b\0.3.4b\start.bat ()

Typically miners consume massive amounts of resources and if this is running that alone would be a major reason for Malwarebytes to take a long time to open

 

I don't see anything obvious though that would cause a 5 minute delay in opening if it's not due to lack of resources by having the miner running.

Let's do a generic clean up and see if that helps or not though

 

 

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

NOTE-1:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more.

NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords.

The following directories are emptied:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

Link to post
Share on other sites

I did as you suggested.  Removed Bonjour.  

I do not believe the zcash miner is running (it was something I tried quite a while ago.  It was manually started.

The file is now in quarantine in MB.  Not sure why it did this except I attempted to run it to make sure it was not active when you mentioned it.

I ran FRST64 and it did find some errors in the C: file system that was repaired with the next boot with chkdsk

Unfortunately Malwarebytes is still slow to open.  and once again is greyed out and says Not Responding.  

Everything else seems to run at normal speeds.

I am pretty sure that MB ran normally without these issues when first installed.

Any other suggestions?  Should I run the support tool again and clean and reinstall?

 

Link to post
Share on other sites
  • Root Admin

Please click on Start and type in PowerShell and when it shows on the menu right-click and select "Run as administrator" then copy / paste the following and post back the results

Get-PhysicalDisk | Format-Table -AutoSize

Then run the following as well

Get-Volume

 

Link to post
Share on other sites

Thanks again for the help

3 powershells available I ran x86

 

PS C:\Windows\system32> Get-PhysicalDisk | Format-Table -Autosize

Number FriendlyName           SerialNumber         MediaType CanPool OperationalStatus HealthStatus Usage          Size
------ ------------           ------------         --------- ------- ----------------- ------------ -----          ----
0      SanDisk Ultra II 960GB 165261426292         SSD       False   OK                Healthy      Auto-Select ...5 GB
1      SanDisk SDSSDXPS480G   153252401211         SSD       False   OK                Healthy      Auto-Select ...3 GB
2      NVMe Samsung SSD 970   0025_385B_019E_AF6D. SSD       False   OK                Healthy      Auto-Select ...1 GB


PS C:\Windows\system32> Get-Volume

DriveLetter FriendlyName   FileSystemType DriveType HealthStatus OperationalStatus SizeRemaining      Size
----------- ------------   -------------- --------- ------------ ----------------- -------------      ----
E           My Documents 2 NTFS           Fixed     Healthy      OK                      80.4 GB    447 GB
F                          Unknown        CD-ROM    Healthy      Unknown                     0 B       0 B
D           My Documents 1 NTFS           Fixed     Healthy      OK                    415.14 GB 894.24 GB
            Recovery       NTFS           Fixed     Healthy      OK                    436.07 MB    450 MB
C                          NTFS           Fixed     Healthy      OK                    769.22 GB 930.96 GB
                           FAT32          Fixed     Healthy      OK                     69.28 MB     96 MB


PS C:\Windows\system32>

 

Link to post
Share on other sites
  • Root Admin

Please run the Samsung Magician support tool on the main drive and verify it's integrity. There are a couple of tests you can run on the drive.

Also check and make sure it's firmware is up to date

 

Also check your SanDisk drives

https://kb.sandisk.com/app/answers/detail/a_id/15108/~/sandisk-ssd-dashboard-support-information

Post back your results

 

Link to post
Share on other sites

Samsung C drive: Drive health Good, Drive Temp normal (43 degrees C ) Short scan 100%, Smart self test passed

Performance benchmark Read 3522, Write 3309, Random IOPS read 310791, write 233886

Firmware UTD

Drive D Sandisk (user folders on Drive D.  Using Dashboard Life remaining 99% Firmware UTD Smart diagnostic short test.  No problems found

Drive E life remaining 100% firmware UTD Smart diagnostic short test.  No problems found

Link to post
Share on other sites
  • Root Admin

Please click on Start and type in Reliability and then open that applet. Check on any obvious RED issues and see if there are any ongoing issues or not and let me know.

Open Task Manager and then go to the Performance tab and at the bottom click on the "Open Resource Monitor"

Then click on each tab one-by-one and wait 10 seconds on each tab and take a screenshot and post back the results please.

 

Link to post
Share on other sites

I see two issues that keep repeating every day to few days Repetier server stopped working and Seagate dashboard stopped working.

I do not print 3D from my computer so I do not think Repetier is needed so I removed it.  I also am not using the Seagate external drives so I removed the dashboard as well.

I do see the shutdown that happened a couple of days ago that lead me to make sure it wasn't a virus.  That is when I found MB to take so long to open and not respond properly. It was a hardware error with the following details.

Source
Windows

Summary
Hardware error

Date
‎4/‎8/‎2021 6:21 AM

Status
Not reported

Description
A problem with your hardware caused Windows to stop working correctly.

Problem signature
Problem Event Name:    LiveKernelEvent
Code:    117
Parameter 1:    ffffe58d2bbd8010
Parameter 2:    fffff8074e4171c0
Parameter 3:    0
Parameter 4:    0
OS version:    10_0_19041
Service Pack:    0_0
Product:    256_1
OS Version:    10.0.19041.2.0.0.256.48
Locale ID:    1033

A search on the web shows with that code says usually an Nvidea driver issue.

Screenshots attached

 

Network2.jpg

Network1.jpg

Disk.jpg

memory.jpg

CPU2.jpg

CPU1.jpg

overview.jpg

Link to post
Share on other sites

I was able to update to the newest nvidea driver without issue and that was a one time crash.  is there something in the images I sent you that makes you think I need to do this?    

Thanks again for the help.

Currently I do not have MB installed 

Link to post
Share on other sites
  • Root Admin

Just from your own quote about the Nvidia driver

"A search on the web shows with that code says usually an Nvidea driver issue. "

Trying to track down and see if we can find an obvious issue for why it takes 5 minutes to open the program. I've not see any post that before. I've see slow loading or slow opening but not 5 minutes.

 

 

Create an Autoruns Log:

  • Please download Sysinternals Autoruns from here.
  • Save Autoruns.exe to your desktop and double-click it to run it.
  • Once it starts, please press the Esc key on your keyboard.
  • Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures and Check VirusTotal.com and Submit Unknown Images
  • Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
  • When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
  • Right-click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the Autoruns.zip folder you just created to your next reply

 

image.png

 

Thanks

 

Link to post
Share on other sites
  • Root Admin

So, let me get this straight.

It's 5 minutes to open the GUI - Graphical User Interface after you click the icon on the desktop or right-click the tray icon and select to open Malwarebytes?

Or - it is 5 minutes after you've started your computer before the icon shows in the  tray?

Or something else?

 

Link to post
Share on other sites

it was from clicking on the desktop icon.  A couple minutes to open the interface and another couple to stabilize to use it.  Often clicking the mouse on the interface would lead to the not responding in the title for the first few minutes.   

Trying to open from the tray didn't seem much different.  

Link to post
Share on other sites
  • Root Admin

Okay, please try installing the following version.

Unzip it, install it but do not try to activate it. Click the small gear icon and go to Settings -> General and uncheck the following.

  • "Automatically download and install updates"
  • "Notify me when a new version becomes available"

 

image.png

 

The rules will still update but it won't update the main program with those options disabled.

mb4-setup-consumer-4.3.0.206-1.0.1157-1.0.36359_full.zip

Let me know if this version makes any difference or not.

Thanks

 

 

Link to post
Share on other sites
  • Root Admin

Please review the following items in AotoRuns for possible removal or update

 

 

Reflect UI    Macrium Reflect UI Watcher    (Verified) Paramount Software UK Ltd    c:\program files\macrium\common\reflectui.exe    3/10/2017 1:26 PM    0/68

ISUSPM    Common Software Manager    (Verified) Flexera Software LLC    c:\programdata\flexnet\connect\11\isuspm.exe    6/24/2013 9:16 AM    0/74

iCloudServices    iCloud Services    (Verified) Apple Inc.    c:\program files (x86)\common files\apple\internet services\icloudservices.exe    6/23/2018 3:02 AM    0/74

ISUSPM    Common Software Manager    (Verified) Flexera Software LLC    c:\programdata\flexnet\connect\11\isuspm.exe    6/24/2013 9:16 AM    0/74

OneDrive    Microsoft OneDrive    (Verified) Microsoft Corporation    d:\users\schal\appdata\local\microsoft\onedrive\onedrive.exe    10/22/2031 6:48 AM    0/73


If Seagate was removed go ahead and have AutoRuns delete the entry
Uploader            File not found: C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe.exe        

Task Scheduler
\Seagate_Install_Launch            File not found: C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe        

 


Application Restart #4    Common Software Manager    (Verified) Flexera Software LLC    c:\programdata\flexnet\connect\11\isuspm.exe    6/24/2013 9:16 AM    0/74

What is PowerShell doing? Seems like an upgrade maybe?
Update UWP App.lnk    powershellw    (Verified) LogMeIn, Inc.    c:\program files (x86)\lastpass\lpwinmetro\appxupgradeuwp.exe    2/20/1928 8:46 PM    0/74


ReflectShellExt    Reflect Shell Extension Context Menu    (Verified) Paramount Software UK Ltd    c:\program files\macrium\reflect\rcontextmenu.dll    3/10/2017 1:37 PM    0/64


All of your DropBox item dates are way off. If you're not using DropBox I'd recommend you uninstall it. If you are using it then I recommend updating it.

dbupdate    Dropbox Update Service (dbupdate): Keeps your Dropbox software up to date. If this service is disabled or stopped, your Dropbox software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Dropbox software using it.    (Verified) Dropbox, Inc    c:\program files (x86)\dropbox\update\dropboxupdate.exe    10/21/2015 11:52 AM    0/74

dbupdatem    Dropbox Update Service (dbupdatem): Keeps your Dropbox software up to date. If this service is disabled or stopped, your Dropbox software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Dropbox software using it.    (Verified) Dropbox, Inc    c:\program files (x86)\dropbox\update\dropboxupdate.exe    10/21/2015 11:52 AM    0/74


Both or your Google Chrome updaters are very old. I'd recommend you reinstall Chrome to see if it corrects.

gupdate    Google Update Service (gupdate): Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.    (Verified) Google Inc    c:\program files (x86)\google\update\googleupdate.exe    12/7/2016 7:38 PM    0/74
gupdatem    Google Update Service (gupdatem): Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.    (Verified) Google Inc    c:\program files (x86)\google\update\googleupdate.exe    12/7/2016 7:38 PM    0/74

 

Link to post
Share on other sites
  • Root Admin

The concern is that one of the program updates from Malwarebytes might cause the slow down again.

Please try enabling the BETA in settings under General. Then scroll back up and check for updates.

It should update. Then restart the computer and see if it continues to work properly or not.

Thanks

 

Link to post
Share on other sites

Switched to Beta, updated and restarted.  Still no issues that I can see.  Opens just fine and no not responding messages.

Thank you for the detailed info on the autoruns.  I will need to look at each suggestion and see if I can make sense of them.  

The Seagate ones were easy as I do not use it so I removed the 2 entries.   I do use drop box so i will look at that.

You also mentioned to remove the one drive entry or update it?  Now I do use One drive.  So in that case what do I do?

Thanks again.  Almost there I hope :)

Link to post
Share on other sites
  • Root Admin

Nope, if you're using OneDrive then leave it alone.

The multiple entries for what appears to possibly be Macrium Reflect? Only concern is they're from 2017  -  are you still using?

Go ahead and open Malwarebytes, go back to Settings, General and re-enable the program update and alert settings.

 

Link to post
Share on other sites

Removed Macrium reflect.  Guess I used it or tried it at one point to clone a drive.  Not currently using so removed.

Application updates checked, Notification line is missing now.  Beta still checked (should I leave it?)

I think as far as MB goes you have fixed the issue and I thank you.  I will still sort through those autoruns that you flagged.  

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.