Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malwarebytes Anti-Root Kit Appears to hang


  • Please log in to reply
7 replies to this topic

#1 chembel

chembel

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:01 AM

Posted 07 April 2015 - 12:48 PM

I know I am probably going to get scolded for this but I need some help. I was trying to clean up my computer by following a procedure that I had used on my Windows 7 laptop. I was not having exactly the same problem but things were acting hinky so I thought I would run the same programs. This is the order that I ran:
 
Security Check
Farbar Service Scanner
MiniToolBox
Malwarebytes Anti-Malware
 
These all came back with nothing found.
 
Then I tried to run Malwarebytes Anti-Rootkit and it seemed to hang. I used Task Manager to stop the program, restarted and then ran Rkill. Rkill came back clean.
 
So then I tried to run Malwarebytes Anti-Rootkit again and it seemed to get stuck at the same place, C:\Windows\SysWOW64\psapi.dll. So then I used Task Manager again and decided to try running it in Safe Mode with Networking. It hung again but it was on a driver file. So then I restarted into Safe Mode again and decided to try running the Scan Targets individually. Both the Drivers and the Sectors came back fine, no problems. I did restart in between each run. Then I restarted and tried the System Scan Target. It hung again. I can't remember which file it stopped on but in each case when this seemed to hang, I was not getting any activity on the drive for more than 5 minutes.
 
Now I restarted it into Normal Mode and started just the System Scan again and it has been running for an hour and it is hung on C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\FUEL\FUEL.SERVICE.EXE. There is activity on the drive every 20 seconds or so. I don't want to stop this if it is actually fixing something. But, it seems like it is taking an awful long time.
 
Any suggestions would be greatly appreciated.
 
Thanks

Edited by Queen-Evie, 07 April 2015 - 01:03 PM.
moved from Windows 7 to the appropriate forum


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:01 AM

Posted 07 April 2015 - 01:21 PM

Your Catalyst drivers may be corrupt.

 

Please do the following so we can see exactly what you have going there.

 

Please download and install Speccy to provide us with information about your computer.  Clicking on this link will automatically initiate the download. 
 
When Speccy opens you will see a screen similar to the one below.
 
speccy9_zps2d9cdedc.png
 
Click on File which is outlined in red in the screen above, and then click on Publish Snapshot.
 
The following screen will appear, click on Yes.
 
speccy7_zpsfa02105f.png
 
The following screen will appear, click on Copy to Clipboard.
 
speccy3_zps1791b093.png
 
In your next post right click inside the Reply to Topic box, then click on Paste.  This will load a link to the Speccy log.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 chembel

chembel
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:01 AM

Posted 07 April 2015 - 02:08 PM

Here is the link that was created by Speccy:

 

http://speccy.piriform.com/results/4b75Bw4llJkoCrMI2UwEXeI



#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,690 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:01 AM

Posted 07 April 2015 - 02:19 PM

You can find your driver here.

 

Why do you have your antivirus and Windows updates disabled?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 chembel

chembel
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:01 AM

Posted 07 April 2015 - 02:36 PM

I am a little confused. When I follow the link there are three different files listed. I can't see what the differences are between the files, or do I need to install all three, or do I click on the link that determines which drivers are necessary for my computer?

 

I have my antivirus disabled because I was running the clean up programs and I find that some of them won't work with my Trend on. I will turn that on right now. I did not realize that my updates were disabled. I will also turn those back on.



#6 chembel

chembel
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:01 AM

Posted 07 April 2015 - 02:44 PM

Just as an aside, when I go to Windows Update and look at my settings, it appears to me that I have them turned on. I have a Snip It of the window but I can't figure out how to attached it to my reply.



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:01 AM

Posted 07 April 2015 - 03:52 PM

When using "Scan for rootkits", it sometimes causes the scanner to stall (hang), freeze) or become unstable. This is a known issue and the reason for it being disabled by default.

If the drivers don't resolve the problem, you can try using the stand-alone product...Malwarebytes Anti-Rootkit download.

However, when you're having issues with Malwarebytes, one of the solutions generally suggested by the Help Desk to try first is to uninstall/reinstall as follows:-- If using the Premium version, you will need to reactivate Malwarebytes' using the license ID and key you were sent by email. Make sure you save that information so it is readily available when reinstalling.
-- Launch the program and set the Protection and Registration. Then go to the UPDATE tab and check for updates if not done during installation.
-- Restart the computer again and verify that Malwarebytes is showing in the task tray if using the Premium version. Then setup any file exclusions that may be required in your Anti-Virus/Internet-Security/Firewall applications.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 1PW

1PW

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North of the 38th parallel.
  • Local time:02:01 AM

Posted 07 April 2015 - 08:56 PM

Hello chembel:

 

I believe your version of Speccy has been revised several times. http://www.piriform.com/speccy/builds

 

Frequently when MBAR Beta seemingly hangs, the pathname/file displayed is almost never the source of trouble.  If you have succesfully completed running MBAM 2.1.4.1018, with a check for rootkits, the real likelihood of rootkits closely approaches zero because MBAR Beta is now written into the current release of MBAM2.

Yet to properly run MBAR Beta, you are 1.) requested to be the only active Administrative login. No other users should be logged in.
 
2.) Restart your system into the Normal mode of an Administrator only. Not the Safe mode.
 
3.) Download only from >>MBAR Beta<< and only to an Administrator's desktop. Read and thoroughly understand everything in https://www.malwarebytes.org/antirootkit/. Save your work and close all open applications/browsers.

 

4.) Unpack/Execute MBAR Beta. It will update its database and then take about 5-10 minutes to complete, and produce 2 text logs, on an average system.
 
Ultimately, if you are unable to solve your issue with MBAR Beta, please consider having one of the Malwarebytes' Quality Assurance team assist you in the Malwarebytes Anti-Rootkit Beta Help sub-forum.

Thank you.


Edited by 1PW, 07 April 2015 - 10:25 PM.

All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users