Jump to content

Recommended Posts

Hello,

I've Malwabytes Premium (version 4.4.6.132)  installed on my PC with Windows 10 Pro (version 10.0.19043 Build 19043).

In attachments the logs which I retrieved through MB SupportTool.

The problem is that Malwarebytes it really takes a long time to start (about 5 minutes). I have already tried to unistall it and re-install through the MB SupportTool, but unfortunately without solving the problem.

I hope you can help me, it's quite annoying and frustrating.. thank you!

mbst-grab-results.zip

Link to post
Share on other sites

  • Root Admin

Hello @paninodimerda

Can you please try temporarily removing the custom HOSTS file you have running and restore it back to the default HOSTS file and restart the computer. Then let me know if still having an issue launching Malwarebytes

Also, what are these PowerShell scripts doing running on the system? Did you set  them up? It's also extremely not normal to run anything permanently from the Temp folder.

 

Task: {00C27DF7-C921-40BC-935A-63A7B3BFD106} - System32\Tasks\Sophia Script\SoftwareDistribution => powershell.exe 0
Task: {12AE759D-362B-45B1-862C-955A020408C0} - System32\Tasks\Sophia Script\Windows Cleanup => powershell.exe 0
Task: {1A39B8AA-AE2C-4479-A93C-4F243281096F} - System32\Tasks\Sophia Script\Temp => powershell.exe Get-ChildItem -Path C:\Users\Dj_MA\AppData\Local\Temp -Force -Recurse | Remove-Item -Recurse -Force

The entries look like an attempt to use PowerShell to clear Temp folders and Distribution folders. There are tools dedicated to doing this as well as a simple batch file with RD /Q /S.   Using PowerShell can potentially trigger security software to block or alert as a detection

 

Edited by AdvancedSetup
updated information
Link to post
Share on other sites

Hello @AdvancedSetup

Quote

Can you please try temporarily removing the custom HOSTS file you have running and restore it back to the default HOSTS file and restart the computer. Then let me know if still having an issue launching Malwarebytes

I try as soon as I have time I'll give it a try and I'll let you know. 

 

Quote

Also, what are these PowerShell scripts doing running on the system? Did you set  them up? It's also extremely not normal to run anything permanently from the Temp folder.

Yes, I set these scripts to clean temp folder and performs other clean operation of the system. They are harmless, but if you suggest other tools I'll appreciate if you can indicate me what tool use.

Link to post
Share on other sites

  • Root Admin

A batch run with Admin rights should be enough to clear all temp files that are not in use. I keep a folder called D:\Admin\Batch  where I store batch files.

@echo off
CD "%TEMP%\"
RD /S /Q "%TEMP%\"
CD "%WINDIR%\TEMP"
RD /S /Q "%WINDIR%\TEMP"

By changing into the folder and issuing the command the main folder will not be removed.

 

Disk cleanup in Windows 10
https://support.microsoft.com/en-us/windows/disk-cleanup-in-windows-10-8a96ff42-5751-39ad-23d6-434b4d5b9a68

The Best Way to Clean Windows 10: A Step-by-Step Guide
https://www.makeuseof.com/tag/best-way-clean-windows-10-step-step-guide/

Use Windows 10’s New "Free Up Space" Tool to Clean Up Your Hard Drive
https://www.howtogeek.com/348635/use-windows-10s-new-free-up-space-tool-to-clean-up-your-hard-drive/

Free up drive space in Windows
https://support.microsoft.com/en-us/windows/free-up-drive-space-in-windows-85529ccb-c365-490d-b548-831022bc9b32

 

Let me know how the HOSTS file change goes please.

Thanks @paninodimerda

 

Link to post
Share on other sites

@AdvancedSetup I restored my custom HOSTS removing the line above, I restart windows and I've done from cmd line: 

ipconfig /flushdns

But unfortunately that not solve the issue, so I think there are some other entries in the HOSTS which impact MB..(?) Can you give me all your site that must not be blocked?

Anyway, from GUI of MB I disabled the Telemetry, I don't understand how this can cause boot hindrances of software.
Thanks

Link to post
Share on other sites

  • Root Admin

Please make sure none of the following entries are in your host file or blocked by your Firewall @paninodimerda

cdn.mwbsys.com
cleo.mb-internal.com
hubble.mb-cosmos.com
iris.mwbsys.com
keystone.mwbsys.com
links.malwarebytes.com
malwarebytes.com
my-device.malwarebytes.com
sirius.mwbsys.com
telemetry.malwarebytes.com

 

 

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.