Jump to content

version 1.50 doesn't complete heuristic scan

adeena
 Share

Recommended Posts

adeena

adeena

Posted
Posted

version 1.50 doesn't complete heuristic scan

program takes hours (+) to scan this section while the Task Manager shows that the process is not responding for long periods of time.

using the free version on xp sp3, sep 11.6.1 client for av

appreciate your assistance.

Link to post
Share on other sites
Firefox

Firefox

Posted
Posted

Please exclude the following files from your antivirus:

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude them from it as well

For Windows XP:

  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\mbamswissarmy.sys

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude MBAM.EXE from it as well

Note: Once that's done, please make sure that if either of those programs has any sort of web filter, that you add the following as a trusted site: 

data-cdn.mbamupdates.com

The FAQ contains examples of setting file exclusions for some known AV products

Please post back and let us know how it went.

Link to post
Share on other sites
adeena

adeena

Posted
  • Author
Posted
Please exclude the following files from your antivirus:

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude them from it as well

For Windows XP:

  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\mbamswissarmy.sys

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude MBAM.EXE from it as well

Note: Once that's done, please make sure that if either of those programs has any sort of web filter, that you add the following as a trusted site: 

data-cdn.mbamupdates.com

The FAQ contains examples of setting file exclusions for some known AV products

Please post back and let us know how it went.

I will do so in the morning, however I forgot to mention that Malwarebytes scans (including the heuristic) worked just fine on my workstation as of a couple of weeks ago with version 1.46. I uninstalled , restarted and reinstalled 1.46 but was upgraded to 1.5 automatically. I don't think that the issue is with the Firewall though I will of course follow your instructions. I think that the new version 1.5 might be the issue. With this version, the other scans (seem to) work (memory, disk) when I unselect the heuristic option in Settings. Any ideas regarding this specific issue other than the Firewall recommendations?

Thanks again

Link to post
Share on other sites
adeena

adeena

Posted
  • Author
Posted

The scan of additional items using Heuristic analysis took 10 hours to complete. The scan found one registry key to remove which required a restart. After restart, I tuned of the firewall altogether and started a new quick scan. The same issue with Not Responding on the anti-malware bytes process is occuring and I have left the scan to continue. I am attaching a print screen from the workstation during the scan showing the task manager. The document also has a copy to the mbam log after the 10 hour scan completed.

thanks

mbam_scan_1_02122010.pdf

Link to post
Share on other sites
Joe M

Joe M

Posted
Posted
Please exclude the following files from your antivirus:

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude them from it as well

For Windows XP:

  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  • C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  • C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  • C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  • C:\Windows\System32\drivers\mbam.sys
  • C:\Windows\System32\drivers\mbamswissarmy.sys

FYI: The FAQ (for Norton at least) does not include rules.ref or any of the three DLLs.

Joe M

Link to post
Share on other sites
noknojon

noknojon

Posted
Posted
installed with some real estate forms application in 2005.
Hi Joe M -

If you would like to fully uninstall and reinstall a fresh copy of the program , you can follow these directions -

To Fully Remove and Reinstall a Fresh New Copy of Malwarebytes - Read Carefully

Windows XP:

  • Click on Start and select Control Panel
  • Open Add/Remove Programs
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important !
  • Download and run mbam-clean.exe from ->Here
  • It will ask to restart your computer, please allow it to do so, very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from ->Here

Note: You will need to reactivate the program using the license you were sent via email if using the Paid version only

Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.

Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now reset any file exclusions as may be required in your

Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications.

You may use the guides posted in the FAQ's here or ask me and I'll explain how to do it.

Thank You - :D

EXTRA -

Although the Heuristics item has been added as standard , there are cases where it may be disabled to correct problems after installing -

(from Expert exile360)

Please try the following to see if it corrects the issue:

Link to post
Share on other sites
Joe M

Joe M

Posted
Posted
Hi Joe M -

If you would like to fully uninstall and reinstall a fresh copy of the program , you can follow these directions -

...

Please post back with any results.

Thanks, but I don't want to uninstall/reinstall and after following suggestions in this thread I don't believe I need to.

Full scan was running very slowly. I gave up after 10 hours. The adding the AV exceptions listed in the FAQ did not help. Adding the extra files mentioned by Firefox helped greatly. Full scan finished in about 2 1/2 hours.

My guess is that if zlib.dll is no longer included in the install package, then mbam.exe is no longer using it. I don't believe that it would expect to find it already installed in Windows. My copy was installed long before I touched MalwareBytes.

It would be nice if the FAQ was updated to include the full exception list.

Joe M

Link to post
Share on other sites
adeena

adeena

Posted
  • Author
Posted

The second quick scan after restart also took more than 10 hours with the firewall on my workstation turned off and IPS turned off. I will try to suggestion to remove the shrinken engine for heuristic scan. There were no problems found with the second scan.

Thanks

Log from second scan:

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5232

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

02/12/2010 22:11:17

mbam-log-2010-12-02 (22-11-17).txt

Scan type: Quick scan

Objects scanned: 269351

Time elapsed: 10 hour(s), 25 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

The scan of additional items using Heuristic analysis took 10 hours to complete. The scan found one registry key to remove which required a restart. After restart, I tuned of the firewall altogether and started a new quick scan. The same issue with Not Responding on the anti-malware bytes process is occuring and I have left the scan to continue. I am attaching a print screen from the workstation during the scan showing the task manager. The document also has a copy to the mbam log after the 10 hour scan completed.

thanks

Link to post
Share on other sites
noknojon

noknojon

Posted
Posted

@ adeena -

That log , posted today, is with a very outdated version Database version: 5232 from 02/12/2010 -

Please do a manual update as Version 5247 is current as I type this -

My XP SP3 (with all M/soft updates) only takes a maximum of just over 1 hour on a bad day for a full scan and 10 mins for a quick scan -

If you have CCleaner , or ATF installed please run these programs first , or you are scaning outdated and built up temp files also -

Links to both of these programs are in my "live signature" - If you want instructions for these programs , please post back -

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5245

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

5/12/2010 9:50:35 AM

mbam-log-2010-12-05 (09-50-35).txt

Scan type: Quick scan

Objects scanned: 148200

Time elapsed: 8 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Note : Heuristics is enabled also - My other security items are also listed below -

Link to post
Share on other sites
Joe M

Joe M

Posted
Posted
The second quick scan after restart also took more than 10 hours with the firewall on my workstation turned off and IPS turned off. I will try to suggestion to remove the shrinken engine for heuristic scan. There were no problems found with the second scan.

...

I got tremendous speed improvement by making the suggested exclusions in my anti-virus software. I made no changes to the firewalland do not have separate intrusion protection software. Did you tell your AV software about the files to exclude? Your post doesn't mention AV specifically.

Link to post
Share on other sites
adeena

adeena

Posted
  • Author
Posted

The scan without the Shiruken option still took 10 + hours. I think that we have narrowed it down since a scan without any heurstic engine behaved normally.

Other than firewall rules, are there other options to investigate? The version 1.46 did not have this issue.

Thanks.

Here is the latest scan (minus Shiruken option):

Database version: 5232

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

05/12/2010 22:31:21

mbam-log-2010-12-05 (22-31-21).txt

Scan type: Quick scan

Objects scanned: 270140

Time elapsed: 10 hour(s), 22 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Link to post
Share on other sites
adeena

adeena

Posted
  • Author
Posted
I got tremendous speed improvement by making the suggested exclusions in my anti-virus software. I made no changes to the firewalland do not have separate intrusion protection software. Did you tell your AV software about the files to exclude? Your post doesn't mention AV specifically.

Sorry I just saw your post regarding making changes to the AV (not firewall, not IPS). I will do so and see what happens.

Thanks again

Link to post
Share on other sites
adeena

adeena

Posted
  • Author
Posted

1. Regarding the out-of-date dec. 2 database signature. Yes I posted on Dec. 5 but I ran the scan on Dec. 2 and the log is from 10 hours later on the same day. Therefore the database signature was valid for Dec. 2 when the scan was run (though perhaps during the course of the scan other updated signatures were available). It was a great idea, but my late posting explains the discrepancy.

2. I checked my firewall and IPS definitions and the newly installed firewall is running on a permissive setting and all applications are permitted (wildcard * allowed).

3. I checked the anti-virus scanner (Symantec) exclusions option and the only way to exclude from the real-time scanner is by file extension not by file path or file name, so I don't have the option of excluding the mbam related .exe and .dll files.

I appreciate all the helpful suggestions.

If there are any other ideas, I would be grateful. I have used Anti-MalwareBytes very successfuly until now and hope to be able to continue to do so. It might be that there is some other problem with the O/S or patch level on my workstation ?

The problem is clearly specific to my workstation.

Thanks in advance!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.