Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@. Skimlinks & other affiliated links are turned on

Search
  • FIRST POST
    • joe134
    • By joe134 16th Apr 17, 9:31 AM
    • 3,034Posts
    • 399Thanks
    joe134
    re-mbam scan
    • #1
    • 16th Apr 17, 9:31 AM
    re-mbam scan 16th Apr 17 at 9:31 AM
    Hi Guys, When I turned Pc on today, Mbam Premium popped up saying certain protection items were turned off?
    When I checked , Web Shield was turned off, so turned it back on.
    I then noticed Scan for Rootkits was off, but was off last time the Pop-up told me same thing a few weeks ago,( it was scan for Ransomware, that time, which I turned back on)
    It's probably never been turned on, never noticed.
    .This time, my Pc has crashed 3 times when it scans for Rootkits,beeped and Blue Screen with writing, telling me to restart, after turning off, or taking off any new added items.
    I have now turned Rootkits back off, and scanned ok.no problems?

    why should my Pc crash as soon as Mbam scans for them?.
    did it find one?

    Any reason why these items keep being turned off, not by me?
    Last edited by joe134; 16-04-2017 at 11:22 AM.
Page 2
    • joe134
    • By joe134 19th Apr 17, 12:17 PM
    • 3,034 Posts
    • 399 Thanks
    joe134
    If confident, as you have W7 why not run ComboFix that may well sort it.
    Originally posted by hans 2
    just looked at combofix, and don't know if I'm up to what it may, or, may not do?
    never used it before, but, read about it on here before.
    I don't want to start something, I cannot finish
    • Gillor
    • By Gillor 19th Apr 17, 12:55 PM
    • 642 Posts
    • 333 Thanks
    Gillor
    just looked at combofix, and don't know if I'm up to what it may, or, may not do?
    never used it before, but, read about it on here before.
    I don't want to start something, I cannot finish
    Originally posted by joe134
    Great piece of software but if you are not sure what you are doing I would steer clear.

    From Combofix website..

    Combofix is designed for advanced users and IT professionals. The software’s barebones interface, and powerful cleaning capabilities may lead to mistakes that can completely disable a PC
    • DavidP24
    • By DavidP24 19th Apr 17, 1:01 PM
    • 1,514 Posts
    • 903 Thanks
    DavidP24
    just looked at combofix, and don't know if I'm up to what it may, or, may not do?
    never used it before, but, read about it on here before.
    I don't want to start something, I cannot finish
    Originally posted by joe134
    Personally I doubt you have been hacked or have a rootkit, I suspect that Malwarebytes is throwing a wobley.

    However, if you are unsure you can go to Bleeping Computer, they walk complete novices through testing every day.

    They will start with a few utils that report config etc, they they advise you to run things like Combofix as and when necessary.
    Thanks, don't you just hate people with sigs !
    • joe134
    • By joe134 19th Apr 17, 1:25 PM
    • 3,034 Posts
    • 399 Thanks
    joe134
    Personally I doubt you have been hacked or have a rootkit, I suspect that Malwarebytes is throwing a wobley.

    However, if you are unsure you can go to Bleeping Computer, they walk complete novices through testing every day.

    They will start with a few utils that report config etc, they they advise you to run things like Combofix as and when necessary.
    Originally posted by DavidP24
    Thanks David, now I think mbam is throwing a wobbler too, but just wanted to be sure.
    I will try as you say, but, after exhausting other avenues.
    Doing a boot scan now, but know it will be clear.
    This from the eternal pessimist
    Will try forum next, if mbam still continues to wobble.
    Do too much internet banking to ignore it now.

    edited;; boot scan clear.
    BUT, when I tried Mbam, I got dialogue box,;
    Program failed to start ,Qt5 Quicktime.dll is missing.
    try re-installing.
    Just tried for 2nd time, and it fired up ok.
    Enabled Rootkit to scan, just after rootkit strated to scan, Beep, and blue screen again.
    Kernel-Data-Inpage-Error.??
    Then Crash Dump.
    Mbam certainly doesn't like Rootkit scan.
    Last edited by joe134; 19-04-2017 at 2:28 PM.
    • Gillor
    • By Gillor 19th Apr 17, 2:31 PM
    • 642 Posts
    • 333 Thanks
    Gillor
    As previously mentioned why not uninstall MBAM using their clean-up tool and then do a fresh install?

    https://forums.malwarebytes.com/topic/196955-malwarebytes-mb-clean-tool/

    Can't do any harm and might even solve the problem.
    • AndyPix
    • By AndyPix 19th Apr 17, 2:33 PM
    • 2,204 Posts
    • 1,414 Thanks
    AndyPix
    Word of warning regarding Combofix ..


    Although it is a very powerful piece of software , it really is a kind of "5h1t or bust" solution and should only be used as a last resort.


    It will either fix everything beautifully, or break everything irriversibly
    Running with scissors since 1978
    • Gillor
    • By Gillor 19th Apr 17, 2:45 PM
    • 642 Posts
    • 333 Thanks
    Gillor
    Enabled Rootkit to scan, just after rootkit strated to scan, Beep, and blue screen again.
    Kernel-Data-Inpage-Error.??
    Then Crash Dump...
    Originally posted by joe134
    If you download and install WhoCrashed it will analyse the crash dump and should give you a clue as to where the problem lies...

    http://www.resplendence.com/whocrashed
    • AndyPix
    • By AndyPix 19th Apr 17, 3:00 PM
    • 2,204 Posts
    • 1,414 Thanks
    AndyPix
    Something interesting to add re Mbam ..


    Half way through a scan just now on a client machine, i got a popup that Mbam had finished quarentining selected items and advised i reboot now ..


    The thing is, it was still half way through scanning and i could see it whizzing away in the background still scanning ..


    Either Mbam is broken, or more likely some sneaky malware has hooked into its scanning routine and thrown up a fake message in the hope i will reboot before the scan is finished ..


    What is the world coming to
    Running with scissors since 1978
    • hans 2
    • By hans 2 19th Apr 17, 5:09 PM
    • 342 Posts
    • 194 Thanks
    hans 2
    Great piece of software but if you are not sure what you are doing I would steer clear.

    From Combofix website..
    Originally posted by Gillor
    There is no legit Combofix website only Bleeping Computer.
    • Gillor
    • By Gillor 19th Apr 17, 5:23 PM
    • 642 Posts
    • 333 Thanks
    Gillor
    There is no legit Combofix website only Bleeping Computer.
    Originally posted by hans 2
    Ok, quote from Bleeping Computer website...

    Please note that running this program without supervision can cause your computer to not operate correctly. Therefore only run this program at the request of an experienced helper.
    Same message - different messenger.
    • hans 2
    • By hans 2 19th Apr 17, 5:43 PM
    • 342 Posts
    • 194 Thanks
    hans 2
    [
    Word of warning regarding Combofix ..


    Although it is a very powerful piece of software , it really is a kind of "5h1t or bust" solution and should only be used as a last resort.


    It will either fix everything beautifully, or break everything irriversibly
    Originally posted by AndyPix
    Bit of an OTT warning.

    Can not recall any posts over last seven years where Combofix broke everything and it was recommended many times in that period

    If OP disconnects anti virus and malwarebytes, closes browsers then follows the simple instructions , he will be ok. Patience to let Combofix run its course is paramount.

    Total Downloads: 45,768,120 Downloads last week: 72,908 December 02, 2016
    Must be doing something right.
    • Gillor
    • By Gillor 20th Apr 17, 6:56 AM
    • 642 Posts
    • 333 Thanks
    Gillor
    Bit of an OTT warning
    Originally posted by hans 2
    Really? OK try this one, again from Bleeping Computer...

    IMPORTANT!: If you ran or want to run ComboFix just to see what it does or finds, please be aware that ComboFix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware which scan individual drives or different folders on a computer for viruses. If your machine is infected, also be aware that using it is only one part of the disinfection process. Preliminary scans from other tools like DDS, RSIT and GMER should be used first because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows planning an strategy for effective disinfection and a determination if using ComboFix is necessary.
    Beeping Computer’s warnings are clear. If you choose to ignore them that is your choice but you really shouldn’t be encouraging others less experienced to do so.

    Can not recall any posts over last seven years where Combofix broke everything...
    Originally posted by hans 2
    Should have gone to Specsavers
    • joe134
    • By joe134 20th Apr 17, 7:17 AM
    • 3,034 Posts
    • 399 Thanks
    joe134
    Really? OK try this one, again from Bleeping Computer...



    Beeping Computer’s warnings are clear. If you choose to ignore them that is your choice but you really shouldn’t be encouraging others less experienced to do so.



    Should have gone to Specsavers
    Originally posted by Gillor
    That's why I won't run combo.
    I know my own limits, and it sounds a tad drastic at present.

    "IF" I have had a Rootkit inserted on my Pc during W7 upgrade, then it's been on over 2 years, so, it's had time to glean any info it required.

    just looked at removing Mbam and re-installing it, BUT, I have a lifetime Key, and if I remove it, I may lose realtime ?
    been on that long now.
    FileHippo only have version 2.2

    any advice appreciated.
    Last edited by joe134; 20-04-2017 at 7:28 AM.
    • joe134
    • By joe134 20th Apr 17, 7:48 AM
    • 3,034 Posts
    • 399 Thanks
    joe134
    If you download and install WhoCrashed it will analyse the crash dump and should give you a clue as to where the problem lies...

    http://www.resplendence.com/whocrashed
    Originally posted by Gillor
    Just done this Gillor.
    Here's Result;No Dumps.
    Dumps enabled.
    It won't allow me to paste result??
    • Sicard
    • By Sicard 20th Apr 17, 7:52 AM
    • 521 Posts
    • 415 Thanks
    Sicard
    I just tried to install Combofix from 2 different sources but it tells me my system W2000 isn't supported which is a bit strange as I'm W10.
    Part of the inhumanity of the computer is that, once it is competently programmed and working smoothly, it is completely honest.
    Isaac Asimov
    • Gillor
    • By Gillor 20th Apr 17, 7:57 AM
    • 642 Posts
    • 333 Thanks
    Gillor
    ^^^

    Does this help?

    http://www.resplendence.com/whocrashed_dumpnotwritten
    • joe134
    • By joe134 20th Apr 17, 8:07 AM
    • 3,034 Posts
    • 399 Thanks
    joe134
    Not really, bit too techie for me
    Need to digest it further.
    old gray matter not as it was.
    I can see where you get it from, at the end of my report:in conclusion
    Last edited by joe134; 20-04-2017 at 8:13 AM.
    • DavidP24
    • By DavidP24 20th Apr 17, 9:13 AM
    • 1,514 Posts
    • 903 Thanks
    DavidP24
    There are rootkit scanners from ALL the major AV suppliers, if you do not dare risk one go with another.

    Of course they will have warnings but honestly most of them are there for their own protection.

    If you are that concerned, take an image of your system to an external disk or partition your existing disk, clone and hide backup with Mini Partition Wizard tool. It is always a good idea to separate your data anyway.

    All you do is resize the existing partition, create two or three more, so if Windows is taking up 40gb then resize to say 60gb, then leave a gap of 60gb and create new partitions beyond that for data etc.

    Then right click Documents, Pictures etc and move your data off the Win Partition to the new ones you just created.

    Then run mini partition wizard tool again and clone what will now be a smaller partition. Use the tool to hide the backup you just made, so worst case scenario if you screw up win partition you will be able to copy this one back. It may sound complicated but it is a graphical easy to use tool, you make all your changes but do not apply them till you are ready.

    Personally I doubt you even have a rootkit, least you can do is run the alternatives to Malwarebytes

    https://www.mcafee.com/ca/downloads/free-tools/rootkitremover.aspx

    https://www.bleepingcomputer.com/download/tdsskiller/

    https://www.bleepingcomputer.com/download/aswmbr/

    https://www.bleepingcomputer.com/download/gmer/

    Not to mention the standalone rootkit scanner from MalwareBytes

    https://www.bleepingcomputer.com/download/malwarebytes-anti-rootkit/
    Thanks, don't you just hate people with sigs !
    • joe134
    • By joe134 20th Apr 17, 10:09 AM
    • 3,034 Posts
    • 399 Thanks
    joe134
    There are rootkit scanners from ALL the major AV suppliers, if you do not dare risk one go with another.

    Of course they will have warnings but honestly most of them are there for their own protection.

    If you are that concerned, take an image of your system to an external disk or partition your existing disk, clone and hide backup with Mini Partition Wizard tool. It is always a good idea to separate your data anyway.

    All you do is resize the existing partition, create two or three more, so if Windows is taking up 40gb then resize to say 60gb, then leave a gap of 60gb and create new partitions beyond that for data etc.

    Then right click Documents, Pictures etc and move your data off the Win Partition to the new ones you just created.

    Then run mini partition wizard tool again and clone what will now be a smaller partition. Use the tool to hide the backup you just made, so worst case scenario if you screw up win partition you will be able to copy this one back. It may sound complicated but it is a graphical easy to use tool, you make all your changes but do not apply them till you are ready.

    Personally I doubt you even have a rootkit, least you can do is run the alternatives to Malwarebytes

    https://www.mcafee.com/ca/downloads/free-tools/rootkitremover.aspx

    https://www.bleepingcomputer.com/download/tdsskiller/

    https://www.bleepingcomputer.com/download/aswmbr/

    https://www.bleepingcomputer.com/download/gmer/

    Not to mention the standalone rootkit scanner from MalwareBytes

    https://www.bleepingcomputer.com/download/malwarebytes-anti-rootkit/
    Originally posted by DavidP24
    Cheers David, used aswmbr.
    I didn't use Fix MBR, as I wasn't sure of the outcome,due to the warning, but, fix wasn't an option, so assumed all was ok..
    That's 2 now.
    Nothing showing so taking it there's no Rootkit.
    Leaving it at that now.
    Probably will never know why Mbam rootkit, enabled, causes pc to crash, so, leaving it disabled.
    Didn't know there were so many stand alone ones.
    Thanks all, appreciate all your help and Advice.
    • Gillor
    • By Gillor 20th Apr 17, 2:18 PM
    • 642 Posts
    • 333 Thanks
    Gillor
    I just tried to install Combofix from 2 different sources but it tells me my system W2000 isn't supported which is a bit strange as I'm W10.
    Originally posted by Sicard
    Combofix doesn't support Windows 8.1 or Windows 10.
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

2,488Posts Today

6,835Users online

Martin's Twitter