Jump to content

Recommended Posts

I am using the free version on my personal computer. I have just upgraded to 1.46

I now find that if I do a quick scan it works OK at first but once it gets to a particular filesystem object it stops making progress.

The filesystem object is

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini

The scan elapsed time counter continues to tick up and the process continues to use CPU but the currently scanning text stops changing.

If I then abort the scan I get this in the log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4063

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

04/05/2010 11:13:30

mbam-log-2010-05-04 (11-13-30).txt

Scan type: Quick scan

Objects scanned: 14830

Time elapsed: 17 minute(s), 30 second(s)

...

The scan appears never to finish: I have left it for an hour with no further progress. I have tried a clean install with no change.

I have no reason to suspect any infection. I have not noticed any symptoms and Avast! scans my system as clean.

Can anyone help? Are there any more diagnostics I should try?

Thanks

Link to post
Share on other sites

Time elapsed: 17 minute(s), 30 second(s)

If you let the scan continue will this timer also continue to 1 hour or more - Or will it get to a stage that the actual "scan timer" ends -

You can let it continue in the background while doing other things if you wish - Or do you still have a log that ran for 1 hour -

Also will the number of items scanned change if left to run longer -

The length of time of a scan can be + or - 10 mins . This is normal -

Thank You - :lol:

Link to post
Share on other sites

If you let the scan continue will this timer also continue to 1 hour or more - Or will it get to a stage that the actual "scan timer" ends -

You can let it continue in the background while doing other things if you wish - Or do you still have a log that ran for 1 hour -

Also will the number of items scanned change if left to run longer -

The length of time of a scan can be + or - 10 mins . This is normal -

Thank You - :lol:

After my post I set the quick scan going again. It is now up to 1 hour 35 minutes. As before, it got to the specified file and then the count of objects stopped incrementing, and the "currently scanning" stopped changing. It is still running, if there is some other diagnostic worth trying...

Link to post
Share on other sites

Just to confirm - here is my latest log (taken after abort scan pressed).

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4063

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

04/05/2010 14:30:55

mbam-log-2010-05-04 (14-30-55).txt

Scan type: Quick scan

Objects scanned: 14835

Time elapsed: 2 hour(s), 11 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Please do the following to see if it fixes the issue:

Run a Disk Check on your C: drive in Windows XP:

  • Click Start and open My Computer
  • Right-click on C: and select Properties
  • Click on the Tools tab
  • Under Error-checking click the Check Now... button
  • Mark the box next to Automatically fix file system errors and Scan for and attempt recovery of bad sectors
  • When the message box pops up, click the Schedule disk check button and restart your computer
  • Once your computer restarts it will check the drive, don't press any keys so that it is allowed to do so.

Once that's done, try scanning with Malwarebytes' again and let me know if it still freezes. Thanks :lol:

Link to post
Share on other sites

Run a Disk Check on your C: drive in Windows XP:

...

Once that's done, try scanning with Malwarebytes' again and let me know if it still freezes. Thanks :angry:

Thanks for the suggestion.

The Disk Check completed without any obvious errors.

The Quick Scan still exhibits the same behaviour. It gets to the same file and stops making progress. It's not exactly frozen in that it is still consuming some CPU and counting up in time and will abort if I press the button. But it's not moving on to the next object.

Link to post
Share on other sites

Greetings :angry:

Please do the following:

Right-click on your desktop and hover your mouse over New and click on Folder and name your new folder Storage then do the following:

Show Hidden Files and Folders in Windows XP:

  • Click Start and select My Computer
  • Click the Tools item from the menu at the top of the window (if you don't see Tools press the Alt key on your keyboard and it will appear)
  • Select Folder Options
  • Click the View tab and make sure Show hidden files and folders is selected under Hidden files and folders
  • Next, uncheck the box next to Hide protected operating system files (Recommended)
  • Then, uncheck the box next to Hide extensions for known filetypes
  • Click Apply then click OK

Once that's done navigate to C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup and move the file desktop.ini to the Storage folder you created on your desktop.

Once that's complete, run a scan with Malwarebytes' Anti-Malware and see if it still stops or not. If it doesn't, then go ahead and move desktop.ini back to C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup and delete the Storage folder from your desktop and try another scan with Malwarebytes' Anti-Malware to see if it still stops on that file.

Reset Hidden Files and Folders in Windows XP:

  • Click on Start
  • Click Start and select My Computer
  • Click the Tools item from the menu at the top of the window (if you don't see Tools press the Alt key on your keyboard and it will appear)
  • Select Folder Options
  • Click the View tab and make sure Do not show hidden files and folders is selected under Hidden files and folders
  • Next, check the box next to Hide protected operating system files (Recommended)
  • Then, check the box next to Hide extensions for known filetypes
  • Click Apply then click OK

Please let me know how it goes.

Thanks :D

Link to post
Share on other sites

Yes, go ahead and empty the recycle bin. Hopefully that will be the last location it gets stuck on. If it still locks up on any file then please exclude the following files from your antivirus software's realtime protection:

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude them from it as well

For Windows XP:

  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\mbamswissarmy.sys

Please let me know if the issue is resolved or not.

Thanks :angry:

Link to post
Share on other sites

Emptying the recycle bin did not help - the scan went back to stopping on desktop.ini

My Antivirus program is Avast

I added the exclusions to the "File System Shield" -> Expert Settings -> Exclusions

This does not seem to have helped. The scan still stops on desktop.ini

Link to post
Share on other sites

I couldn't think of any software in particular.

I tried running in Safe Mode - the scan completed in 10 minutes 32 seconds with nothing found.

I tried again in normal mode, this time with Avast real time protection disabled. Scan got stuck again.

I have used Process Explorer to list all the processes running and attached the text file.

Are there any there that look like they might be the problem?

Procexp.txt

Link to post
Share on other sites

I decided to use sysinternals process monitor to see if I could see what mbam is doing.

Attached are the events it picks up once mbam has got "stuck": they look to me like mbam is in some sort of loop recursing through an incorrect hierarchy of user directories.

Hope this helps

events.txt

Link to post
Share on other sites

Hello again :angry:

Thanks for the logs. I believe UAService7.exe may be the problem. Securom can often interfere with scans used by antivirus and anti-malware softwares when they are checking for rootkits. Try ending the process and if that doesn't work then please do the following:

Create an Autoruns Log:

  • Please download Sysinternals Autoruns from here and save it to your desktop.
    • Note: If using Windows Vista or Windows 7 then you also need to do the following:
      1. Right-click on Autoruns.exe and select Properties
      2. Click on the Compatibility tab
      3. Under Privilege Level check the box next to Run this program as an administrator
      4. Click on Apply then click OK

    [*]Double-click Autoruns.exe to run it.

    [*]Once it starts, please press the Esc key on your keyboard.

    [*]Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code Signatures

    [*]Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.

    [*]When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.

    [*]Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder

    [*]Attach the Autoruns.zip folder you just created to your next reply

Thanks :D

Link to post
Share on other sites

Hello again :angry:

Delete the attachment of the previous Autoruns.zip file you uploaded by clicking My Controls at the top of the forum page and then clicking Manage Your Attachments on the left.

Then delete the Autoruns.arn and Autoruns.zip files from your desktop and run Autoruns again to create another Autoruns log, but this time click on Options and uncheck Include Empty Locations and then press F5 on your keyboard and wait until it says Ready. on the lower left corner of the Autoruns window before saving your new log. Once the new log is saved, zip and attach it to your next reply.

Thanks :D

Link to post
Share on other sites

Thanks for the new log :angry:

Please do the following to see if it corrects the issue, if it does please let me know:

  • Please copy and paste the following text in the Code box exactly as written into notepad (not wordpad or any other text editor):
    @echo off
    net stop Spooler
    if exist "%programfiles(x86)%" "%programfiles(x86)%\Malwarebytes' Anti-Malware\mbam.exe"
    if not exist "%programfiles(x86)%" "%programfiles%\Malwarebytes' Anti-Malware\mbam.exe"
    net start Spooler
    exit


  • Once you've done that click on File and select Save As...
  • In the Save dialogue box click on the drop down menu next to Save as type and select All Files
  • Name the file MBAM Scan.bat (the .bat extension is very important)
  • Save the file to your desktop and double click it to run it.
  • When Malwarebytes' Anti-Malware opens, perform your scan, once Malwarebytes' Anti-Malware is closed you'll be able to use your printer once more.
    • Note: If running Windows Vista or Windows 7 you must right-click the file and select Run as administrator for it to work properly.

If that does not work then try the following:

Disable a Service on XP:

  • Click on Start and click Run
  • In the run box type services.msc and press Enter
  • Once the Services window opens, scroll down the list until you find the SecuROM User Access Service (V7) and double click on it
  • Click the Stop button to stop the service from running, then click the drop down menu next to Startup Type and select Disabled
  • Click the Apply button and click on Ok
  • Close the Services control panel

Now try scanning again and if it still locks up then proceed to the next option:

Uninstall Programs:

  • Click on Start and select Control Panel
  • Open Add/Remove Programs
  • Uninstall the following if found:



    • Daemon Tools



Reboot if the uninstaller requests you to do so and then try another scan with Malwarebytes.

Please let me know which, if any, of the above options worked for you.

Thanks :D

Link to post
Share on other sites

Thanks for your patience in helping us troubleshoot this.

No problem - I quite enjoy it - at least now I think I'm not infected at the minute.

I also tried stopping the JQS service - but no help

I also have another procmon trace which shows what mbam is doing immediately before it starts looping.

Hopefully this might be helpful.

Logfile.zip

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.