How does Malwarebytes start?

[terrypin]

Hi, first post here.

I installed Malwarebytes a few months ago. I'm pretty sure it originally placed an icon in my XP Pro system tray. But if so, then at some point it must have disappeared. As a result I forgot all about it. However, recently it's been starting up automatically. I'm pleased with that as it's reminded me of its existence! But I'm puzzled, as it's not in my Startup folder. Is it a registry entry? And should I have a tray icon please?

--

Terry, East Grinstead, UK

[noknojon]

Hi terrypin - Welcome

There should be an entry in Start > programs (or where you D/loaded it to) - You can right click on it and send a shortcut to your desktop -

Then you will always be able to see it and update every few days - On your desktop you double click on the icon, click updates prior to a scan, and after the update is finished you just click on the run scan (only a quick scan is usually required) -

The tray icon is only in the paid version - If you have a paid version and it is not showing then someone will fix it for you -

If you have any other problem please post back -

[exile360]

Greetings and welcome .

Malwarebytes' Anti-Malware creates a startup entry in the registry (for the paid version) and there is no startup for the free version as it's only an on-demand scanner. If you purchased the paid version you should indeed have a tray icon (a red square with a white M in it).

If you need anything else just post.

Thanks .

[terrypin]

Thanks both, appreciate the fast replies.

This is the free version I'm trying, so I must be mistaken about once seeing a tray icon.

As mentioned, Malwarebytes has recently been starting when I reboot my PC (a rare event usually). So I'm wondering how that can happen?

--

Terry, East Grinstead, UK

[exile360]

If Malwarebytes' removed something and you're running Windows Vista (and potentially Windows 7) then there is a known issue with it's delete on reboot script being stuck in the registry and asking to run over and over again via a blocked message in your system tray. To get rid of it download, unzip and run the file in this post and reboot your PC. That should fix the issue.

[noknojon]

Also try to keep an icon on the desktop for updating and quick access to the program - You may (will) need it some day -

It should also show up in your Contro panel / Add Remove as an active program -

You can always delete it from there and install a new copy then update it -

If you were ever running Kaspersky antivirus then the symbols can look similar -

[terrypin]

If Malwarebytes' removed something and you're running Windows Vista (and potentially Windows 7) then there is a known issue with it's delete on reboot script being stuck in the registry and asking to run over and over again via a blocked message in your system tray. To get rid of it download, unzip and run the file in this post and reboot your PC. That should fix the issue.

Thanks. As mentioned, I'm running XP Pro, not Vista or Windows 7. But I've downloaded and added that entry

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes Anti-Malware (reboot)"=-

to my registry, and will try a reboot later. (BTW, that '-' looks odd? I was tempted to change it to '0', thinking maybe it's a Vista thing, but haven't done so.)

However, I'm sure that my PC did not reboot itself overnight yet the Malwarebytes window was again waiting for me! It's as if it's a Scheduled Task. But there's no such entry in that XP Pro folder. (The only entry I don't immediately recognise is for OGALogon, but some googling reveals that's something used by the 'Windows Genuine Advantage' thing.)

Very puzzling ...

--

Terry, East Grinstead, UK

[terrypin]

Also try to keep an icon on the desktop for updating and quick access to the program - You may (will) need it some day -

It should also show up in your Contro panel / Add Remove as an active program -

You can always delete it from there and install a new copy then update it -

If you were ever running Kaspersky antivirus then the symbols can look similar -

Thanks. I've just noticed that I do have a QuickLaunch icon for Malwarebytes. Not sure whether I added that myself when I first installed it.

If I don't find the cause I'll either leave it as is (after all, no big deal to either do a scan or close it!) or re-install as you suggest. It's just that I hate unsolved puzzles.

--

Terry, East Grinstead, UK

[exile360]

Hello again Terry .

That - is there because it's supposed to remove the key (it means "minus" ie, delete ). It's supposed to remove that Run entry from the registry if found. If that doesn't fix it and reinstalling as detailed earlier doesn't repair it either then do this and I'll figure out why it's creating a startup entry and where it's located so we can remove it :

Please download Sysinternals Autoruns from here.

• Save Autoruns.exe to your desktop and double-click it to run it.
  
• Once it starts, please press the Esc key on your keyboard.
  
• Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures
  
• Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
  
• When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
  
• Now right-click on the Autoruns.arn file located on your desktop and highlight Sent To and select Compressed (zipped) Folder
  
• Please attach the Autoruns.zip file you just created to your next post.
  

[terrypin]

Hello again Terry .

That - is there because it's supposed to remove the key (it means "minus" ie, delete ). It's supposed to remove that Run entry from the registry if found. If that doesn't fix it and reinstalling as detailed earlier doesn't repair it either then do this and I'll figure out why it's creating a startup entry and where it's located so we can remove it :

Please download Sysinternals Autoruns from here.

• Save Autoruns.exe to your desktop and double-click it to run it.
  
• Once it starts, please press the Esc key on your keyboard.
  
• Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures
  
• Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
  
• When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
  
• Now right-click on the Autoruns.arn file located on your desktop and highlight Sent To and select Compressed (zipped) Folder
  
• Please attach the Autoruns.zip file you just created to your next post.
  

Thanks exile360. I haven't yet reached the stage of re-installing, but I've followed your instructions above and attach the resultant ARN file. It's a large, complex file as far as I can see, but hopefully it might contain some clue.

Exile360.zip

--

Terry, East Grinstead, UK

[noknojon]

Hi again terrypin -

Exile360 is not on line at the moment , but I'm sure he will get back as soon as he can -

[terrypin]

More info.

1) It appeared automatically again this morning but luckily I was at my PC so I was able to note the exact time: 07:00 precisely. Looks just like a scheduled task, but as previously reported there's no sign of anything like that.

2) There are two entries in AutoRuns:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Malwarebytes Anti-Malware (reboot)

IMAGE PATH: File not found: - (This must be because of that registry entry I added.)

HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers

MBAMShlEx

IMAGE PATH: c:\program files\malwarebytes' anti-malware\mbamext.dll

--

Terry, East Grinstead, UK

[exile360]

More info.

1) It appeared automatically again this morning but luckily I was at my PC so I was able to note the exact time: 07:00 precisely. Looks just like a scheduled task, but as previously reported there's no sign of anything like that.

2) There are two entries in AutoRuns:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Malwarebytes Anti-Malware (reboot)

IMAGE PATH: File not found: - (This must be because of that registry entry I added.)

It's because of the first entry you listed. Running the reg file in GT500's post (which I linked you to earlier) will or has already removed it. It's not showing up in your Autoruns file so either it's gone now or Autoruns just isn't showing it. I know for a fact that if it's there it'll show up in the Startup tab in Ccleaner (which I can tell by your Autoruns log that you have installed ) so you can check that and if it's there (it'll be the mbam /runcleanupscript entry) select it and click Delete .

Please post back to let us know how it goes.

Thanks

[terrypin]

It's because of the first entry you listed. Running the reg file in GT500's post (which I linked you to earlier) will or has already removed it. It's not showing up in your Autoruns file so either it's gone now or Autoruns just isn't showing it. I know for a fact that if it's there it'll show up in the Startup tab in Ccleaner (which I can tell by your Autoruns log that you have installed ) so you can check that and if it's there (it'll be the mbam /runcleanupscript entry) select it and click Delete .

Please post back to let us know how it goes.

Thanks

Thanks. The only Malwarebytes entry in the Ccleaner Startup list is 'Malwarebytes Anti-malware (Reboot)' with an entry of '-' in the File column. (I'm confused about that. Should it be there? Should I delete it?)

Any thoughts on the 07:00 start?

Also, I've just discovered that when I start mbam.exe but just minimise it, doing no scans or anything, it is still consuming a small but signficant CPE resource. Why would that be the case please?

--

Terry, East Grinstead, UK

[exile360]

Yes, you can delete the entry shown in Ccleaner . That will get rid of that entire issue. As for MBAM using CPU resources, it's just remaining loaded in memory so it will spike a bit here and there. If you aren't using it at the time to scan or update or use one of its other built in tools (such as FileASSASSIN) then you can just keep it closed and it won't consume any resources at all.

[terrypin]

Yes, you can delete the entry shown in Ccleaner . That will get rid of that entire issue. As for MBAM using CPU resources, it's just remaining loaded in memory so it will spike a bit here and there. If you aren't using it at the time to scan or update or use one of its other built in tools (such as FileASSASSIN) then you can just keep it closed and it won't consume any resources at all.

Thanks, but it didn't fix the problem. I deleted that entry in Ccleaner but this morning Malawarebytes started again as usual at 07:00.

Maybe I'll just try uninstalling/re-installing next.

--

Terry, East Grinstead, UK

[terrypin]

Thanks, but it didn't fix the problem. I deleted that entry in Ccleaner but this morning Malawarebytes started again as usual at 07:00.

Maybe I'll just try uninstalling/re-installing next.

--

Terry, East Grinstead, UK

I'm embarrassed to report that this is down to me!

Ages ago I used Macro Express Pro to write a macro that ran a daily scan with Malwarebytes. After a week or so I recall disabling it. In the many months that have elapsed I'd forgotten all about it. But somehow it got re-enabled. (Could have been one of several Macro Express hard crashes I had recently.) I finally tracked it down this morning, just after my last post ...

Sorry about that!

--

Terry, East Grinstead, UK

[exile360]

No problem . I'm just glad you got it sorted out. If you need anything else just post.

Thanks