Jump to content

Sudden PC restart while playing and scanning with MB


Recommended Posts

Hey, 

I was playing a game and doing Malwarebytes scan in the background. Suddenly my pc closed itself and restarted. I looked into Event Viewer and there were (it is in Polish, sorry)

Do You know what might happen?

 

Nazwa dziennika:System
Źródło:        Microsoft-Windows-Kernel-Power
Data:          22.05.2021 18:48:08
Identyfikator zdarzenia:41
Kategoria zadania:(63)
Poziom:        Krytyczne
Słowa kluczowe:(70368744177664),(2)
Użytkownik:    SYSTEM
Komputer:      DESKTOP-FE68QUT
Opis:
System został uruchomiony ponownie bez uprzedniego czystego zamknięcia. Możliwe przyczyny błędu: system przestał odpowiadać lub uległ awarii albo nastąpiła nieoczekiwana utrata zasilania.
Kod XML zdarzenia:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331c3b3a-2005-44c2-ac5e-77220c37d6b4}" />
    <EventID>41</EventID>
    <Version>8</Version>
    <Level>1</Level>
    <Task>63</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000400000000002</Keywords>
    <TimeCreated SystemTime="2021-05-22T16:48:08.9583075Z" />
    <EventRecordID>2867</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="8" />
    <Channel>System</Channel>
    <Computer>DESKTOP-FE68QUT</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="BugcheckCode">0</Data>
    <Data Name="BugcheckParameter1">0x0</Data>
    <Data Name="BugcheckParameter2">0x0</Data>
    <Data Name="BugcheckParameter3">0x0</Data>
    <Data Name="BugcheckParameter4">0x0</Data>
    <Data Name="SleepInProgress">0</Data>
    <Data Name="PowerButtonTimestamp">0</Data>
    <Data Name="BootAppStatus">0</Data>
    <Data Name="Checkpoint">0</Data>
    <Data Name="ConnectedStandbyInProgress">false</Data>
    <Data Name="SystemSleepTransitionsToOn">0</Data>
    <Data Name="CsEntryScenarioInstanceId">0</Data>
    <Data Name="BugcheckInfoFromEFI">false</Data>
    <Data Name="CheckpointStatus">0</Data>
    <Data Name="CsEntryScenarioInstanceIdV2">0</Data>
    <Data Name="LongPowerButtonPressDetected">false</Data>
  </EventData>
</Event>

--------------------------------------------------------------------------------------------

Nazwa dziennika:System
Źródło:        Service Control Manager
Data:          22.05.2021 18:48:42
Identyfikator zdarzenia:7026
Kategoria zadania:Brak
Poziom:        Informacje
Słowa kluczowe:Klasyczny
Użytkownik:    Nie dotyczy
Komputer:      DESKTOP-FE68QUT
Opis:
Następujące sterowniki startu rozruchowego lub systemowego nie zostały załadowane: 
dam
Kod XML zdarzenia:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
    <EventID Qualifiers="49152">7026</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2021-05-22T16:48:42.0626780Z" />
    <EventRecordID>2890</EventRecordID>
    <Correlation />
    <Execution ProcessID="784" ThreadID="788" />
    <Channel>System</Channel>
    <Computer>DESKTOP-FE68QUT</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">
dam</Data>
  </EventData>
</Event>

----------------------------------------------------------------------------------

Nazwa dziennika:Application
Źródło:        ESENT
Data:          22.05.2021 18:49:06
Identyfikator zdarzenia:102
Kategoria zadania:Ogólne
Poziom:        Informacje
Słowa kluczowe:Klasyczny
Użytkownik:    Nie dotyczy
Komputer:      DESKTOP-FE68QUT
Opis:
SearchIndexer (6516,P,98) Windows: Aparat bazy danych (10.00.19042.0000) uruchamia nowe wystąpienie (0).
Kod XML zdarzenia:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="ESENT" />
    <EventID Qualifiers="0">102</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>1</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2021-05-22T16:49:06.3110053Z" />
    <EventRecordID>2488</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>DESKTOP-FE68QUT</Computer>
    <Security />
  </System>
  <EventData>
    <Data>SearchIndexer</Data>
    <Data>6516,P,98</Data>
    <Data>Windows: </Data>
    <Data>0</Data>
    <Data>10</Data>
    <Data>00</Data>
    <Data>19042</Data>
    <Data>0000</Data>
  </EventData>
</Event>

 

Link to post
Share on other sites

8 hours ago, Porthos said:

Was this a manual scan? It is not recommended to do anything else during a manual scan.

Yes it was. So this might be a reason? Thank You. I will remember that.

I have a new system and wanted to do a full scan to ensure that everything is good. I chose a custom scan and enabled every option. The scan is runnijg for more than 8 hours now, is it how it's supposed to be? Before (on Windows 7) the custom scan took approximately 3-4h.

Edited by Manaphy0220
Link to post
Share on other sites

20 minutes ago, Manaphy0220 said:

I chose a custom scan and enabled every option.

 

20 minutes ago, Manaphy0220 said:

The scan is runnijg for more than 8 hours now, is it how it's supposed to be?

Yes. A custom scan is not needed.

Malwarebytes is not designed to function like normal AV scanners and uses a new kind of scan engine that relies mostly on heuristics detection techniques rather than traditional threat signatures.  Malwarebytes is also designed to look in all the locations where malware is known to install itself/hide, so a full or custom scan shouldn't be necessary, especially on any sort of frequent basis (like daily), especially since the default Threat Scan/Quick Scan checks all loading points/startup locations, the registry, all running processes and threads in memory, along with all system folders, program folders and data folders as well as any installed browsers, caches and temp locations.  This also means that if a threat were active from a non-standard location, because Malwarebytes checks all threads and processes in memory, it should still be detected.  The only threat it *might* miss would be a dormant/inactive threat that is not actively running/installed on a secondary drive, however if the threat were executed then Malwarebytes should detect it.  Additionally, whenever a new location is discovered to be used by malware the Malwarebytes Research team adds that location dynamically to the outgoing database updates so the locations that are checked by the default Threat/Quick Scan in Malwarebytes can be changed on the fly by Research without requiring any engine or program version updates/upgrades.

Link to post
Share on other sites

24 minutes ago, Porthos said:

 

Yes. A custom scan is not needed.

Malwarebytes is not designed to function like normal AV scanners and uses a new kind of scan engine that relies mostly on heuristics detection techniques rather than traditional threat signatures.  Malwarebytes is also designed to look in all the locations where malware is known to install itself/hide, so a full or custom scan shouldn't be necessary, especially on any sort of frequent basis (like daily), especially since the default Threat Scan/Quick Scan checks all loading points/startup locations, the registry, all running processes and threads in memory, along with all system folders, program folders and data folders as well as any installed browsers, caches and temp locations.  This also means that if a threat were active from a non-standard location, because Malwarebytes checks all threads and processes in memory, it should still be detected.  The only threat it *might* miss would be a dormant/inactive threat that is not actively running/installed on a secondary drive, however if the threat were executed then Malwarebytes should detect it.  Additionally, whenever a new location is discovered to be used by malware the Malwarebytes Research team adds that location dynamically to the outgoing database updates so the locations that are checked by the default Threat/Quick Scan in Malwarebytes can be changed on the fly by Research without requiring any engine or program version updates/upgrades.

 

Mhm so it's normal for a custom scan to be that long? I'm surprised because the scan was much quicker on my PC before a clean Win 10 instalation. The scan was also much faster on my laptop. Do You have any idea why? And as You said: normally the normal scan is enough?

Also should I run MB as an administrator or can I just launch it normally?

Edited by Manaphy0220
Link to post
Share on other sites

32 minutes ago, Manaphy0220 said:

Mhm so it's normal for a custom scan to be that long?

Especially if it is the first scan. Any full scan with rootkit scanning will be extra long.

 

32 minutes ago, Manaphy0220 said:

normally the normal scan is enough?

Yes.

32 minutes ago, Manaphy0220 said:

Also should I run MB as an administrator or can I just launch it normally?

Launch it normally.

 

Link to post
Share on other sites

6 hours ago, Porthos said:

Especially if it is the first scan. Any full scan with rootkit scanning will be extra long.

 

Yes.

Launch it normally.

 

@Porthos

Thank You. Should I wait till it's done or it's better to cancel it and run a normal scan? 

Whag about the fact that the scan was much faster on a laptop and before the new system's instalation? Is it possible that it didn't work correctly when the scanning time was shorter?

Edit: It is scanning for more than 14h now.

Edited by Manaphy0220
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.