Jump to content

Purchased MBAM, bootup doesn't complete

twl845

By twl845
in General Windows PC Help

 Share

Recommended Posts

twl845

twl845

Posted
Posted

Hi, I purchased a license and registered my free copy of MBAM. I excluded MBAM from my NOD32 AV, made my copy of Superantispyware my on demand anti-spyware and made it so it has no system tray icon and excluded MBAM in it. I excluded MBAM from my Outpost Firewall. The problem I have since I activated the Protection module in MBAM, is that every couple of times I boot up or re-start my computer it boots up to the end, and when I move the arrow, it turns into a hand and nothing responds. I click icons or Start and nothing happens. If I hover the hand over the task bar it turns into the rotating hour glass. The only thing to do is a hard shut down and reboot to see if it boots OK. Does anyone know the solution? Thanks in advance.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

It certainly sounds like it has to do with Anti-Virus exclusions. We don't have a write up for NOD32 but there are some other AV write ups in the FAQ: http://www.malwarebytes.org/forums/index.php?showtopic=10138

You can review them and try to setup NOD32 similar. If you're still having issues then try temporarily disconnect from the Internet and disable your NOD32 and see if the issue goes away or not.

Link to post
Share on other sites
twl845

twl845

Posted
  • Author
Posted
It certainly sounds like it has to do with Anti-Virus exclusions. We don't have a write up for NOD32 but there are some other AV write ups in the FAQ: http://www.malwarebytes.org/forums/index.php?showtopic=10138

You can review them and try to setup NOD32 similar. If you're still having issues then try temporarily disconnect from the Internet and disable your NOD32 and see if the issue goes away or not.

Thanks for the response and info. I have excluded MBAM as instructed in my NOD32, etc. and still have the problem every second or third bootup. I found a person in Wilders security forum who has the same exact problem. He said he disabled the bootup file check in MBAM and it cleared the problem. I don't see anywhere to do that, nor am I aware of a bootup file check. Does any one know what he's talking about? Could he be mistakenly referring to the AV bootup file check? Mine only does that every Monday at 9PM.

A new wrinkle just occurred as I shut down my computer. It hung at the "Windows is shutting down" page, and I had to do a hard shut down. I keep thinking this problem is probably something really simple to correct if you know how. :)

I hope I don't have to go back to the free version to get rid of this problem.

Link to post
Share on other sites
twl845

twl845

Posted
  • Author
Posted
I'm not aware of what he's talking about.

Well reverse it. Stop loading the Protection Module from MBAM and Disable it from auto starting. Then see if you're having the same issue or not.

Hi, If I reverse it, what do I do if it has no effect, and what do I do if that fixes it? One of the big reasons for getting protection mode is so it'll auto start and update automatically. Thanks again for your help. :)

Link to post
Share on other sites
twl845

twl845

Posted
  • Author
Posted
At this point we're simply trying to confirm for sure that it is due to MBAM and NOD32 conflict.

If it is then some setting withing NOD32 will probably need to be set that maybe you're missing.

Right. I have deselected Start with Windows, will start MBAM protection manually, and will do 5 or 6 shut downs and Start ups and see if the hang re-occurs. I'll post back as soon as I'm confident I have an answer. :) Thanks

Link to post
Share on other sites
twl845

twl845

Posted
  • Author
Posted
Right. I have deselected Start with Windows, will start MBAM protection manually, and will do 5 or 6 shut downs and Start ups and see if the hang re-occurs. I'll post back as soon as I'm confident I have an answer. :) Thanks

Hi Advancedsetup, As I said in my last post, I deselected start with Windows, and have booted successfully a number of times activating Protection manually each time. What do you think? I looked in the advanced setup in my NOD32 AV, and with my limited knowledge, nothing jumps out at me.

Link to post
Share on other sites
marktreg

marktreg

Posted
Posted

Just to save AdvancedSetup some time when he gets back to you, could you confirm that you have added ALL of these files to NOD32's exclusions list?

I have listed all the operating systems because I'm not sure which operating system you have.

For Windows XP:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware\rules.ref
C:\Windows\System32\drivers\mbam.sys
C:\Windows\System32\drivers\mbamswissarmy.sys

For Windows Vista and Windows 7:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
C:\Windows\System32\drivers\mbam.sys
C:\Windows\System32\drivers\mbamswissarmy.sys

For 64 bit versions of Windows Vista and Windows 7:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\zlib.dll
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
C:\Windows\System32\drivers\mbam.sys
C:\Windows\SysWoW64\drivers\mbamswissarmy.sys

Link to post
Share on other sites
twl845

twl845

Posted
  • Author
Posted
Just to save AdvancedSetup some time when he gets back to you, could you confirm that you have added ALL of these files to NOD32's exclusions list?

I have listed all the operating systems because I'm not sure which operating system you have.

For Windows XP:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware\rules.ref
C:\Windows\System32\drivers\mbam.sys
C:\Windows\System32\drivers\mbamswissarmy.sys

For Windows Vista and Windows 7:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
C:\Windows\System32\drivers\mbam.sys
C:\Windows\System32\drivers\mbamswissarmy.sys

For 64 bit versions of Windows Vista and Windows 7:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\zlib.dll
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
C:\Windows\System32\drivers\mbam.sys
C:\Windows\SysWoW64\drivers\mbamswissarmy.sys

Hi Marktreg, I wasn't aware of the .dll files. I have now marked those 3 as excluded also. I'm using XPsp3. I will activate "Start with Windows" again and see if the problem returns. I'll come back and post the results. Thanks for the help! This may be a dumb question, but why can't we just exclude the entire MBAM folder in one shot instead of picking 7 files in Programs to excude?

Link to post
Share on other sites
twl845

twl845

Posted
  • Author
Posted
Hi Marktreg, I wasn't aware of the .dll files. I have now marked those 3 as excluded also. I'm using XPsp3. I will activate "Start with Windows" again and see if the problem returns. I'll come back and post the results. Thanks for the help! This may be a dumb question, but why can't we just exclude the entire MBAM folder in one shot instead of picking 7 files in Programs to excude?

Update: After adding the 3 .dll's to the list of files excluded, I activated "Start with Windows" and did a re-start which froze, and after 4 failed attempts to boot up it finally booted on the 5th try. So I guess adding the .dll's didn't help.

Link to post
Share on other sites
twl845

twl845

Posted
  • Author
Posted
Update: After adding the 3 .dll's to the list of files excluded, I activated "Start with Windows" and did a re-start which froze, and after 4 failed attempts to boot up it finally booted on the 5th try. So I guess adding the .dll's didn't help.

Just a note: I can almost tell if the computer is going to boot with a frozen desktop or not, because the hard disk activity seems to last a few seconds longer when it's a good boot.

Link to post
Share on other sites
siljaline

siljaline

Posted
Posted

I am following this with interest since many NOD32 users at Wilders are seeing similar issues.

While I do not run real-time MBAM, I am not seeing these issues, it would be good if your Dev's could throw a copy of NOD32 in your mix and see what comes out the other end.

Link to post
Share on other sites
marktreg

marktreg

Posted
Posted

I am also following this thread with interest because I run XPSP3 with NOD32 and MBAM realtime protection, and both programs load absolutely fine on startup. I have never had a single problem with either program. Maybe the next thing to try is to stop NOD32's Automatic Startup file check from running and see if that makes any difference. To do this, in NOD32, click on Setup and then enter the entire advanced setup tree. Right at the top of the tree, click on Antivirus and antispyware. Click the Setup button in Automatic Startup file check. Then uncheck all the boxes in the Objects menu and click OK. See if the computer boots up OK now. (To reverse these changes, just tick all the boxes again and click OK).

Note: In the thread here at Wilders, 'Wonkabear' said that he cured the problem by stopping Malwarebytes' startup system check. But that is actually impossible because Malwarebytes does not perform a startup system check. It just loads its realtime protection module.

EDIT: I posted before I saw AdvancedSetup's last post, so please don't forget to supply the information he asked for.

Link to post
Share on other sites
twl845

twl845

Posted
  • Author
Posted
I am also following this thread with interest because I run XPSP3 with NOD32 and MBAM realtime protection, and both programs load absolutely fine on startup. I have never had a single problem with either program. Maybe the next thing to try is to stop NOD32's Automatic Startup file check from running and see if that makes any difference. To do this, in NOD32, click on Setup and then enter the entire advanced setup tree. Right at the top of the tree, click on Antivirus and antispyware. Click the Setup button in Automatic Startup file check. Then uncheck all the boxes in the Objects menu and click OK. See if the computer boots up OK now. (To reverse these changes, just tick all the boxes again and click OK).

Note: In the thread here at Wilders, 'Wonkabear' said that he cured the problem by stopping Malwarebytes' startup system check. But that is actually impossible because Malwarebytes does not perform a startup system check. It just loads its realtime protection module.

EDIT: I posted before I saw AdvancedSetup's last post, so please don't forget to supply the information he asked for.

In v4.474 you open the main window and click Tools in the upper right hand corner. Click scheduler/planner in the drop down menu, and you'll see the Automatic Startup file checks. I got tired of the longer than normal bootups a while ago and assigned 5PM on Mondays for the checks. So my computer doesn't do a file check on boot up, and therefore doesn't effect MBAM starting up on boot up.

Link to post
Share on other sites
twl845

twl845

Posted
  • Author
Posted
Note: In the thread here at Wilders, 'Wonkabear' said that he cured the problem by stopping Malwarebytes' startup system check. But that is actually impossible because Malwarebytes does not perform a startup system check. It just loads its realtime protection module.

EDIT: I posted before I saw AdvancedSetup's last post, so please don't forget to supply the information he asked for.

I just contacted Wonkabear. He actually just deselected "Start with Windows" also as I did. So no help there.

Link to post
Share on other sites
marktreg

marktreg

Posted
Posted

OK, I just wanted to make sure that absolutely no 'Object' types at all were being scanned on Startup. I assume that turning it off with the Scheduler will achieve the same thing. i.e. It won't just scan operating memory instead or something. Some programs can have hidden settings which are not easy to turn off.

Could you please tell us what other icons you have in your system tray after a successful boot up? And could you also download Autoruns, save a .arn file, and attach it to your next post?

EDIT: My findings so far. On a fully updated XPSP3 system, I have installed NOD32 (AV only) v4.0474 + MBAM 1.42 with realtime protection that starts with Windows + SAS Pro v4.32.1000 as an on-demand scanner only. I have not set ANY exclusions at all in NOD32 or SAS, and I cannot re-create the problem. Both NOD32 and MBAM are running fine at startup with absolutely no problems. If I cannot re-create the problem, I'm not sure what to try next. I'm beginning to think the problem could possibly be something unrelated to a conflict between NOD32 and MBAM. So, if you can supply operating system info, a list of icons in the system tray after a successful boot up, and a .arn file from some users with this problem, I will have a look and check for similarities.

Link to post
Share on other sites
twl845

twl845

Posted
  • Author
Posted
OK, I just wanted to make sure that absolutely no 'Object' types at all were being scanned on Startup. I assume that turning it off with the Scheduler will achieve the same thing. i.e. It won't just scan operating memory instead or something. Some programs can have hidden settings which are not easy to turn off.

Could you please tell us what other icons you have in your system tray after a successful boot up? And could you also download Autoruns, save a .arn file, and attach it to your next post?

EDIT: My findings so far. On a fully updated XPSP3 system, I have installed NOD32 (AV only) v4.0474 + MBAM 1.42 with realtime protection that starts with Windows + SAS Pro v4.32.1000 as an on-demand scanner only. I have not set ANY exclusions at all in NOD32 or SAS, and I cannot re-create the problem. Both NOD32 and MBAM are running fine at startup with absolutely no problems. If I cannot re-create the problem, I'm not sure what to try next. I'm beginning to think the problem could possibly be something unrelated to a conflict between NOD32 and MBAM. So, if you can supply operating system info, a list of icons in the system tray after a successful boot up, and a .arn file from some users with this problem, I will have a look and check for similarities.

System info:

OS Name Microsoft Windows XP Home Edition

Version 5.1.2600 Service Pack 3 Build 2600

OS Manufacturer Microsoft Corporation

System Name DGW2QP51

System Manufacturer Dell Computer Corporation

System Model Dimension 4600i

System Type X86-based PC

Processor x86 Family 15 Model 3 Stepping 4 GenuineIntel ~2793 Mhz

BIOS Version/Date Dell Computer Corporation A10, 5/17/2004

SMBIOS Version 2.3

Windows Directory C:\WINDOWS

System Directory C:\WINDOWS\system32

Boot Device \Device\HarddiskVolume2

Locale United States

Hardware Abstraction Layer Version = "5.1.2600.5512 (xpsp.080413-2111)"

User Name DGW2QP51\Thomas Lonergan

Time Zone Eastern Standard Time

Total Physical Memory 1,024.00 MB

Available Physical Memory 476.55 MB

Total Virtual Memory 2.00 GB

Available Virtual Memory 1.96 GB

Page File Space 2.40 GB

Page File C:\pagefile.sys

There are 3 visible icons in the sys tray at boot up completion. Outpost firewall, NOD32, And Sandboxie in that order. the rest of my icons are inactive.

I have Autorun installed, but I don't know what an .arn file is or where to find it in Autorun. Can you steer me to it? Thanks for your continued help. :)

Link to post
Share on other sites
marktreg

marktreg

Posted
Posted

Hi twl845,

Could you please tell us what exclusions you have set in your Outpost Firewall?

Here's how to create the AutoRuns.arn file.

Please download the latest version of Sysinternals Autoruns from here.

  • Save Autoruns.exe to your desktop and double-click it to run it.
  • Once it starts, please press the Esc key on your keyboard.
  • Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures
  • Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
  • When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
  • Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the Autoruns.zip file you just created to your next reply

Link to post
Share on other sites
twl845

twl845

Posted
  • Author
Posted
Hi twl845,

Could you please tell us what exclusions you have set in your Outpost Firewall?

Here's how to create the AutoRuns.arn file.

Please download the latest version of Sysinternals Autoruns from here.

  • Save Autoruns.exe to your desktop and double-click it to run it.
  • Once it starts, please press the Esc key on your keyboard.
  • Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures
  • Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
  • When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
  • Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the Autoruns.zip file you just created to your next reply

Hi, I have MBAM, and SAS Pro and Eset.com excluded in Outpost. Here is the zip file: AutoRuns.zip

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.