# MBAM scan fails due to system suddenly powering off



## eidairaman1 (Jan 15, 2020)

Dealing with an older APU system, which at some point during a full scan using latest mbam the system powers off, turn back on windows states wasn't shut down properly.

I will provide a hwinfo64 snapshot and pwr supply later, system has been around since 2013, i know it has tons of PUPs/PUMs, trying to clean it. I'm unsure if it is overheating but i will get a temperature reading before and during the scan. I will try to get a event viewer too.

Im just unsure if its the os or if hardware at this rate.

Any ideas?


----------



## er557 (Jan 15, 2020)

hard drive?? does it power off at any other scenario? does it work steady when idle and keeps functioning? You could try to make an offline rescue disc and scan from there to clean it, also with old systems it is hard to tell.


----------



## kapone32 (Jan 15, 2020)

That is funny I am having the exact same problem with my Sister's APU based PC.


----------



## Jose Jeswin (Jan 15, 2020)

MBAM scans used to increase processor temps for me......try HWMonitor perhaps.......i would check windows reliability monitor for any error messages...the third option would be an overloaded PSU..


----------



## Bill_Bright (Jan 15, 2020)

You say "at some point", is it always the same point or different points?

I recommend you run Windows Disk Cleanup (or CCleaner) before scanning. No need to scan potentially 1000s of temp files. You might also try running Malwarebytes in Safe Mode.


Jose Jeswin said:


> MBAM scans used to increase processor temps for me....


I see that as normal - regardless the scanner. While scanning should not max out CPU utilization, it does use it, and for more than a few seconds.


----------



## Solaris17 (Jan 15, 2020)

I didn’t quite understand this. Are you saying it does it consistently?


----------



## eidairaman1 (Jan 15, 2020)

Solaris17 said:


> I didn’t quite understand this. Are you saying it does it consistently?



Yes each scan it has shut down.

@Bill_Bright Also some point means I'm afk, I will get full specs later today, las i recall its using stock hsf.

Im wondering if I should just pull the drive and hook it along side a rig that is fully patched and secure and do the scan...


----------



## jsfitz54 (Jan 15, 2020)

eidairaman1 said:


> Im wondering if I should just pull the drive and hook it along side a rig that is fully patched and secure and do the scan...



Yes, pull the drive: if "ransom ware" is found on "C" , the OS backup partition is most likely infected as well.  Have had luck with Windows Security cleaning this up. 
Wipe and restore maybe the only solution as much as it's a "pita".


----------



## Vayra86 (Jan 15, 2020)

Hard drive itself or PSU is suspect. In the case of PSU it would be voltage out of spec... but then it would have to also happen with other loads, not just scanning.

If its just scanning, good chance the HDD is dead or close to it. Had something along those lines and the behaviour looks similar.

Not a believer in temps being an issue... you already get elevated temps when you go through the BIOS and boot up.

Ransomware is def also possible here.


----------



## Bill_Bright (Jan 15, 2020)

I wouldn't bother pulling the drive unless cleaning the clutter and running in safe mode fails. Or, there is a flash drive version of Malwarebytes you can try too.


----------



## Solaris17 (Jan 15, 2020)

I know you haven’t witnessed it in action but if other modes of investigation come up puzzling it may be an access violation and you may want to scan it with a root kit scanner.


----------



## Steevo (Jan 15, 2020)

Solaris17 said:


> I know you haven’t witnessed it in action but if other modes of investigation come up puzzling it may be an access violation and you may want to scan it with a root kit scanner.




Pull the drive and put it into an enclosure. Its either a serious infection, or a dying drive or other hardware, if its other hardware doing it more will only kill the system, if its the drive doing more will only kill it, and if its an infection that has access to reboot or shutdown the system you will need an offline scan.


----------



## eidairaman1 (Jan 15, 2020)

Vayra86 said:


> Hard drive itself or PSU is suspect. In the case of PSU it would be voltage out of spec... but then it would have to also happen with other loads, not just scanning.
> 
> If its just scanning, good chance the HDD is dead or close to it. Had something along those lines and the behaviour looks similar.
> 
> ...



The hdd doesnt lock up and os runs ok, just believe now either psu or cpu overheat...



Steevo said:


> Pull the drive and put it into an enclosure. Its either a serious infection, or a dying drive or other hardware, if its other hardware doing it more will only kill the system, if its the drive doing more will only kill it, and if its an infection that has access to reboot or shutdown the system you will need an offline scan.



Its not a soft off like windows goes through a shut down sequence, the system just goes poof like the power switch on the psu was actuated. And it is infected because of the pups/pums, so im trying to clean this bugger up.



Solaris17 said:


> I know you haven’t witnessed it in action but if other modes of investigation come up puzzling it may be an access violation and you may want to scan it with a root kit scanner.



Mbam has that built in


----------



## Solaris17 (Jan 15, 2020)

eidairaman1 said:


> The hdd doesnt lock up and os runs ok, just believe now either psu or cpu overheat...
> 
> 
> 
> ...



that’s true they also have the standalone tool too. But where one fails another may succeed. Was just pointing it out. An access violation to tampered memory address space usually ends with reboot or shutdown without warning.


----------



## eidairaman1 (Jan 15, 2020)

Yeah i need to give this thing a thorough dusting, it is bad, and yes the stock cooler is being used. The psu is a macron mpt 400 (probably no good)

Normal use it doesnt just suddenly power off...


----------



## Bill_Bright (Jan 15, 2020)

Well, it is not a PSU I would buy, but if it has been working fine, I would not replace it over this. This does not sound like a PSU problem to me. Shutdowns caused by power are not so specific - that is, they would not happen only when doing a specific task with a specific program. They would seem to be more random, or when tasking the computer with any program. 

I might suspect RAM, but again, at this point, I would clean out the clutter and scan again, either in safe mode, or via a thumb drive. Dust can sure cause heat related shutdowns, but again, not with just one specific program. And you can always monitor your temps with CoreTemp or some other monitor to see if dust, in the middle of Winter is causing problems.


----------



## eidairaman1 (Jan 15, 2020)

Bill_Bright said:


> Well, it is not a PSU I would buy, but if it has been working fine, I would not replace it over this. This does not sound like a PSU problem to me. Shutdowns caused by power are not so specific - that is, they would not happen only when doing a specific task with a specific program. They would seem to be more random, or when tasking the computer with any program.
> 
> I might suspect RAM, but again, at this point, I would clean out the clutter and scan again, either in safe mode, or via a thumb drive. Dust can sure cause heat related shutdowns, but again, not with just one specific program. And you can always monitor your temps with CoreTemp or some other monitor to see if dust, in the middle of Winter is causing problems.



Im getting hwinfo to see if any anomalies are spotted


----------



## Bill_Bright (Jan 15, 2020)

I'm holding my breath. 

Not really. I'm sipping my martini and waiting for the Pizza Hut delivery driver to get here.


----------



## eidairaman1 (Jan 15, 2020)

Ok after i was about to start a benchmark in hwinfo the rig shut off, i powered it on trying to get into bios, shut down again. I think it maybe temperature related...

Yeah the cpu is way too hot. Bios reports at 78°

So yeah thats my starting point, it needs a dusting bad

I just hope this drive isnt so full of crap that a mbam scan causes shutdown



			http://www.cpu-world.com/CPUs/K10/AMD-A-Series%20A6-3650%20AD3650WNZ43GX%20(AD3650WNGXBOX).html


----------



## Bill_Bright (Jan 16, 2020)

eidairaman1 said:


> Yeah the cpu is way too hot. Bios reports at 78°


Since running the BIOS Setup Menu is just about the least demanding task we can ask of our systems, yeah 78° is way too hot (assuming that's 78°*C* and not 78°*F*). You should check to make sure your case fans are spinning up and providing a good "flow" of air through the case too. 


eidairaman1 said:


> I just hope this drive isnt so full of crap that a mbam scan causes shutdown


Even if the drive is, I don't see why or how that would cause Malwarebytes to shut the computer down. I can see it bogging Malwarebytes down and slowing the system down to a crawl, but it should still trudge along and eventually complete. 

Something else is going on. Hopefully a good clean will take care of it. Remember to take the necessary ESD precautions to discharge your body of any static. 

Did you run Windows Disk Cleanup (or CCleaner) yet? You don't want to be running critically low on free disk space either.


----------



## eidairaman1 (Jan 16, 2020)

C in degrees


----------



## Bill_Bright (Jan 16, 2020)

Let us know how it goes after cleaning out the dust (and clutter).


----------



## eidairaman1 (Jan 31, 2020)

Bill_Bright said:


> Let us know how it goes after cleaning out the dust (and clutter).



The whole case has been cleaned, temperatures are way better.


----------



## jsfitz54 (Jan 31, 2020)

eidairaman1 said:


> The whole case has been cleaned, temperatures are way better.



So was this just a slowdown due to dirt?  1st post indicated that MBAN quit but did you determine this as just overheating or virus or some other mechanical or software problem?


----------



## rtwjunkie (Jan 31, 2020)

eidairaman1 said:


> The whole case has been cleaned, temperatures are way better.


Does. MBAM work without the system shutting down, now?


----------



## eidairaman1 (Jan 31, 2020)

jsfitz54 said:


> So was this just a slowdown due to dirt?  1st post indicated that MBAN quit but did you determine this as just overheating or virus or some other mechanical or software problem?





rtwjunkie said:


> Does. MBAM work without the system shutting down, now?




The max cpu temp is 72, it was running at 78, it is way lower now.

I need to run it still.

Currently running, monitoring temps too

Max so far is 33. I suspect it was the temperature


----------



## bobbybluz (Feb 1, 2020)

If you still have suspicions of malware HitmanPro does an even better job than MalwareBytes. It should still have a 30 day free trial period: https://www.hitmanpro.com/en-us/downloads.aspx


----------



## eidairaman1 (Feb 1, 2020)

Its picked up quite a bit so far, i also remember spybot sd, SAS, trendmicro housecall

So far the hottest the cpu has hit is 46C and scan is about finished


----------



## DeathtoGnomes (Feb 1, 2020)

open up the side and point a table fan at the cpu. AIRFLOW! 



http://imgur.com/4oBI9gy


----------



## eidairaman1 (Feb 1, 2020)

Looks like it was temperature related.

As the Scan Completed


----------

