An update pushed by Malwarebytes today for their Malwarebytes Anti-Malware product has caused a lot of problems for those who use their program. This new protection update caused mbamservice.exe to consume a lot of memory and upwards to 90% of the computer's CPU. A new update has been pushed that resolves these issues.

Mbamservice.exe Using a lot of CPU
Mbamservice.exe Using a lot of CPU

First reported in the Malwarebytes forums, numerous people have been complaining today about mbamservice.exe consuming large amount of memory and spiking the CPU at over 90% usage. This has caused some computers to crash or become too unstable to use.

In a post to their forums, Malwarebytes CEO Marcin Kleczynski explained that a bad protection update caused these problems and that a new update had just been released that fixes these problems.

Information about New Malwarebytes Update that Resolves Problems
Information about New Malwarebytes Update that Resolves Problems

Fixing Malwarebytes Anti-Malware

Fix the Malwarebytes issue can be tricky as when you reboot and login, mbamservice.exe quickly uses up a lot of memory and CPU. This can cause your computer to become unstable and unusable fairly quickly and prevent you from performing the update.

Therefore, I have outlined three different methods in order of preference that you can use to get the fixed update installed and MBAM working normally again.

Method 1

According to Malwarebytes, the suggested method to update Malwarebytes and fix these issues are:

  1. Open Malwarebytes Anti-Malware
  2. Turn OFF web protection by clicking on Settings, then click on the Protection tab, and then set the Web Protection to OFF. If you receive a User Account Control prompt asking if you would like to make the change, click on the Yes button.  
  3. Click on the Dashboard navigation option and then under Scan Status, click on the Current label next to  Updates: to have Malwarebytes download the latest updates.
  4. When it has finished, restart your computer. According to Malwarebytes it may take multiple restarts after installing the update for the system to stabilize.
  5. Now enable Web Protection again.

Method 2

If method 1 does not work, you can try the above steps while in Safe Mode with Networking. Being in safe mode may make it a bit quicker to get the updates installed before Mbamservice.exe causes the computer to become unstable.

  1. Reboot into Safe Mode with Networking and login.
  2. Now perform steps 1-4 from the method above.
  3. When done, reboot your computer back into normal mode and login. Then do one more reboot and login again. You should be ok at this point.
  4. Now enable Web Protection again.

Method 3

Finally, if method 1 and method 2 do not work, I suggest you uninstall Malwarebytes Anti-Malware and reinstall.  Please note that this method may cause your installation to become unlicensed. If so, just reenter your license information after reinstalling the program.

  1. First reboot into Safe Mode with Networking.
  2. Quickly go to the Uninstall Programs control panel and uninstall MBAM.
  3. When the program has uninstalled, reboot your computer.
  4. Now download and install the Malwarebytes Cleanup Tool and run it. Let the tool run and have it remove all traces of MBAM.
  5. Now reboot one more time and login.
  6. Now download Malwarebytes Anti-Malware from our site, which is an official mirror. This version has an older definitions file, so when you install it, it wont be affected by the bug. You can then perform an update to get the latest good update.
  7. Reboot if the setup requires it.

Once the update is installed, your computer should no longer be having problems and mbamservice.exe should be using the appropriate amount of resources again.

Checking to see if the fixed update is installed

You can check if the issue has been resolved by starting Malwarebytes and looking at the Scan Status section. It should state that they are Current.

Scan Status
Scan Status

You can also go into the Settings screen and then select About.  In this screen the component package version should be 1.0.3808 or higher.

About Screen
About Screen

If these instructions do not help, please let us know in a comment and we can try and help.

Problem caused by malformed definition

Malwarebytes issued a PDF report explaining what caused the problem this weekend in MBAM.  According to this analysis:

Malwarebytes was immediately notified via our Customer Success team, who notified Engineering and Research. We immediately shut off updates to all customers to limit the number of endpoints that were affected. A review of recent updates found that we had included in the Web Filtering Block List a detection with a syntactical error that resulted in the Web Filtering System to block a large range of IPs.

They also provided a timeline of events related to the issue:

Timeline of Events
Timeline of Events


Update 1/28/18 2:50PM: Fleshed out the instructions based upon comments and emails I have received.
Update 1/28/18 7:36PM: Updated instructions.
Update 1/29/18 8:33AM: Updated instructions to use three different methods.

Related Articles:

Windows 10 Audio Not Working After Installing Latest Windows Updates