After all the recent suspense and thanks to Geradwil for the release note finally we have the Malwarebytes Anti-Rootkit (in beta at the moment) http://www.malwarebytes.org/products/mbar/
Yes it does, actually. I suppose this is more like a GMER-type tool that specifically targets the latest and greatest rootkits instead of just the general variety? Either way it ran without issue and found me to be clean. I wonder of the tool will remain free past Beta?
MBAM doesn't remove MBR/VBR based rootkits and patched drivers/code on privileged system files, as per the "we don't disinfect things" ideology MBAM is based on.
i suppose the obvious question to ask is if MBAR picks up things which MBAM does not. is there not an anti-rootkit component already in MBAM or is MBAR going to pick up things MBAM does not?
Good question...BTW, here is the log result, which looks similar to an ordinary MBAM scan. Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org Database version: v2012.11.03.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 *****This line Deleted because of identifying details******** 11/11/2012 11:39:37 AM mbar-log-2012-11-11 (11-39-37).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: PUP | PUM | P2P Objects scanned: 24910 Time elapsed: 20 minute(s), 35 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
I have installed MBAR in another snapshot, and have gotten the same problem. It appears that I am unable to update to the latest database.
LW did you see a total scan time listed anywhere? It does create a scan log in the file folder you placed MBAR in, but all I see are times scans started (if I am reading it correctly).
Great to see MBAR is finally out to clean nasty MBR based rootkits. Will this be compatible with AV or IS which already scans and removes MBR/VBR based rootkits? If so how?
Running either XP Pro or Home Edition I couldn't get it to install; kept getting a prompt to switch to an administrative account which is where I already was. I finally got it to install in safe mode, then it wouldn't update. Skipped the update and scanned. Two "infections" found, both related to Comodo Time Machine. I understand how this type of application can trigger a malware scanner, but you'd think by now that CTM would be recognized as a legitimate application. Hopefully, just temporary glitches.
Okay, thanks. I didn't notice that it created both a scan log and system log. The scan log was not displayed after the scan, but was placed automatically in the file folder where MBAR resides.
I really can't get too excited over this. There are a number of good free MBR scanners out there; Avast, Kapersky, Noron's PowerEraser, etc.. All the top tiered AV/IS software have boot rootkit scanners. Then there is the issue of the likehood of rootkit infections on WIN 7 - very low. I guess for the XP people this will be a benefit.
Reasoning? Malware authors have a business to uphold, supporting "new" (Win 7 is 3+ years old) operating systems and bypassing their protection mechanisms is their main goal which has been fulfilled successfully looking at the current threat landscape.
Well this is a surprise ! I didn't expect to see a new ARK before the end of the year. Also at 21Mb's unzipped it's an Extremely large App. I initially wondered what they coded it with Then i realised it includes Def's etc, but they "appear" to account for only about 6Mb's, so ? So it's Not a true ARK like IceSword/GMER/RkUnhooker etc etc. In fact it's more like for eg, McAfee's Stinger etc, or a dedicated AV/AM that only concentrates on RK's. I know it's still at the Beta stage, so they "might" add in finer capabilities for analysis etc later ? Any new App that is able to detect/remove RK's is very welcome, so to Mbar for releasing this. I look forward to seeing how actually fares in reality with such nasties. Nothing nasty detected there ! but because i have ScriptDefender installed that intercepts those calls, & would prompt me for permission to run them, Mbar wrongly thinks it's Malware I've seen these FP's before with other Apps, so just ignore them, but others may not. & remove the protection ! I have one HD partitioned into C & D. C has Windows & Programs etc & some Data etc on it. D has Lots of Data/Music etc etc on it. I'm not sure why Partition 1 is showing NOT ACTIVE ? Or what Partitions 2 & 3 are ?