Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop very slow after 1 hr. Mbam locks up during scan...


  • Please log in to reply
1 reply to this topic

#1 westek12

westek12

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:58 PM

Posted 14 October 2010 - 01:38 AM

Dear BC,

Many thanks for all the times that you have indirectly helped me in the past via reading your forums. Unfortunately, this time I am in need of your valuable time and specific assistance.

The affected Laptop is a HP Pavilion ZV5000 Series, P4, 3.2GHz using XP SP3.

History of symptoms and events leading up to this request:

1. Approx. 2-3 weeks ago my hotmail account was hijacked and was sending spam to all of my contacts. I also noticed that my laptop was not performing well (i.e., running slow after an hour or two of use, touchpad would resist movement commands, etc.).

Actions taken:

  • I deleted all of my contacts on that email account and opened a gmail account for all of my contacts and personal email.
  • I opened and 1st tried to update the Mbam (Malwarebytes) database before scanning. Every scan attempt failed with an "Error: .... 732 (0,0)" Message, even in Safe-Mode. Sorry but I did not log down this error but clearly remember the error code was 732 (0,0).
  • Avast AV scans were/are of no help.
2. After googling the 732 (0,0) error I uninstalled Mbam, restarted, ran Mbam cleaner, restarted, downloaded the latest version of Mbam, ran it and still it would not update its database. Repeating the process (even in safe mode) provided no solution. After reading a forum suggesting that re-registering Mbam after reinstalling the latest (Software) version would solve this problem I tried that and lo-and-behold I could now update Mbam’s malware definitions database.

3. Then, Mbam would lock-up after 4 minutes of scanning. At this stage each scan would freeze when scanning this file “c\windows\system32\msiexec.exe”. I ran multiple Mbam scans and it always locked up at this file/point after the same amount of scan time.

3a. This error would read, “ Malwarebytes Anti-Malware has encountered a problem and needs to close.” Etc.

Posted Image


3b. After sending the error report to MS the frozen Mbam window would remain on my desktop then I would get a similar error stating, “DrWatson Postmortem Debugger has encountered a problem and needs to close

Posted Image


After sending that error report to MS I was still left with the frozen Mbam window.

4. The only way that I could close the frozen Mbam window was to open the taskmanager and end 1 of the 2 drwtsn32.exe processes. Any attempt to end the mbam.exe process directly (or if I picked the wrong drwtsn32.exe process), was a non-result.

Posted Image


I apologize in advance if my next actions were stupid. They were done out of mix of desperation, ignorance and hope.



5. 2 days ago I ran ComboFix, following instructions laid out by your staff for another member. I no longer have that link. I only ran Combofix and did not attempt to remove, modify or repair any other files. I just let ComboFix do its thing. The results were inconclusive.

6. This evening I ran across your article on using rkill to exorcise the Antivirus 2010/Security Tool scareware/malware at http://download.bleepingcomputer.com/grinler/rkill.com and ran it per the step-by-step instructions provided. However, when I attempted step 12.,

“12. Once the file has been downloaded, open the C:\program files\Malwarebytes' Anti-Malware\ folder and double-click on the file you downloaded in step 14*. MBAM will now start and you will be at the main program screen as shown below.”

[ *Member Side Note: I believe that step 12 should state, “Once the file has been downloaded, open the C:\program files\Malwarebytes' Anti-Malware\ folder and double-click on the file you downloaded in step 11*. MBAM will now start and you will be at the main program screen as shown below.”]


MBAM would not start and I would get this error:

“The setup files are corrupted. Please obtain a new copy of the program

Posted Image


I repeated this process twice with the same results.

7. Having failed step 12 of the rkill process I went ahead and ran Mbam using the default mbam.exe file also installed in the C:\program files\Malwarebytes' Anti-Malware\ folder.

After sucessfully updating, Mbam now runs over 6 minutes and consistently locks up on this file:

“c\windows\system32\MSIMRT.DDL"

Posted Image


I have run Mbam 3 more times and the results are the same.


I have also kept all combofix, hijackthis and rkill logs if you need them.


Any help or enlightenment would be greatly appreciated.


Thank you,

Westek12

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:58 PM

Posted 15 October 2010 - 11:39 AM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic. Please be sure to include a description of your computer issues and what you have done to try to resolve them.


If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users