Some types of malware will disable Malwarebytes Anti-Malware and other security tools. If MBAM will not install, try renaming
- Right-click on the mbam-setup.exe file file and rename it to mysetup.exe.
- Double-click on mysetup.exe to start the installation.
- If that did not work, then try renaming and changing the file extension. <- click this link if you do not see the file extension
- Right-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.
- Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.
If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.
If using Windows Vista, refer to How to Change a File Extension in Windows Vista.Note: MBAM uses Inno Setup instead of the Windows Installer Service to install the program. If installation fails in normal mode, try installing and scanning in safe mode. Doing this is usually not advised as MBAM is designed to be at full power when running in normal mode and loses some effectiveness for detection & removal when used in safe mode. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM. Therefore, after completing a scan it is recommended to uninstall MBAM, then reinstall it in normal mode and perform another Quick Scan.
- Right-click on mbam.exe, rename it to myscan.exe.
- Double-click on myscan.exe to launch the program.
- If that did not work, then right-click on the file and rename it to winlogon.exe.
- If that still did not work, then try renaming and change the .exe extension in the same way as noted above.
- Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.
ati2evxx.exe is a process related to ATI Display Adapters that provides additional configuration options for these devices and can be disabled. Read here
is a generic host
process name for a group of services that are run from dynamic-link libraries (DLLs) and can run other services underneath itself. This is a valid system process that belongs to the Windows Operating System which handles processes executed from .dll's
. It runs from the registry key, HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost where details of the services running under each instance of svchost.exe can be found. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. It is not unusual for multiple instances of Svchost.exe running at the same time
in Task Manager
in order to optimize the running of the various services.
svchost.exe SYSTEM (there can be more than one listed
svchost.exe LOCAL SERVICE
svchost.exe NETWORK SERVICE (there can be more than one listed
Each Svchost.exe session can contain a grouping of services, therefore, separate services can run, depending on how and where Svchost.exe is started. This grouping of services permits better control and easier debugging. The process ID's (PID's) are not static and can change with each logon but generally they stay nearly the same because they are running services all the time. The PID's must be checked in real time to determine what services each instance of svchost.exe is controlling at that particular time.
Determining whether a file is malware or a legitimate process sometimes depends on the location
(path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file like svchost.exe. However, it then places itself in a different location on your computer. Another techinique is for the process to alter the registry and add itself as a Startup program
so that it can run automatically each time the computer is booted. In XP, the legitimate Svchost.exe file is located in your C:\WINDOWS\system32\
Other legitimate copies can be found in the following folders:
If svchost.exe is running as a startup (shows in msconfig), it can be bad as shown here
. Make sure the spelling
is correct. If it's scv
host.exe, then your dealing with a Trojan
There are several ways to investigate and see what services a Svchost.exe process is controlling:Note: Process Explorer shows two panes by default: the upper pane is always a process list and the bottom pane either shows the list of DLLs loaded into the process selected in the upper pane, or the list of operating system resource handles (files, Registry keys, synchronization objects) the process has open. In the menu at the top select View > Lower Pane View to change between DLLs and Handles.
Tools to investigate running processes and gather additional information to identify them and resolve problems:These tools will provide information about each process, CPU usage, file description and its path location If you right-click on a file and select properties, you will see more details.