An update pushed by Malwarebytes today for their Malwarebytes Anti-Malware product has caused a lot of problems for those who use their program. This new protection update caused mbamservice.exe to consume a lot of memory and upwards to 90% of the computer's CPU. A new update has been pushed that resolves these issues.
First reported in the Malwarebytes forums, numerous people have been complaining today about mbamservice.exe consuming large amount of memory and spiking the CPU at over 90% usage. This has caused some computers to crash or become too unstable to use.
In a post to their forums, Malwarebytes CEO Marcin Kleczynski explained that a bad protection update caused these problems and that a new update had just been released that fixes these problems.
Fix the Malwarebytes issue can be tricky as when you reboot and login, mbamservice.exe quickly uses up a lot of memory and CPU. This can cause your computer to become unstable and unusable fairly quickly and prevent you from performing the update.
Therefore, I have outlined three different methods in order of preference that you can use to get the fixed update installed and MBAM working normally again.
According to Malwarebytes, the suggested method to update Malwarebytes and fix these issues are:
If method 1 does not work, you can try the above steps while in Safe Mode with Networking. Being in safe mode may make it a bit quicker to get the updates installed before Mbamservice.exe causes the computer to become unstable.
Finally, if method 1 and method 2 do not work, I suggest you uninstall Malwarebytes Anti-Malware and reinstall. Please note that this method may cause your installation to become unlicensed. If so, just reenter your license information after reinstalling the program.
Once the update is installed, your computer should no longer be having problems and mbamservice.exe should be using the appropriate amount of resources again.
You can check if the issue has been resolved by starting Malwarebytes and looking at the Scan Status section. It should state that they are Current.
You can also go into the Settings screen and then select About. In this screen the component package version should be 1.0.3808 or higher.
If these instructions do not help, please let us know in a comment and we can try and help.
Malwarebytes issued a PDF report explaining what caused the problem this weekend in MBAM. According to this analysis:
Malwarebytes was immediately notified via our Customer Success team, who notified Engineering and Research. We immediately shut off updates to all customers to limit the number of endpoints that were affected. A review of recent updates found that we had included in the Web Filtering Block List a detection with a syntactical error that resulted in the Web Filtering System to block a large range of IPs.
They also provided a timeline of events related to the issue:
Update 1/28/18 2:50PM: Fleshed out the instructions based upon comments and emails I have received.
Update 1/28/18 7:36PM: Updated instructions.
Update 1/29/18 8:33AM: Updated instructions to use three different methods.