AryYulianto Posted January 14, 2023 ID:1549572 Share Posted January 14, 2023 Hello. I don't know if this is a problem or not. Recently, I've tried to scan my device without the rootkits option. The total time took only around 40 minutes with 437k items scanned. But now I tried to make sure another scan with an additional option for rootkits, it's already 16 hours and still ongoing now. Should I stop it? Link to post Share on other sites More sharing options...
Staff Malwarebytes Posted January 14, 2023 Staff ID:1549573 Share Posted January 14, 2023 ***This is an automated reply*** Hi, Thanks for posting in the Malwarebytes for Windows Help forum. If you are having technical issues with our Windows product, please do the following: Malwarebytes Support Tool - Advanced Options This feature is designed for the following reasons: For use when you are on the forums and need to provide logs for assistance For use when you don't need or want to create a ticket with Malwarebytes For use when you want to perform local troubleshooting on your own How to use the Advanced Options: Spoiler Download Malwarebytes Support Tool Double-click mb-support-X.X.X.XXXX.exe to run the program You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent. Place a checkmark next to Accept License Agreement and click Next Navigate to the Advanced tab The Advanced menu page contains four categories: Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand. Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot. Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent. Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program. To provide logs for review click the Gather Logs button Upon completion, click OK A file named mbst-grab-results.zip will be saved to your Desktop Please attach the file in your next reply. To uninstall all Malwarebytes Products, click the Clean button. Click the Yes button to proceed. Save all your work and click OK when you are ready to reboot. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows. Select Yes to install Malwarebytes. Malwarebytes for Windows will open once the installation completes successfully. Screenshots: Spoiler Spoiler If you are having licensing issues, please do the following: Spoiler For any of these issues: Renewals Refunds (including double billing) Cancellations Update Billing Info Multiple Transactions Consumer Purchases Transaction Receipt Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help If you need help looking up your license details, please head here: Find my premium license key Thanks in advance for your patience. -The Malwarebytes Forum Team Link to post Share on other sites More sharing options...
1PW Posted January 14, 2023 ID:1549575 Share Posted January 14, 2023 Hello @AryYulianto and : What you are seeing is perfectly normal. Adding the rootkit element to any scan will dramatically increase the time to completion. If you have let the scan run that long, nothing but time is lost to run to the end. That is why the rootkit element is not part of the default, nor is it recommended. HTH Link to post Share on other sites More sharing options...
Porthos Posted January 14, 2023 ID:1549576 Share Posted January 14, 2023 1 hour ago, AryYulianto said: it's already 16 hours and still ongoing now. Should I stop it? Was this a custom scan or a standard threat scan??? Link to post Share on other sites More sharing options...
AryYulianto Posted January 14, 2023 Author ID:1549579 Share Posted January 14, 2023 15 minutes ago, 1PW said: Hello @AryYulianto and : What you are seeing is perfectly normal. Adding the rootkit element to any scan will dramatically increase the time to completion. If you have let the scan run that long, nothing but time is lost to run to the end. That is why the rootkit element is not part of the default, nor is it recommended. HTH Thank you, sir. For this fast assistance. 7 minutes ago, Porthos said: Was this a custom scan or a standard threat scan??? I don't remember, probably a custom scan. The rootkits option is off by default on the standard scan, I think. I just get dozens of viruses and tried to do the scan much more intensively by approving any options in the advanced scan on there. And now I can see why this option is off by default. Link to post Share on other sites More sharing options...
AryYulianto Posted January 14, 2023 Author ID:1549582 Share Posted January 14, 2023 29 minutes ago, 1PW said: That is why the rootkit element is not part of the default, nor is it recommended. So, is there any thread about this topic? Something like when I should use this option, what's the purpose or how, anything about it. Link to post Share on other sites More sharing options...
Porthos Posted January 14, 2023 ID:1549585 Share Posted January 14, 2023 23 minutes ago, AryYulianto said: So, is there any thread about this topic? Something like when I should use this option, what's the purpose or how, anything about it. No, It is recommend rootkit be turned on only where there is an issue for removing something with the normal scan. Rootkit is slightly more dangerous as it has to disable some whitelisting to remediate some rootkits. Maybe once a month if really want to use rootkit. But honestly, we rarely see rootkit files anymore and the newer engine can remove most of them anyways even without rootkit on. Malwarebytes is not designed to function like normal AV scanners and uses a new kind of scan engine that relies mostly on heuristics detection techniques rather than traditional threat signatures. Malwarebytes is also designed to look in all the locations where malware is known to install itself/hide, so a full or custom scan shouldn't be necessary, especially on any sort of frequent basis , especially since the default Threat Scan/Quick Scan checks all loading points/startup locations, the registry, all running processes and threads in memory, along with all system folders, program folders and data folders as well as any installed browsers, caches and temp locations. This also means that if a threat were active from a non-standard location, because Malwarebytes checks all threads and processes in memory, it should still be detected. The only threat it *might* miss would be a dormant/inactive threat that is not actively running/installed on a secondary drive, however if the threat were executed then Malwarebytes should detect it. Additionally, whenever a new location is discovered to be used by malware the Malwarebytes Research team adds that location dynamically to the outgoing database updates so the locations that are checked by the default Threat/Quick Scan in Malwarebytes can be changed on the fly by Research without requiring any engine or program version updates/upgrades. If you need a flat file scanner to check archived data/drives, I would recommend using one of the many available free AV scanners such as Kaspersky's Virus Removal Tool, ESET's Free Virus Scan, or even the built in Windows Defender that ships with Windows 8/8.1 and Windows 10. Links to the first two scanners I mentioned can be found below: https://www.kaspersky.com/downloads/thank-you/free-virus-removal-toolhttps://www.eset.com/us/home/online-scanner/ Link to post Share on other sites More sharing options...
AryYulianto Posted January 15, 2023 Author ID:1549793 Share Posted January 15, 2023 On 1/14/2023 at 11:05 AM, Porthos said: No, It is recommend rootkit be turned on only where there is an issue for removing something with the normal scan. Rootkit is slightly more dangerous as it has to disable some whitelisting to remediate some rootkits. Maybe once a month if really want to use rootkit. But honestly, we rarely see rootkit files anymore and the newer engine can remove most of them anyways even without rootkit on. Malwarebytes is not designed to function like normal AV scanners and uses a new kind of scan engine that relies mostly on heuristics detection techniques rather than traditional threat signatures. Malwarebytes is also designed to look in all the locations where malware is known to install itself/hide, so a full or custom scan shouldn't be necessary, especially on any sort of frequent basis , especially since the default Threat Scan/Quick Scan checks all loading points/startup locations, the registry, all running processes and threads in memory, along with all system folders, program folders and data folders as well as any installed browsers, caches and temp locations. This also means that if a threat were active from a non-standard location, because Malwarebytes checks all threads and processes in memory, it should still be detected. The only threat it *might* miss would be a dormant/inactive threat that is not actively running/installed on a secondary drive, however if the threat were executed then Malwarebytes should detect it. Additionally, whenever a new location is discovered to be used by malware the Malwarebytes Research team adds that location dynamically to the outgoing database updates so the locations that are checked by the default Threat/Quick Scan in Malwarebytes can be changed on the fly by Research without requiring any engine or program version updates/upgrades. If you need a flat file scanner to check archived data/drives, I would recommend using one of the many available free AV scanners such as Kaspersky's Virus Removal Tool, ESET's Free Virus Scan, or even the built in Windows Defender that ships with Windows 8/8.1 and Windows 10. Links to the first two scanners I mentioned can be found below: https://www.kaspersky.com/downloads/thank-you/free-virus-removal-toolhttps://www.eset.com/us/home/online-scanner/ Thank you, sir. I appreciate the help and advice. I wish you good fortune👌 2 Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now