Malwarebytes Anti-Rootkit BETA

Before the GUI opens, I get a message stating AppInit_DLLs registry key found, but when I look it up in the registry, there is only an empty key, no data. If I click No and do a scan with MBAR, it finds nothing.

 

Partition zero is the boot partition C: "Active" implies bootable Vs your data partition "1" (assigned D: ) which is inactive. Sounds like you have two additional partitions that do not have drive letter assignments. You should be able to view them in "disk management".

 

From ghacks.net
"The disclaimer display information about the beta, including that the copy of the product
will expire on December 10, 2012 automatically.It is not clear what will happen on that day.
Will there be a free version just like the Anti-Malware that is offering a reduced functionality?
Or will this be a commercial product only?"

 

This is correct. MBAR will deal with these things. MBR/VBR/patched files/ Hidden from Mbam etc.


The expiration date is set on the beta cause its a beta. We do not want people running an old version of the beta forever. There is a lot of Low level Tech going on here and if we find a problem with this version we do not have to worry about people still running it after this time.

 

Hi

Will the Programm integrate into the Malwarebytes AntiMalware

And when will you Release it

Any Forum for it

 

Very Nice Runnin Smooth
Thanks Cudni

 

Same question here.

 

We are not sure about the final level of integration yet.

 

Bruce

 

@ Victek123

Hi & thanks for responding

Regarding Active. I was thinking back to a couple of years ago when i used fdisk to delete my partitions & then recreate C & D & then make them both active, & then reinstalled Windows & my Apps etc etc.

I don't have Any additional partitions that i created ! I was in ShadowDefender mode when i used Mbar, so it "might" have seen that as one ? Also i had a USB drive attached at the time, which "might" have been the other ?

I notice from others screenies above that they also have similar extra partitions showing. If they could let me know what they are, that could help to clear things up

 

I also was in ShadowMode w/SD when testing/scanning with MBAR Beta.

 

Regarding partitioning here's a good article:

http://www.bleepingcomputer.com/tutorials/understanding-hard-disk-partitions/

Part way down there is this:

Each hard drive also has one of its possible 4 partitions flagged as an active partition. The active partition is a special flag assigned to only one partition on a hard drive that the Master Boot Record (MBR) uses to boot your computer into an operating system.


One way you can wind up with an extra partition is Windows 7 typically creates a "System Reserved" partition without a drive letter assignment during installation.

 

I hope it is integrated. Wouldn't want two mbams running around the house.

 

@ CloneRanger

Hi,

I used to have 3 drives, before my data drive started acting up a couple of years ago.( See Hardware forum, where I reported my problem in Dec 2010)



Now, I am down to 2 drives, as can be seen in the second image in my screenie. Hope, that helps explain about the partitions, even though I (really) don't have any.

 

Bleeping Computer has just published an excellent tutorial:

How to use Malwarebytes Anti-Rootkit to remove rootkits from a Computer

 

Wait...not saying you're wrong but what do you mean by that?

MBAM is one of the BEST removal tools/secondary scanners to have on your computers...?

Or do you literally mean disinfect as in healing files vs removing them?

 

I'm pretty sure that's what it means. MBAM doesn't "heal" files like an AV might. If the file is infected, MBAM shows it the door.

 

It is nice that mbam are providing a dedicated antirootkit tool.
I know it is only beta but it is slower than other tools and is also a bigger download. I didnt expect it to be this slow considering how quick mbam is and how quick other dedicated antiroot kit tools are.

 

It's not slow here for me. In fact I found it faster at scanning than Gmer.

 

@ LoneWolf

Thanks

@ Victek123

Thanks for the link Very good info

@ Tarnak

Thanks for the screenies

 

Hello everybody,

My name is Arif and I'm the lead developer of this product. You may ask your questions to me.

 

Time is listed in a detection log file (other than system-log.txt) as:

"Time elapsed: ## minute(s), ## second(s)"

 

Unlike most other anti-rootkit tools, MBAR supposed to be complete solution for rootkits, i.e. it removes all remnants which may exist in an infected system. As you might know "rootkits" are often just a "vessel" for a bunch other malware as its payload. Most AR scanners like TDSSKiller remove only the "core", leaving all other stuff alone, so additional general antimalware scan is still neccesary. MBAR intended to provide a complete cleanup of the infected system, so the size and an overal scan time. You can disable "System" scan by unchecking the correspondent checkbox on a "SCAN" page to convert your MBAR into a ordinary fast rootkit scanner. But again, this will drammatically reduce detection rate and there is no warranty the removed rootkit is not rised again after cleanup.

 

Thanks, found the log.

 

Could you please upload those files somewhere for me be able to fix false positives?