Problems with anti-virus software?

[Francois_Blais]

Hi.

I recently had problems running MBAM real-time with the VIPRE 4 a/v, which I recently bought.

(yes, the exclusions were configured in VIPRE, thanks)

Yesterday, I tried the VIPRE update to no avail.

I uninstalled and tried the last v3, and had not more success.

So I installed VIPRE and got back my AVIRA Premium (9).

Same problem!

Running MBAM 1.45, by the way.

The MBAM service causes CPU spikes as soon as I do anything.

Like several other users, I'm beginning to wonder if something changed with the 1.45 upgrade.

Maybe I could downgrade to 1.44, but it'll be automatically upgraded to 1.45 at the next update.

*PLEASE*, as suggested by other users, separate the program and definition updates, so to allow us to upgrade the definitions only if we wish so.

Best regards,

Fran

[Francois_Blais]

After trying the new (1.46) release, things were not better.

I uninstalled once again, rebooted, did a MBAM-CLEAN, rebooted once again, and installed 1.44.

Et voil

[exile360]

Unfortunately newer database versions for 1.45 and 1.46 won't work with 1.44 so it can't be updated without installing the newer version of Malwarebytes' Anti-Malware.

As for troubleshooting, please do the following and I'll take a look and see if I can find the source of the issue:

Create an Autoruns Log:

• Please download Sysinternals Autoruns from here and save it to your desktop.
  
  • Note: If using Windows Vista or Windows 7 then you also need to do the following:
    
    1. Right-click on Autoruns.exe and select Properties
       
    2. Click on the Compatibility tab
       
    3. Under Privilege Level check the box next to Run this program as an administrator
       
    4. Click on Apply then click OK
       

  [*]Double-click Autoruns.exe to run it.

  [*]Once it starts, please press the Esc key on your keyboard.

  [*]Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures

  [*]Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.

  [*]When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.

  [*]Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder

  [*]Attach the Autoruns.zip folder you just created to your next reply

Thanks

[Francois_Blais]

Thanks.

I'll proceed with this tonight when I'm back home.

Best egards,

Fran

[Francois_Blais]

Additional question:

Do you want me to upgrade to 1.46 before running Autoruns ?

Regards,

Fran

[exile360]

It doesn't matter, what I need to see are the other drivers, processes and services that run at startup to see if there's anything that stands out that might be causing MBAM to hang up when it's running.

[Francois_Blais]

Thanks.

Please note it doesn't hang up though.

It's just using too much CPU resources. (and somewhat more RAM too; a little above 50MB against around 40MB for 1.44)

Regards,

Fran

[whatmeworry?]

I recently started to use a program called Process Lasso Pro, which will temporarily reduce the priority of a process that is using too much CPU. The idea is to prevent the computer from freezing or other programs being unable to run. Process Lasso is continually reducing the priority of mbamservice.exe--every minute or so, it temporarily reduces its priority for a few seconds, claiming that mbamservice "may have been affecting system responsiveness." I'm running MBAM Pro version 1.46. I only recently started to use Process Lasso, so I don't know whether earlier versions of MBAM also caused Process Lasso to respond this way; the Process Lasso logfile records only today's activity. I should note that I don't have a problem with this, but I thought I'd provide some input related to Fran

[Francois_Blais]

Thanks for your feedback.

I know I'm not alone with this problem.

(IMHO, 1.46 was rushed out of the door too quickly, but that's another thing. I downloaded the beta, and the next day the beta was closed and 1.46 released)

I understand there were more important issues to fix quickly for customers, so I guess there may be a 1.47 release in the not so far future...

Regards,

Fran

[Francois_Blais]

Ok.

So here's the autoruns.arn file you requested.

Thanks in advance!

Fran

AutoRuns.zip

[exile360]

Hello again

Please do the following:

Delete Autostart Entries Using Autoruns:

Please open Autoruns.exe again and allow it to perform its scan. Once it finishes please proceed with the following:

• Click on the Services tab and right click each of the following entries and select Delete:
  
  
  
  
  
  • a2Cmd
    

  [*]Click on the Drivers tab and right click each of the following entries and select Delete:

  
  
  • ASFWHide
    
  • BOCDRIVE
    
  • CPQSETUP.SYS
    
  • KernelHooks
    
  • MEMSWEEP2
    
  • NTGUARD
    
  • Profos
    
  • SBRE
    
  • SymIM
    
  • SymIMMP
    
  • Trufos
    

  [*]Once that is complete, restart your computer.

Let me know if it helps.

Thanks

[Francois_Blais]

Hi again.

Sorry but no, it didn't help.

After that, I deleted all the other drivers showing "file not found", rebooted, but it didn't help either.

I'm attaching what Process Explorer displays for mbamservice.

(I was doing light web surfing then)

Thanks again,

Fran

[Francois_Blais]

Additional info:

I found out that temporarily disabling AVAST or XP's firewall didn't change anything to the CPU usage.

Also please note that *IP blocking was disabled* during the test.

Question:since the database was modified (compressed?), maybe MBAM needs more resources to uncompress it when it scans files and processes?

Just a shot in the dark.

[1PW]

Hello Fran

[Francois_Blais]

Thanks, 1PW.

Undiagnosed malware?

I ran three anti-virus programs lately, doing scans every night and am also scanning with MBAM.

(the AV programs were tested one at a time, removing the other each time)

Without MBAM real-time, I don't get all that funky CPU activity.

If it's malware, MBAM and the AVs are not detecting it.

Best regards,

Fran

[exile360]

Please attach another Autoruns log. Honestly, you really should not have deleted any other driver entries as I know of several that always show File not found, even though they are a default part of Windows.

Thanks

[Francois_Blais]

Thanks.

Here's the new log.

Regards,

Fran

AutoRuns.zip

[exile360]

Disable Autostart Entries Using Autoruns:

Please open Autoruns.exe again and allow it to perform its scan. Once it finishes please proceed with the following:

• Click on the Scheduled Tasks tab and click the checkbox on the left side of each of the following so that they are unchecked:
  
  
  
  
  
  • Auslogics Boost Speed Disk Defrag Console Defragmentation.job
    

  [*]Once that is complete, restart your computer.

Let me know if it helps or not.

Thanks

[Francois_Blais]

Thanks Samuel.

This is not a resident software.

It's a hard disk defragger, which I run in the middle of the night, everyday.

Do you still want that I try that?

Appears useless to me.

Bst regards,

Fran

[exile360]

Ah, I see. I thought it was running at boot, you can skip it then. I'm honestly at a loss. I can't replicate this behavior on any of my own machines and I can't see anything on your machine that I know of that might cause this behavior. The only items I see unique to your system would be the Microsoft entries for alternate language input that run at startup. They shouldn't cause this but it's worth a try:

Disable Autostart Entries Using Autoruns:

Please open Autoruns.exe again and allow it to perform its scan. Once it finishes please proceed with the following:

• Click on the Logon tab and click the checkbox on the left side of each of the following so that they are unchecked:
  
  
  
  
  
  • IMEKRMIG6.1
    
  • IMJPMIG8.1
    
  • MSPY2002
    
  • PHIME2002A
    
  • PHIME2002ASync
    

  [*]Once that is complete, restart your computer.

If that does not help, then open Autoruns again and re-check those entries to re-enable them, then click on the Logon tab and uncheck the following:

• boinctray
  
• Gestionnaire de t

[Francois_Blais]

I'll try that tonight, thanks.

Maybe SansaDispatch is the culprit.

(Sansa is my MP3 player, which I bought recently)

I also installed iTunes for my GF's iPod recently.

iTunes also installs three services: applemobiledeviceservice, Bonjour and ipodservice.

Maybe I could uncheck them too, if the other tests fail.

[Francois_Blais]

Update:

Nothing helped, unfortunately.

I went further, disabled as much as I could, leaving a very minimal Windows, and MBAM real-time still uses much too CPU resources.

That old PC is going to run Linux anyway in the next days.

I'll try the next releases of MBAM when they come out, but for the moment this case is closed unresolved.

When I get a newer machine, I'll see how it goes.

Thanks for the help,

Fran

[whatmeworry?]

I posted earlier about Process Lasso's continually having to restrain MBAM because it uses too much CPU. For the heck of it, I closed Process Lasso and ran AnVir Task Manager Pro. I asked it to inform me when it had to restrain a process because the CPU use was excessive. Sure enough, a pop-up kept informing me that MBAM's CPU usage was excessive. Those programs only rarely found this problem with other processes, just with MBAM, more specifically with mbamservice.exe.

I'm posting this message merely to say that Fran

[Francois_Blais]

Thanks for your support, whatmeworry?.

As I said somewhere I had no problem with 1.44.

This CPU thing began with 1.45, and is still there today.

Regards,

Fran

[greyowl]

I have also noticed these consistent spikes in CPU useage with MBAM. My defrag program is set to work when the computer is idle, but since MBAM 1.46, it never works because the CPU usage is never down for any period of time.