Malwarebytes Anti-Rootkit BETA

Discussion in 'other anti-malware software' started by Cudni, Nov 10, 2012.

  1. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
  2. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,854
    Pretty cool, but doesn't MBAM already effectively find and remove rootkits?
     
  3. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Yes it does, actually. I suppose this is more like a GMER-type tool that specifically targets the latest and greatest rootkits instead of just the general variety? Either way it ran without issue and found me to be clean. I wonder of the tool will remain free past Beta?
     
  4. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    849
    MBAM doesn't remove MBR/VBR based rootkits and patched drivers/code on privileged system files, as per the "we don't disinfect things" ideology MBAM is based on.
     
  5. Brian_12

    Brian_12 Guest

    Awesome! I'm looking forward to using it.
     
  6. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    Just ran a scan...:)

    ScreenShot_MBAM_AR_scan_01.jpg

    ScreenShot_MBAM_AR_scan_06.jpg

    ScreenShot_MBAM_AR_scan_07.jpg

    ScreenShot_MBAM_AR_scan_08.jpg

    P.S. I didn't expect a result other than clean :D
     
  7. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,411
    Location:
    Lancashire
    i suppose the obvious question to ask is if MBAR picks up things which MBAM does not. is there not an anti-rootkit component already in MBAM or is MBAR going to pick up things MBAM does not?
     
  8. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285

    Good question...BTW, here is the log result, which looks similar to an ordinary MBAM scan.

    Malwarebytes Anti-Rootkit 1.1.0.1009
    www.malwarebytes.org

    Database version: v2012.11.03.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 6.0.2900.5512
    *****This line Deleted because of identifying details********

    11/11/2012 11:39:37 AM
    mbar-log-2012-11-11 (11-39-37).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled: PUP | PUM | P2P
    Objects scanned: 24910
    Time elapsed: 20 minute(s), 35 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  9. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    I have installed MBAR in another snapshot, and have gotten the same problem. It appears that I am unable to update to the latest database.

    ScreenShot_MBAM_AR2_01.jpg

    ScreenShot_MBAM_AR2_02.jpg
     
  10. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    I just started scanning and about 30 seconds after the scan started, the GUI just disappeared. o_O

    ScreenShot_MBAM_AR2_scan_01.jpg
     
  11. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    Worked here with no problems. No RKs found.
     
  12. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,782
    Same here, updated and scanned a few times, no problems or RK's. :D
     

    Attached Files:

  13. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    LW did you see a total scan time listed anywhere? It does create a scan log in the file folder you placed MBAR in, but all I see are times scans started (if I am reading it correctly).
     
  14. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    anyone tried this with Rollback rx ??:doubt:
     
  15. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    No problems, here. :thumb:
     

    Attached Files:

  16. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    6,039
    Location:
    Parallel Universe
    Great to see MBAR is finally out to clean nasty MBR based rootkits. Will this be compatible with AV or IS which already scans and removes MBR/VBR based rootkits? If so how?:doubt:
     
  17. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,782
    Yes it's there, basically the same as in Tarnak's, in post #8.
     
  18. wtsinnc

    wtsinnc Registered Member

    Joined:
    Oct 3, 2008
    Posts:
    943
    Running either XP Pro or Home Edition I couldn't get it to install; kept getting a prompt to switch to an administrative account which is where I already was.
    I finally got it to install in safe mode, then it wouldn't update.
    Skipped the update and scanned.
    Two "infections" found, both related to Comodo Time Machine.
    I understand how this type of application can trigger a malware scanner, but you'd think by now that CTM would be recognized as a legitimate application.

    Hopefully, just temporary glitches.
     
  19. mrpink

    mrpink Registered Member

    Joined:
    Mar 29, 2010
    Posts:
    407
    No problems on XP SP3
     
  20. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
    Okay, thanks. I didn't notice that it created both a scan log and system log. The scan log was not displayed after the scan, but was placed automatically in the file folder where MBAR resides.
     
    Last edited: Nov 11, 2012
  21. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    anyone tried with Rollback Rx installed?? Im getting a MBR warning..
    Should be due to rollback rx :doubt:
     
  22. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    I really can't get too excited over this.

    There are a number of good free MBR scanners out there; Avast, Kapersky, Noron's PowerEraser, etc.. All the top tiered AV/IS software have boot rootkit scanners.

    Then there is the issue of the likehood of rootkit infections on WIN 7 - very low.

    I guess for the XP people this will be a benefit.
     
  23. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    849
    Reasoning?
    Malware authors have a business to uphold, supporting "new" (Win 7 is 3+ years old) operating systems and bypassing their protection mechanisms is their main goal which has been fulfilled successfully looking at the current threat landscape.
     
  24. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Well this is a surprise ! I didn't expect to see a new ARK before the end of the year.

    Also at 21Mb's unzipped it's an Extremely large App. I initially wondered what they coded it with :D Then i realised it includes Def's etc, but they "appear" to account for only about 6Mb's, so ?

    So it's Not a true ARK like IceSword/GMER/RkUnhooker etc etc. In fact it's more like for eg, McAfee's Stinger etc, or a dedicated AV/AM that only concentrates on RK's. I know it's still at the Beta stage, so they "might" add in finer capabilities for analysis etc later ?

    Any new App that is able to detect/remove RK's is very welcome, so :thumb: to Mbar for releasing this. I look forward to seeing how actually fares in reality with such nasties.

    mar.png

    Nothing nasty detected there ! but because i have ScriptDefender installed that intercepts those calls, & would prompt me for permission to run them, Mbar wrongly thinks it's Malware :p I've seen these FP's before with other Apps, so just ignore them, but others may not. & remove the protection !

    I have one HD partitioned into C & D. C has Windows & Programs etc & some Data etc on it. D has Lots of Data/Music etc etc on it. I'm not sure why Partition 1 is showing NOT ACTIVE ? Or what Partitions 2 & 3 are ?
     
    Last edited: Nov 11, 2012
  25. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,618
    Release Notes and System Requirements would be appreciated.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.