Broken Malwarebytes update causes high RAM and CPU usage - gHacks Tech News

Broken Malwarebytes update causes high RAM and CPU usage

Users of Malwarebytes, a popular security solution for Windows, reported on Saturday that the software's RAM usage and CPU utilization was going through the roof.

One user published a screenshot that showed the Malwarebytes Service process using more than 19 Gigabytes of RAM, and others soon chimed in and revealed that Malwarebytes used a lot of RAM and CPU on their devices as well.

Some users reported even that some protective modules, Web Protection and Real-Time Protection would not turn on anymore

malwarebytes high resource usage

Malwarebytes Premium and Premium Trial versions on all supported versions of Windows were affected the most. It is unclear at this point in time whether Malwarebytes Free systems were affected as well.

Affected users ran Malwarebytes Premium version 3.3.1.2183 with component package 1.0.262 and update package 1.0.3.798.

Tip: You can verify the program, component and update package versions by going to Settings > About in the Malwarebytes application.

Malwarebytes released an update shortly after first reports appeared on the company forum. Update package 1.0.3799 was distributed through the application's automatic update system. It turned out however that the update did not resolve the issue for users.

Malwarebytes users experienced high RAM and CPU usage even after installation of the update on their devices and rebooting the machines.

Malwarebytes issued another patch, which updated the update package to version 1.0.3803. This time, users reported that the patch seems to have fixed the issue on their machines.

It needs to be noted that it is required to restart the system after update installation. Restarting Malwarebytes won't do the trick. Some users reported that they had to restart the computer multiple times.

Malwarebytes staff  suggests that users turn of Web Protection, run a check for updates and restart the PC afterward if the issue is not resolved automatically.

Malwarebytes CEO Marcin Kleczynski published an official statement on the issue on the Malwarebytes forum. Kleczynski explained that a malformed protection update caused the issue. The client could not process it correctly which caused the high resource usage on customer devices and protection issues.

In short: make sure that the update package version is at least version 1.0.3803. If it is not, check for updates to install the most recent update package version and restart the computer afterwards to complete the installation.

Closing Words

Some users thought that Malwarebytes had been compromised, especially since some protective modules would not stay on or could not be turned on at all. Malwarebytes reacted quickly to the issue but it still took them two tries to get it right.

Now You: Were you affected by the issue? (via Neowin)

Summary
Borked Malwarebytes update causes high RAM and CPU usage
Article Name
Borked Malwarebytes update causes high RAM and CPU usage
Description
Users of Malwarebytes, a popular security solution for Windows, reported on Saturday that the software's RAM usage and CPU utilization was going through the roof.
Author
Publisher
Ghacks Technology News
Logo

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. jake said on January 28, 2018 at 9:06 am
    Reply

    Antivirus/antimalware software is waste of resource. Slow down your device only. Use your brain and some extensions on your browser for example scriptsafe and adblock software etc. and you will be fine!

    1. Earl said on January 29, 2018 at 10:08 am
      Reply

      Specifically, never use an admin account for normal day to day activities which don’t require admin privileges.

      1. KeZa said on January 29, 2018 at 6:12 pm
        Reply

        Or use SuRun, Simple Software-Restriction Policy https://iwrconsultancy.co.uk/softwarepolicy.htm, and some neat little progs from NoVirusThanks and Voodooshield. Does not resource anything but I’m here on Xp and have AVG AV and so much slows it not on an i5 CPU. Everything works fine here and if it does not slows down, than I think that it is better you have it because one damned thing that go trough and you have no AV, you can be in serious shit… And I do not waste my resources with Malware bytes because lately in test it’s not so good. It’s even worse for some malware than Microsoft defender. No Emsisoft is much better…

  2. Sophie said on January 28, 2018 at 9:11 am
    Reply

    My honest view on this….I lost a lot of trust in MB when they made the big change that took away Anti-Exploit beta, and rolled the whole thing into one larger package. It was very buggy at the time, and I removed it all and stuck with the original software for many months, re-instating Anti-Exploit and Anti-Malware as separate installs. The signature-updates worked fine until recently, and then started to fail, and just sit there and do nothing.

    In my VM, I trusted the later versions, but let it expire to “Free” only, and this has been fine and continues to be. But on my main host PC, something has just stopped me from letting MB come anywhere near it. Trust lost is trust hard to re-gain, and this news has hardly helped.

    But the free version in my VM, at least seems ok for now. Perhaps I skipped the dodgy updates, because being free, I don’t having it running in the background updating all the time, and only use it on-demand.

    I do feel that I don’t want all that updating and processes running…..and just to fire up the free version from time to time, is enough for me. This news kind of proves that way of thinking.

    1. Klaas Vaak said on January 29, 2018 at 7:06 am
      Reply

      I also lost trust in MB when they took away anti-Exploit. In fact, they did it in a sneaky way: I had inadvertently click on the premium trial version, and when that reverted to free MB anti-Exploit was gone ! After that MB did not function as before, sometimes not completing its scan, using up a lot of RAM thus slowing down my PC. I got so fed up I uninstalled MB.

    2. A different Martin said on January 30, 2018 at 2:03 am
      Reply

      @Sophie & Klaas Vaak:

      Try again.

      On my Windows 7 system I’m using both the most recent version of Malwarebytes Anti-Malware Free, for on-demand virus scanning, and the most recent version of Malwarebytes Anti-Exploit Beta, which has been updated at least a couple of times since the semi-coercive upgrade unpleasantness you referred to.

      I had to go through the Anti-Malware Premium trial period to get the latest version of Anti-Malware Free on my own computer, but I was able to skip it on at least one other computer that I administer.

      As for Anti-Exploit, you can download the latest free BETA from a dedicated Malwarebytes Forum thread, here:

      https://forums.malwarebytes.com/forum/126-anti-exploit-beta/

      It’s the first search hit if you google “anti-exploit beta,” and the latest version is usually toward the very beginning of the thread. I haven’t had any problems with any of the betas so far, and since I began using them I’ve only been exploited by my landlord (I live in Seattle). As a bonus, the betas are more comprehensive and configurable than the old Anti-Exploit Free. The biggest quirk I can point to is that Anti-Exploit’s System Tray icon and its notifications don’t seem to come back after you’re forced to kill the explorer.exe process for some reason and then restart it. (For example, I had to kill explorer.exe today to install a program update in order to avoid having to reboot … and then I had to reboot in order to get my Anti-Exploit icon and notifications back. But I don’t know; maybe I could have just logged out and logged back in. I’ll have to try that next time.)

      Bottom line: it’s still doable without too much grief.

      PS: 19GB of RAM?!!! That almost makes me feel petty for complaining about my slow memory leak in Pale Moon, which can eventually max out my 8GB of RAM if I don’t prophylactically restart from time to time.

  3. Jody Thornton said on January 28, 2018 at 11:43 am
    Reply

    I still use Malwarebytes v1.75 with new definition updates (just for manual scans) it seems to work for me.

    1. Stefan said on January 28, 2018 at 1:40 pm
      Reply

      I do the same. Later versions are bloated buggy junk……

      1. john k said on January 28, 2018 at 2:48 pm
        Reply

        “bloated buggy junk”, that’s a great expression Stefan, you are a talented, poetic, articulate, amusing computer user. It would be a good name for a band too!

    2. Cigologic said on January 28, 2018 at 2:43 pm
      Reply

      Likewise, I use Malwarebytes v1.75 for on-demand scanning. None of the bloat, negative system impact issues & regular drama seen in v2.x onwards. I also much prefer the much more informative progress bar in v1.75 when fetching new definitions.

      However, Malwarebytes seems to have throttled its definitions server for v1.x users since 1+ year ago ? Previously, fetching the full set of definitions requires at most 2-3 mins on an ADSL connection, but now it takes more than 25 mins, if not timing out & failing totally despite attempts at different hours of the day.

      At first, I thought maybe Malwarebytes suddenly doesn’t like the dynamic IP supplied by my ISP, so I tried using a VPN that provides a static IP to fetch the definitions, but it is still slower than a snail & eventually time out. Then I wondered if my copy of Malwarebytes is corrupted, so I performed a re-install, but to no avail either. Even now, with a new OS install on a new disk, the Malwarebytes situation remains the same.

      So I have to manually download the malware definitions ZIP package (which fortunately still provides definitions for v1.x, besides v2.x), & extract the v1.x EXE in order to get the 2 internal files required to update the definitions for my Malwarebytes v1.75. The downside is that Malwarebytes only supplies a new definitions package every 7 days or so, even though the definitions are updated several times every day.

    3. Ghacker said on January 29, 2018 at 6:44 pm
      Reply

      yup this is the way to go. Manual scans and remove the .exe from the startup so it doesn’t load on reboot.

  4. herman said on January 28, 2018 at 12:05 pm
    Reply

    I purchased a lifetime license years ago, back in the Win 7 (or was it Vista?) / MBAM 2 days.

    A lot has changed in the meantime, having multiple layers of defense nowadays makes me sometimes wonder if I still need MB.
    It has saved my butt a couple of times though, so I still use it.

    Yesterday I noticed my Surface tablet slowing down and crashing in the end.
    It took me a while to find out It was MBAM consuming all available memory.
    When I noticed that it was easy enough to disable autostart, reboot and go ahead.

    Obviously things like this should not happen.
    As far as I can recall this is the second time in many many years something went wrong with an update.
    But MB did take corrective measures very quickly, there was a fix within hours, which is good.
    I have seen companies doing much worse in this area.

  5. Theo73 said on January 28, 2018 at 12:20 pm
    Reply

    I have been a “ghacks” reader for years, but this is where I draw the line. Quality of writing has dropped dramatically in the last two years, however this kind of butchering of english language, using such slang…. This was the last drop for me.

    Farewell.

    1. Ron said on January 28, 2018 at 3:56 pm
      Reply

      What are you talking about?

      1. Rush said on January 28, 2018 at 4:11 pm
        Reply

        He is talking about his distaste for Martins lack of a “Master’s Thesis” type English to his articles.

        You know, the usual stuff one spews from their pedestal.

        Martin, you do a fine job, and your articles and the commentor’s here have save my computers bacon on numerous occasions and I thank you and all.

    2. seeprime said on January 28, 2018 at 4:52 pm
      Reply

      Theo73: how articulate is your German writing? Martin’s English is excellent. By the way, your grammar is terrible. Farewell Theo73, your undeserved disdain will not be missed.

    3. ShintoPlasm said on January 28, 2018 at 7:55 pm
      Reply

      Mate, what are you on about? It’s not like you have a subscription to a professional journal that has suddenly dropped its linguistic standards. This website is run by a few people, mainly Martin who is not a native Anglophone, providing us lots of interesting and thoughtful articles for free. You are way over the top here.

    4. Clairvaux said on January 28, 2018 at 10:39 pm
      Reply

      The word English needs an uppercase. When you complain about other people’s writing skills, you’d better make damn sure that yours are immaculate.

      1. Klaas Vaak said on January 29, 2018 at 7:09 am
        Reply

        That really is the bottom line, spot on. Good riddance to that jerk.

    5. Gary said on January 29, 2018 at 6:15 am
      Reply

      In addition to what others said, when using however it should be ; however,

      And what is a last drop? Do you mean last draw? which I think might be considered slang.

    6. Earl said on January 29, 2018 at 10:03 am
      Reply

      So, Theo, your blood pressure went through the roof?

      Granted that the grammar and/or spelling here isn’t always perfect as far as published articles are concerned… well, it happens. If you care so much, then submit some feedback with your “correction” and move on. Since my degree is in English, you might think that my tolerance level for such things is lower than that of most people, but–meh–that’s the web for you. (My only real peeve is when people (or, you know, characters on every TV show around–way to go TV writers) use “I” when “me” is correct–as in, objects of prepositions always take the objective case [duh].) Anyway, Grammarly notwithstanding, I haven’t noticed much of a change over the past two years.

      /disclaimer: if I made any grammar mistakes or typos here… I don’t care.

  6. Straspey said on January 28, 2018 at 2:11 pm
    Reply

    Like other long-time users of MBAM – I run an older version – 2.2.1.1043 Home Premium – which works fine for my needs and have chosen not to upgrade to the 3.x versions.

    I have MBAM configured to start when Windows starts – so yesterday, when I turned on my computer, I started receiving blocked connections and malicious website warnings – even before I opened my browser.

    Essentially, MBAM was blocking any and all attempts by system to connect to the internet – even including my mail server.

    Of course, at first I didn’t think it was MBAM’s fault, and began to think the worst – that my system had become badly infected and/or corrupt. This set me out on an hours-long series of troubleshooting steps – although I discovered when I disabled the mbamservice in task manager, the problem seemed to go away.

    However, I still thought the MBAM warnings were real, so I kept at it – until I tried one little and seemingly-innocent step — I manually updated the virus definition file in MBAM…

    Upon doing so, the problem immediately ended – no pop-ups, all connections okay, etc.

    However, I was still a bit suspicious until I finally read the announcement om the Malwarebytes Labs website which explained what had happened.

    I was relieved – but also annoyed, because I spent a lot of time digging for a solution because I have come to trust MBAM – which HAS saved me from malicious websites in the past – and really thought all those warnings and pop-ups were valid.

    Lesson learned.

    1. ilev said on January 28, 2018 at 6:39 pm
      Reply

      Sue MBAM for $1000 worth a wasted hours.

  7. Sophie said on January 28, 2018 at 2:22 pm
    Reply

    Its interesting that others here are reporting no problems using older versions. My “older” version is 2.2.0.1024, and for at least a couple of months now, it just sits and sits at the updating stage, and sometimes, but hardly wants to proceed to the later stages of the scan. I can see from flow of data being downloaded, that activity starts, but then stops….which probably accounts for the fact that it doesn’t want to move on and start scanning. It was this that prompted me to try later version in Virtual Machine only, and that had no such issues.

    Perhaps I’ll reinstall older version and try again. The hope always is that the signatures are all that really matters, and the software itself can be any version.

    1. Sophie said on January 28, 2018 at 2:49 pm
      Reply

      For what its worth, I figured out what goes wrong with old version 2.2.01024 since the last two or three months…….in case it helps anyone else having the same issue. My note “does not” refer to the issue of just yesterday, with the later version…but an earlier version.

      It sits and tries to download for ages, and signatures are updated, but does not progress.
      It never will progress, unless you shut it down and re-start it.
      After that, it will quickly run through, as its already (the first time) made the signature update.

      This happens on more than one PC, so its got to be down to something that suddenly started as a behaviour, which never used to be there.

      So if anyone is getting that, just shut down and start it up again, and it will scan. This happens every time too.

      1. Cigologic said on January 28, 2018 at 3:29 pm
        Reply

        >> Sophie: “what goes wrong with old version 2.2.01024 since the last two or three months … […] It sits and tries to download for ages, and signatures are updated, but does not progress. It never will progress, unless you shut it down and re-start it. […] This happens on more than one PC, so its got to be down to something that suddenly started as a behaviour, which never used to be there.”

        I’m facing definitions-fetching issues that sound similar but not identical to yours — as mentioned here:
        https://www.ghacks.net/2018/01/28/borked-malwarebytes-update-causes-high-ram-usage/#comment-4345759

        Mine is for Malwarebytes v1.75, & the definitions-fetching slowness started suddenly around 1+ year ago. Force-closing & relaunching Malwarebytes does not resolve the issue, but merely restarts the definitions-fetching all over again — only for the process to start-stop every second & eventually time out due to the excruciatingly slow speed of download from Malwarebytes’ server.

        Same situation persists for Malwarebytes v1.75 on a new disk with a barebones system — in-built Window Defender is disabled, no 3rd-party antivirus, & no other application installed except for Malwarebytes & 7-zip.

        So this has nothing to do with the Malwarebytes program itself (unless Malwarebytes has blacklisted its older versions), the OS, or any possible interfering software. I also tried different IP addresses using VPN, but still no go where definitions-fetching is concerned.

      2. Sophie said on January 28, 2018 at 7:59 pm
        Reply

        @Cigologic – I read your first post on this, and then this later one with interest. It seems like you have a similar issue, and I do think something has changed. It seems to be a throttling perhaps, but I didn’t find a link with IP address, and I do use VPN and also tried different IPs as you have done, and it made no difference.

        I did feel that this was MB’s way of “encouraging” people to update, and at the same time, I felt thankful that even with a bit of prodding, I could still use the older version(s) as I didn’t want to be forced into an upgrade if I could avoid it.

        I do think MB has become bloaty, but they have also ironed out a lot of their original issues when version 3x came out. I still think they are one of the better options, but I dislike things running in the background, consuming resources, and feel much happier with occasional scans. I always remember to run them, so I don’t feel I need to be hand-held by cosy interfaces. I just want the bare-bones, up to date signatures, in the old interface….and something that works.

  8. Steve said on January 28, 2018 at 2:24 pm
    Reply

    I couldn’t figure out what was going on with my system on Saturday.
    Programs were lagging, many wouldn’t load, even after disabling Malwarebytes and
    rebooting several times.
    I thought I would have to re install Windows, until everything seemed to stabilize.
    Reinstalled Malwarebytes fixed the issue and I now have 1.0.3807 and not .3803
    All is well!

  9. Ron said on January 28, 2018 at 3:58 pm
    Reply

    Things like this makes me glad I’m on Linux.

  10. seeprime said on January 28, 2018 at 4:59 pm
    Reply

    Malwarebytes coding has been buggy since version 2, where scans took about three times longer to run than on 1.75. Version 3 was horrible when it first came out. 3.31 is usable, but wants to run at startup to hide its five second (or more) loading time. I uncheck the Start with Windows in the right click menu, because I always use the free version and don’t want a sometimes-used program to always be running in the background. I’m not surprised by the resource eating bug. Malwarebytes 3.31 is still excellent when it’s running properly, but it’s far from ideal in how it starts so slowly, when it’s not set to run at startup, compared to every other program I use taking less than one second to open.

  11. Joencalif said on January 28, 2018 at 6:47 pm
    Reply

    So if everyone has such distaste for MB, what’s a good alternative?

    1. seeprime said on January 28, 2018 at 7:48 pm
      Reply

      Super AntiSpyware is pretty good.

      1. KeZa said on January 29, 2018 at 6:20 pm
        Reply

        Emsisoft AM

  12. ULBoom said on January 28, 2018 at 7:07 pm
    Reply

    I run it occasionally if something’s acting weird, then uninstall it. Put it on the kids’ old game desktop a week or so ago because it would only boot halfway then stop. Didn’t find anything, could have been Intel’s fix that didn’t fix, IDK; the desktop works fine now, should probably remove MB although it’s not causing any memory problems.

    MB did find and remove a root kit we got years ago when we still used Avast.

  13. battle said on January 28, 2018 at 7:22 pm
    Reply

    Emsisoft Emergency Kit could be an alternative. It is portable but slow to update the definitions.

  14. kalmly said on January 28, 2018 at 8:50 pm
    Reply

    I’m with Straspey and others, still using 2.2.1.1043 Home (free). I don’t have the problem other posters have reported with update stage running forever. It takes a short while and then runs the scan. I was never even vaguely tempted to install any of the newer versions because I don’t want yet another service running all the time. In a general way, I dislike huge programs that combine multiple functions. On any day, I will opt for a quick little one-trick pony that jumps in, does its job, and then goes away.

    P.S. Dear Theo73, You must be running out of websites to visit. Martin’s English is amazing. How’s your German? Lebewohl.

    P.S.2. Something went wrong when I tried to edit post, so I had to post it again.

  15. intelligencia said on January 29, 2018 at 2:44 am
    Reply

    I now only use the FREE version of Malwarebytes (though I have the Life-Time license to convert same to the Premium version). From the start, I have always used MB as my go-to secondary line of defense when it comes to providing my computer with cyber-security protection.
    However, I NO longer use the Premium version as it sometimes seems to put bugs into my computer! I do not experience any problems with my computer when I use MB for Free.
    Likewise, I did not experience any issues to my computer when others complained of the high ram usage with the recent update. As I mentioned on a previous Ghacks.net post . . . I strongly suspect when MB goes awry its website has been hacked or otherwise compromised but of course the company won’t own up to it. Still, I use it and recommend the Free version of MB to my buddies and neighbors – – it is still good security software in my opinion.

    1. ULBoom said on January 30, 2018 at 5:31 am
      Reply

      Saw the same thing with Glary Utilities Pro version. It installed a number of call home routines and became a major annoyance. In the free version, they could be turned off and there’s little difference between the two version. Beware of lifetime free Pro versions of anything, there’s probably a catch. Some of these malware help forums are constantly offering free Pro versions of many softwares; eye them suspiciously.

      Glary used to be very good, too bad. Uninstalled.

      1. intelligencia said on January 30, 2018 at 9:00 pm
        Reply

        @ULBloom

        Indeed. I like your response.
        All these things out there makes me overly suspicious and Paranoid.
        I just ran a scan on my buddy’s system using MB and he had over 1500 pieces of Malware!
        i

  16. Richard Allen said on January 29, 2018 at 6:28 am
    Reply

    I’ve been wondering for some time now when I will start seeing updating issues with my older version of Malwarebytes (2.2.1.1043) but it’s working fine. It generally takes 30-45 seconds for Malwarebytes to go through the update process, this last one took about 45 seconds. A scan with all options enabled, on Win7 Pro, took just over 4 minutes. I recently reduced my bandwidth to a download speed of 66Mbps and everything is updating without any problems, so far. To be honest, I haven’t seen a single malware object in years and only run a scan every 2-6 weeks. I emphatically deny any knowledge of longer intervals between scans. ;)

  17. Yoav said on January 29, 2018 at 6:41 am
    Reply

    I got hit by this and it’s still unresolved – I had to uninstall MB completely. Definitely annoying.

  18. KeZa said on January 29, 2018 at 6:19 pm
    Reply
  19. Joe said on January 29, 2018 at 10:57 pm
    Reply

    This morning when I fired up my laptop and went to google, malwarebytes blocked it saying it was suspicious….it’s google for heaven’s sake. I brought up malwarebytes and added google to the whitelist and it STILL blocked it. I finally had to uninstall malwarebytes and replace it with Emisoft..

Leave a Reply