Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@. Skimlinks & other affiliated links are turned on

Search
  • FIRST POST
    • joe134
    • By joe134 16th Apr 17, 9:31 AM
    • 3,048Posts
    • 399Thanks
    joe134
    re-mbam scan
    • #1
    • 16th Apr 17, 9:31 AM
    re-mbam scan 16th Apr 17 at 9:31 AM
    Hi Guys, When I turned Pc on today, Mbam Premium popped up saying certain protection items were turned off?
    When I checked , Web Shield was turned off, so turned it back on.
    I then noticed Scan for Rootkits was off, but was off last time the Pop-up told me same thing a few weeks ago,( it was scan for Ransomware, that time, which I turned back on)
    It's probably never been turned on, never noticed.
    .This time, my Pc has crashed 3 times when it scans for Rootkits,beeped and Blue Screen with writing, telling me to restart, after turning off, or taking off any new added items.
    I have now turned Rootkits back off, and scanned ok.no problems?

    why should my Pc crash as soon as Mbam scans for them?.
    did it find one?

    Any reason why these items keep being turned off, not by me?
    Last edited by joe134; 16-04-2017 at 11:22 AM.
Page 2
    • Gillor
    • By Gillor 19th Apr 17, 12:55 PM
    • 646 Posts
    • 336 Thanks
    Gillor
    just looked at combofix, and don't know if I'm up to what it may, or, may not do?
    never used it before, but, read about it on here before.
    I don't want to start something, I cannot finish
    Originally posted by joe134
    Great piece of software but if you are not sure what you are doing I would steer clear.

    From Combofix website..

    Combofix is designed for advanced users and IT professionals. The software’s barebones interface, and powerful cleaning capabilities may lead to mistakes that can completely disable a PC
    • joe134
    • By joe134 19th Apr 17, 1:25 PM
    • 3,048 Posts
    • 399 Thanks
    joe134
    Personally I doubt you have been hacked or have a rootkit, I suspect that Malwarebytes is throwing a wobley.

    However, if you are unsure you can go to Bleeping Computer, they walk complete novices through testing every day.

    They will start with a few utils that report config etc, they they advise you to run things like Combofix as and when necessary.
    Originally posted by DavidP24
    Thanks David, now I think mbam is throwing a wobbler too, but just wanted to be sure.
    I will try as you say, but, after exhausting other avenues.
    Doing a boot scan now, but know it will be clear.
    This from the eternal pessimist
    Will try forum next, if mbam still continues to wobble.
    Do too much internet banking to ignore it now.

    edited;; boot scan clear.
    BUT, when I tried Mbam, I got dialogue box,;
    Program failed to start ,Qt5 Quicktime.dll is missing.
    try re-installing.
    Just tried for 2nd time, and it fired up ok.
    Enabled Rootkit to scan, just after rootkit strated to scan, Beep, and blue screen again.
    Kernel-Data-Inpage-Error.??
    Then Crash Dump.
    Mbam certainly doesn't like Rootkit scan.
    Last edited by joe134; 19-04-2017 at 2:28 PM.
    • Gillor
    • By Gillor 19th Apr 17, 2:31 PM
    • 646 Posts
    • 336 Thanks
    Gillor
    As previously mentioned why not uninstall MBAM using their clean-up tool and then do a fresh install?

    https://forums.malwarebytes.com/topic/196955-malwarebytes-mb-clean-tool/

    Can't do any harm and might even solve the problem.
    • AndyPix
    • By AndyPix 19th Apr 17, 2:33 PM
    • 2,685 Posts
    • 1,809 Thanks
    AndyPix
    Word of warning regarding Combofix ..


    Although it is a very powerful piece of software , it really is a kind of "5h1t or bust" solution and should only be used as a last resort.


    It will either fix everything beautifully, or break everything irriversibly
    Running with scissors since 1978
    • Gillor
    • By Gillor 19th Apr 17, 2:45 PM
    • 646 Posts
    • 336 Thanks
    Gillor
    Enabled Rootkit to scan, just after rootkit strated to scan, Beep, and blue screen again.
    Kernel-Data-Inpage-Error.??
    Then Crash Dump...
    Originally posted by joe134
    If you download and install WhoCrashed it will analyse the crash dump and should give you a clue as to where the problem lies...

    http://www.resplendence.com/whocrashed
    • AndyPix
    • By AndyPix 19th Apr 17, 3:00 PM
    • 2,685 Posts
    • 1,809 Thanks
    AndyPix
    Something interesting to add re Mbam ..


    Half way through a scan just now on a client machine, i got a popup that Mbam had finished quarentining selected items and advised i reboot now ..


    The thing is, it was still half way through scanning and i could see it whizzing away in the background still scanning ..


    Either Mbam is broken, or more likely some sneaky malware has hooked into its scanning routine and thrown up a fake message in the hope i will reboot before the scan is finished ..


    What is the world coming to
    Running with scissors since 1978
    • hans 2
    • By hans 2 19th Apr 17, 5:09 PM
    • 363 Posts
    • 208 Thanks
    hans 2
    Great piece of software but if you are not sure what you are doing I would steer clear.

    From Combofix website..
    Originally posted by Gillor
    There is no legit Combofix website only Bleeping Computer.
    • Gillor
    • By Gillor 19th Apr 17, 5:23 PM
    • 646 Posts
    • 336 Thanks
    Gillor
    There is no legit Combofix website only Bleeping Computer.
    Originally posted by hans 2
    Ok, quote from Bleeping Computer website...

    Please note that running this program without supervision can cause your computer to not operate correctly. Therefore only run this program at the request of an experienced helper.
    Same message - different messenger.
    • hans 2
    • By hans 2 19th Apr 17, 5:43 PM
    • 363 Posts
    • 208 Thanks
    hans 2
    [
    Word of warning regarding Combofix ..


    Although it is a very powerful piece of software , it really is a kind of "5h1t or bust" solution and should only be used as a last resort.


    It will either fix everything beautifully, or break everything irriversibly
    Originally posted by AndyPix
    Bit of an OTT warning.

    Can not recall any posts over last seven years where Combofix broke everything and it was recommended many times in that period

    If OP disconnects anti virus and malwarebytes, closes browsers then follows the simple instructions , he will be ok. Patience to let Combofix run its course is paramount.

    Total Downloads: 45,768,120 Downloads last week: 72,908 December 02, 2016
    Must be doing something right.
    • Gillor
    • By Gillor 20th Apr 17, 6:56 AM
    • 646 Posts
    • 336 Thanks
    Gillor
    Bit of an OTT warning
    Originally posted by hans 2
    Really? OK try this one, again from Bleeping Computer...

    IMPORTANT!: If you ran or want to run ComboFix just to see what it does or finds, please be aware that ComboFix was never meant to be used as a general purpose malware scanner like SuperAntispyware or Malwarebytes' Anti-Malware which scan individual drives or different folders on a computer for viruses. If your machine is infected, also be aware that using it is only one part of the disinfection process. Preliminary scans from other tools like DDS, RSIT and GMER should be used first because they provide comprehensive logs with specific details about files, folders and registry keys which may have been modified by malware infection. Analysis of those logs allows planning an strategy for effective disinfection and a determination if using ComboFix is necessary.
    Beeping Computer’s warnings are clear. If you choose to ignore them that is your choice but you really shouldn’t be encouraging others less experienced to do so.

    Can not recall any posts over last seven years where Combofix broke everything...
    Originally posted by hans 2
    Should have gone to Specsavers
    • joe134
    • By joe134 20th Apr 17, 7:17 AM
    • 3,048 Posts
    • 399 Thanks
    joe134
    Really? OK try this one, again from Bleeping Computer...



    Beeping Computer’s warnings are clear. If you choose to ignore them that is your choice but you really shouldn’t be encouraging others less experienced to do so.



    Should have gone to Specsavers
    Originally posted by Gillor
    That's why I won't run combo.
    I know my own limits, and it sounds a tad drastic at present.

    "IF" I have had a Rootkit inserted on my Pc during W7 upgrade, then it's been on over 2 years, so, it's had time to glean any info it required.

    just looked at removing Mbam and re-installing it, BUT, I have a lifetime Key, and if I remove it, I may lose realtime ?
    been on that long now.
    FileHippo only have version 2.2

    any advice appreciated.
    Last edited by joe134; 20-04-2017 at 7:28 AM.
    • joe134
    • By joe134 20th Apr 17, 7:48 AM
    • 3,048 Posts
    • 399 Thanks
    joe134
    If you download and install WhoCrashed it will analyse the crash dump and should give you a clue as to where the problem lies...

    http://www.resplendence.com/whocrashed
    Originally posted by Gillor
    Just done this Gillor.
    Here's Result;No Dumps.
    Dumps enabled.
    It won't allow me to paste result??
    • Sicard
    • By Sicard 20th Apr 17, 7:52 AM
    • 650 Posts
    • 574 Thanks
    Sicard
    I just tried to install Combofix from 2 different sources but it tells me my system W2000 isn't supported which is a bit strange as I'm W10.
    A wise man gets more use from his enemies than a fool from his friends.
    Baltasar Gracian
    • Gillor
    • By Gillor 20th Apr 17, 7:57 AM
    • 646 Posts
    • 336 Thanks
    Gillor
    ^^^

    Does this help?

    http://www.resplendence.com/whocrashed_dumpnotwritten
    • joe134
    • By joe134 20th Apr 17, 8:07 AM
    • 3,048 Posts
    • 399 Thanks
    joe134
    Not really, bit too techie for me
    Need to digest it further.
    old gray matter not as it was.
    I can see where you get it from, at the end of my report:in conclusion
    Last edited by joe134; 20-04-2017 at 8:13 AM.
    • joe134
    • By joe134 20th Apr 17, 10:09 AM
    • 3,048 Posts
    • 399 Thanks
    joe134
    There are rootkit scanners from ALL the major AV suppliers, if you do not dare risk one go with another.

    Of course they will have warnings but honestly most of them are there for their own protection.

    If you are that concerned, take an image of your system to an external disk or partition your existing disk, clone and hide backup with Mini Partition Wizard tool. It is always a good idea to separate your data anyway.

    All you do is resize the existing partition, create two or three more, so if Windows is taking up 40gb then resize to say 60gb, then leave a gap of 60gb and create new partitions beyond that for data etc.

    Then right click Documents, Pictures etc and move your data off the Win Partition to the new ones you just created.

    Then run mini partition wizard tool again and clone what will now be a smaller partition. Use the tool to hide the backup you just made, so worst case scenario if you screw up win partition you will be able to copy this one back. It may sound complicated but it is a graphical easy to use tool, you make all your changes but do not apply them till you are ready.

    Personally I doubt you even have a rootkit, least you can do is run the alternatives to Malwarebytes

    https://www.mcafee.com/ca/downloads/free-tools/rootkitremover.aspx

    https://www.bleepingcomputer.com/download/tdsskiller/

    https://www.bleepingcomputer.com/download/aswmbr/

    https://www.bleepingcomputer.com/download/gmer/

    Not to mention the standalone rootkit scanner from MalwareBytes

    https://www.bleepingcomputer.com/download/malwarebytes-anti-rootkit/
    Originally posted by DavidP24
    Cheers David, used aswmbr.
    I didn't use Fix MBR, as I wasn't sure of the outcome,due to the warning, but, fix wasn't an option, so assumed all was ok..
    That's 2 now.
    Nothing showing so taking it there's no Rootkit.
    Leaving it at that now.
    Probably will never know why Mbam rootkit, enabled, causes pc to crash, so, leaving it disabled.
    Didn't know there were so many stand alone ones.
    Thanks all, appreciate all your help and Advice.
    • Gillor
    • By Gillor 20th Apr 17, 2:18 PM
    • 646 Posts
    • 336 Thanks
    Gillor
    I just tried to install Combofix from 2 different sources but it tells me my system W2000 isn't supported which is a bit strange as I'm W10.
    Originally posted by Sicard
    Combofix doesn't support Windows 8.1 or Windows 10.
    • joe134
    • By joe134 21st Apr 17, 6:33 AM
    • 3,048 Posts
    • 399 Thanks
    joe134
    Combofix doesn't support Windows 8.1 or Windows 10.
    Originally posted by Gillor
    Seems my last attempt at finding rootkit has only made my pc worse!
    Cannot log on at all now?
    Even tried safe mode, nothing, it loads drivers, then just waiting.and waiting.
    In normal, wait for ages, blue screen, then black and white,keeps crashing.

    edit.
    In safe mode now?
    all ok now, restored back to earlier point.
    Nearly 2 hours to get into safe mode.;
    Thought it was Kaput.:-)
    that a vast scan must have upset the system, and changed the MBR, although I said no.
    Back to normal, only 6 days earlier.
    Last edited by joe134; 21-04-2017 at 7:23 AM.
    • Sicard
    • By Sicard 21st Apr 17, 8:24 AM
    • 650 Posts
    • 574 Thanks
    Sicard
    Might be worth running a sfc. It won't do any harm and it only takes a few mins.
    A wise man gets more use from his enemies than a fool from his friends.
    Baltasar Gracian
    • Gillor
    • By Gillor 21st Apr 17, 8:36 AM
    • 646 Posts
    • 336 Thanks
    Gillor
    You didn’t use Combofix did you?

    Trial and error, and loads of time and patience means is often better to bite the bullet and re-install Windows afresh, especially if you do have a rootkit which will have hooked itself deep and messed up your system. And you can never be sure that bits of it aren't still there anyway.
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

50Posts Today

2,297Users online

Martin's Twitter
  • Shana tova umetuka - a sweet Jewish New Year to all celebrating. I won't be online the rest of t'week, as I take the time to be with family

  • Dear Steve. Please note doing a poll to ask people's opinion does not in itself imply an opinion! https://t.co/UGvWlMURxy

  • Luciana is on the advisory board of @mmhpi (we have MPs from most parties) https://t.co/n99NAxGAAQ

  • Follow Martin