Jump to content

MBAM took almost 4 hours to a full scan!?!?!?!?!?


Guest Isaac

Recommended Posts

Ok, I did a full scan cuz I had been running some malware on my comp and wanted to make sure it was gone. Quick scans are very fast, but this full scan took almost 4 hours to scan!!!! Here's the mbam log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4449

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/19/2010 10:48:37 PM

mbam-log-2010-08-19 (22-48-37).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|)

Objects scanned: 515725

Time elapsed: 3 hour(s), 49 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 7

Registry Values Infected: 2

Registry Data Items Infected: 1

Folders Infected: 4

Files Infected: 22

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.EvidenceEraser) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f3fee66e-e034-436a-86e4-9690573bee8a} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{f3fee66e-e034-436a-86e4-9690573bee8a} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f3fee66e-e034-436a-86e4-9690573bee8a} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f3fee66e-e034-436a-86e4-9690573bee8a} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\EvidenceEraser (Rogue.EvidenceEraser) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\EvidenceEraser (Rogue.EvidenceEraser) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\YouTube Downloader Toolbar\FF\components\youtubedownloaderToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f3fee66e-e034-436a-86e4-9690573bee8a} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ODBCJET.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:

C:\Documents and Settings\Isaac\Application Data\EvidenceEraser (Rogue.EvidenceEraser) -> Quarantined and deleted successfully.

C:\Documents and Settings\Isaac\Application Data\EvidenceEraser\Log (Rogue.EvidenceEraser) -> Quarantined and deleted successfully.

C:\Documents and Settings\Isaac\Application Data\EvidenceEraser\Registry Backups (Rogue.EvidenceEraser) -> Quarantined and deleted successfully.

C:\Documents and Settings\Isaac\Application Data\EvidenceEraser\Settings (Rogue.EvidenceEraser) -> Quarantined and deleted successfully.

Files Infected:

C:\Documents and Settings\Isaac\Desktop\setup.exe (Rogue.EvidenceEraser) -> Quarantined and deleted successfully.

C:\Documents and Settings\Isaac\Desktop\av10_setup_Platinum.exe (Rogue.AVSecuritySuite) -> Quarantined and deleted successfully.

C:\Program Files\Adventure Maker v4.5.2\Data\pic452.bmp (Extension.Mismatch) -> Quarantined and deleted successfully.

C:\Program Files\YouTube Downloader Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

C:\Program Files\YouTube Downloader Toolbar\FF\components\youtubedownloaderToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-448539723-1606980848-1343024091-1004\Dc108\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-448539723-1606980848-1343024091-1004\Dc109\Installr\4.bin\F3EZSETP.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{C55AB145-68B2-4B40-92D5-4631CFCE1791}\RP134\A0146038.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{C55AB145-68B2-4B40-92D5-4631CFCE1791}\RP138\A0146430.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

E:\Old_Program_Files\Adventure Maker v4.4.0\Data\pic440.bmp (Extension.Mismatch) -> Quarantined and deleted successfully.

E:\Old_Program_Files\Adventure Maker v4.5.2\Data\pic452.bmp (Extension.Mismatch) -> Quarantined and deleted successfully.

C:\Documents and Settings\Isaac\Application Data\EvidenceEraser\Log\2010 Aug 19 - 05_10_15 PM_473.log (Rogue.EvidenceEraser) -> Quarantined and deleted successfully.

C:\Documents and Settings\Isaac\Application Data\EvidenceEraser\Log\2010 Aug 19 - 05_10_17 PM_015.log (Rogue.EvidenceEraser) -> Quarantined and deleted successfully.

C:\Documents and Settings\Isaac\Application Data\EvidenceEraser\Log\2010 Aug 19 - 05_10_18 PM_637.log (Rogue.EvidenceEraser) -> Quarantined and deleted successfully.

C:\Documents and Settings\Isaac\Application Data\EvidenceEraser\Log\2010 Aug 19 - 05_32_10 PM_393.log (Rogue.EvidenceEraser) -> Quarantined and deleted successfully.

C:\Documents and Settings\Isaac\Application Data\EvidenceEraser\Settings\CustomScan.stg (Rogue.EvidenceEraser) -> Quarantined and deleted successfully.

C:\Documents and Settings\Isaac\Application Data\EvidenceEraser\Settings\IgnoreList.stg (Rogue.EvidenceEraser) -> Quarantined and deleted successfully.

C:\Documents and Settings\Isaac\Application Data\EvidenceEraser\Settings\ScanInfo.stg (Rogue.EvidenceEraser) -> Quarantined and deleted successfully.

C:\Documents and Settings\Isaac\Application Data\EvidenceEraser\Settings\SelectedFolders.stg (Rogue.EvidenceEraser) -> Quarantined and deleted successfully.

C:\Documents and Settings\Isaac\Application Data\EvidenceEraser\Settings\Settings.stg (Rogue.EvidenceEraser) -> Quarantined and deleted successfully.

C:\Documents and Settings\Isaac\Application Data\chrtmp (Malware.Trace) -> Quarantined and deleted successfully.

Note that only 2 of the drives scanned actually contained anything. My hard drive and a backup from the previous OS I was running.

Link to post
Share on other sites

  • Root Admin

1/2 a million objects were scanned. The time it takes to do a full scan depends on the hardware and the amount of files, folders, and registry entries it has to scan. I don't see anything wrong with the reported time. Often FULL scans from some Anti-Virus products can take 8 hours or more to scan which again is normal in many cases.

Link to post
Share on other sites

Isaac,

What Ron stated is spot on.

Your MBAM scan was a good investement. But ..... the log showed you had one hijacker & 2 rogues.

I'd add a suggestion for you to do an online scan (first disable your antivirus, then scan).

Do one at Kaspersky

Kaspersky Webscan Online Virus Scanner

btw, the time Kaspersky will take is -also- a good investment. It will take several hours too.

Better to do it for some peace of mind.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.