Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Malwarebytes skips files when scanning

  • Please log in to reply
2 replies to this topic

#1 herg62123


  • Members
  • 553 posts
  • Gender:Male
  • Location:Montgomery, AL
  • Local time:11:35 PM

Posted 03 June 2011 - 11:37 PM

my problem is this:

i run malwarebytes free version on my pc once every 2 to 3 days to make sure my pc is clean. prior to about 2 days ago malwarebytes scanned normal until i found spyware on my pc (listed below from mbam log files), but now as i watch it scan the files i see it scan funny to me. is it my imagination or not.

when i first start the scan it scans a few files but then it jumps from 6600 to 44000 files scan in less than a second.

the only thing i do on this pc is play on facebook and upload pictures from my camera.

i am currently running windows xp with sp3.

the only steps i have taken was the other day i went to youtube to watch a few videos from family. when i got done i ran malewarebytes and it found the following spyware.password.xgen in the following areas:

Malwarebytes' Anti-Malware

Database version: 6752

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/2/2011 1:50:46 AM
mbam-log-2011-06-02 (01-50-46).txt

Scan type: Full scan (C:\|)
Objects scanned: 62447
Time elapsed: 16 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\HP\DIGITAL IMAGING\HELP\CUETOUR\START.EXE (Spyware.Passwords.XGen) -> Value: START.EXE -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\HP\DIGITAL IMAGING\HELP\PLAYER\FLASHPLA.EXE (Spyware.Passwords.XGen) -> Value: FLASHPLA.EXE -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\HP\digital imaging\Help\cuetour\START.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\program files\HP\digital imaging\Help\player\FlashPla.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

since then to me malwarebytes has been running weird by what i said above.

could malwarebytes get corrupted some how or is it my paranoia kicking in?
Posted Image

BC AdBot (Login to Remove)


#2 herg62123

  • Topic Starter

  • Members
  • 553 posts
  • Gender:Male
  • Location:Montgomery, AL
  • Local time:11:35 PM

Posted 06 June 2011 - 01:48 AM

i have found my answer out moderators please close this thread
Posted Image

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 52,056 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:35 PM

Posted 06 June 2011 - 10:25 AM

"Object is locked skipped", "Access Denied", "Password Protected" or "Encrypted" notations in an anti-virus/anti-malware scan are not uncommon. Some files and services are locked by the operating system or running programs during use for protection, so scanners cannot access them. Other legitimate files, especially those used by security programs, may be obfuscated, encrypted or password protected in order to conceal itself so they do not allow access. When the scanner finds such an object, it makes a note and then just skips to the next one. That explains why it may show with such notations but no action taken in certain anti-virus or anti-malware log scan reports. These are normal when using many security scanning programs so there is seldom a need for concern.

Note: It is not unusual for an anti-virus or anti-malware scanner to be suspicious of compressed, archived, .cab, .rar, .jar, .iso, and packed files because they have difficulty reading what is inside them. These kind of files often trigger alerts by security software using heuristic detection because they are resistant to scanning (difficult to read). This resistance may also result in some scanners to stall (hang) on these particular types of files or just ignore (skip) them.

The speed and ability to complete an anti-virus or anti-malware scan depends on a variety of factors.
  • The program itself and how its scanning engine is designed to scan: using a signature database vs heuristic scanning or a combination of both.
  • Options to scan for spyware, adware, riskware and potentially unwanted programs (PUPS).
  • Options to scan memory, boot sectors, registry and alternate data streams (ADS).
  • Type of scan performed: Deep, Quick or Custom scanning.
  • What action has to be performed when malware is detected.
  • A computer's hard drive size.
  • Disk used capacity (number of files to include temporary files) that have to be scanned.
  • Types of files (.exe, .dll, .sys, .cab, archived, compressed, packed, email, etc) that are scanned.
  • Whether external drives are included in the scan.
  • Competition for and utilization of system resources by the scanner.
  • Other running processes and programs in the background.
  • Interference from malware.
  • Interference from the user.
-- Using two security scanning engines at the same time can cause each to interfere with the other, cause systems hangs, false detections, unreliable results and other unpredictable behavior.

-- If the screensaver, hibernation or Sleep Mode are not turned off before scanning, those features can sometimes have odd effects when attempting to resume normal mode.

Malwarebytes Anti-Malware is designed to remove malware as effectively with a Quick Scan as it will with a Full Scan which takes much longer to complete. Both scans use heuristics that bypasses polymorphic blackhat packers & encryption, MD5 Hash, check memory (loaded .exes and .dlls), unique strings, autostart load points and hotspots (everywhere current malware is known to load from) and multiple other malware checks which are not discussed in public to safeguard the program from malware writers who would use that information for nefarious purposes. The Quick Scan looks at the most prevalent places for active malware so scanning every single file on the drive isn't always necessary. The Full Scan only has the ability to catch more traces in rare circumstances.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users