MalwareBytes Issues slows machines

russgarrett
russgarrett used Ask the Experts™
on
First after having issues with CA Total Defence 12 i switched to MalwareBytes and Microsoft Security Essentials on each machine at different customers office and different configuratios. Some noticed their machines slowed down but i told them that with all the new spyware that antivirus and antispyware products have become larger and use more resources. i have asked this question here before and was told it was a good combination and i think it is. However, one software vendor told a client that MBAM was a hog and would slow a machine down. i know there are 2 products on the machines but it only seems a little slower in some cases. is MBAM a memory or processor hog?

Secondly, after installing the above products some machines were found to have spware but were successfully removed. i also stopped services and ran combofix. now most are slow. remove MBAM and the machines speed up. re install MBAM and the machine slows down.
Sorry for the long post but what is going on?
Almost all machines are XP Pro with SP 3.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Author of the Year 2011
Top Expert 2006
Commented:
russgarrett,
In some (very few) of the systems where I have installed that combination, I have had to configure MSE to "Ignore" the MBAM processes.

I have no idea why this slow down happens on some systems.

Details on excluding MBAM from MSE montoring are here:

http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=181018&#entry181018
Author of the Year 2011
Top Expert 2006

Commented:
Out of curiousity, what is that "software vendor" selling who called MBAM a hog?
In my experience, it is one of the least processor/RAM intensive applications in the whole field of anti-malware.

Author

Commented:
i agree. MBAM is "light weight" and could be added to almost any computer on top of another antivirus.
it is well worth $25.00.

the vendor is NECS. They make software for the Produce Industry.
Learn SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

Author of the Year 2011
Top Expert 2006

Commented:
OK - thanks for the info on the vendor. I was concerned that it might be someone who was actually qualified to comment on anti-malware applications...
:)

Try the exclusion process I linked to above and see if that helps. As mentioned, I have had to do that on a few systems.

Probably something I should add to my Article (MALWARE - "An Ounce of Prevention...")

Author

Commented:
so you think that running combofix also could have done something to MalwareBytes?

when i am allowed access to the machines i will exclude the process in Microsoft essentials EXCLUDE  PROCESSES category. i will type in MBAMSERVICE.EXE and that is all.

i just have to be allowed access to the machines which could take a couple of days. they are in different locations.
Author of the Year 2011
Top Expert 2006

Commented:
I have never heard of CF interferring with MBAM - have you now uninstalled CF?
That is ALWAYS the final step in using it.

BTW - you need to exclude all three of the MBAM processes.
Picture attached. MSE-MBAM

Author

Commented:
This is stupid but i did not know you had to uninstall ComboFix. i just download it and rename it and then run it. i stop the antivirus services even though CF thinks they are still running. after the lof is printed i simply delete the icon.

the reason i ran CF was because the day or next day i installed the MBAM the DSL was maxing out about every 2 hours for 10 or 15 minutes on outbound traffic. i called Sonicwall to verify this was probably a virus or spyware uncovered by MBAM and they agreed.
As of about 5 pm yesterday all was back to normal but i am about to check with the internet provider now to see how it is today.
Author of the Year 2011
Top Expert 2006

Commented:
From:
http://www.experts-exchange.com/Q_26917962.html?cid=748#a35342801
(Neat Trick!)

To uninstall Combofix:
Go to Start > Run and 'copy and paste' next command in the field:

ComboFix /Uninstall

Or simply rename ComboFix.exe to Uninstall.exe and double click it.

**************************
"i called Sonicwall to verify this was probably a virus or spyware uncovered by MBAM and they agreed."

I get really fed up with these "Help Desk Techs" who comment on other products without one iota of knowledge or qualifications. Unfortunately, we all have to deal with them on a regular basis.

The development staff at MBAM includes about 12-15 current or former MS MVP's and these guys are fanatics about keeping ahead of the malware writers.

In my experience, MBAM stays well ahead of the game (multiple daily updates) for any new virus/spyware variants that are released.

Author

Commented:
UH OH. i have never uninstalled it. what has been happening since i have not uninstalled it before on any machine.
interfering with anything?

so by just renaming combofix to uninstall it will  know to remove itself.
Author of the Year 2011
Top Expert 2006

Commented:
"so by just renaming combofix to uninstall it will  know to remove itself."

Make sure that you change the actual name to:
uninstall.exe

Author

Commented:
so what harm have i done or problem caused by not uninstalling ComboFix?

i have no idea how many machines i have installed it on.

Also, when you setup CF and Microsoft Essentials are you entering the network drive letters into the ignore and exclude list?

they are not in the weekly scheduled scan.
Author of the Year 2011
Top Expert 2006

Commented:
I think you are confusing the programs.

CF is never loaded unless you are trying to disinfect a machine - ever.
As soon as the machine is clean, you uninstall it.
No one should use CF except under the guidance of a 'helper' who is trained to walk you through it.

MSE and Malwarebytes are the two applications you load to protect your systems 24/7.

I gave you the link to the Malwarebytes forum describing the steps to configure MSE and you should read the details in this EE Article for proper prevention techniques:

MALWARE - "An Ounce of Prevention..."

Author

Commented:
do not close it yet please i have access to 2 machines this morning. one machine you have to turn off 3 to 5 times before it actually boots and i really want to give it a look. it gives some message before it starts loading XP but i have not seen it myself.

if there is not anything to this story. i plan on running a utility that MBAM support sent me that modifies the registry for a delyed start up.

i have used another utility for problems similiar to this before. the message they are referring to could be the Microsoft Console that shows up for 2 seconds before booting that Combofix loaded prior to running.

Author

Commented:
The customer was tired of dealing with the problem on only 3 machines. Even MBAM support had no idea what the solution was even after sending then MBAM diagnostic reports.

Author

Commented:
I will say after unloading Essentials and MBAM i loaded Total Defense 12 and on the second or third reboot the machine gave a blue screen and never came up. i rebooted and the machine came up fine.

i showed this to the client and they might just replace the machine instead of reformating and reloading the machine.

i have said before that sometimes you can sit and theorize forever and it is better to just cut your losses and reformat and reload and get on with life. especially since i charge by the hour and i cannot charge 12 hours to fix one pc for something like this.
Author of the Year 2011
Top Expert 2006

Commented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial