Malwarebytes Anti-Rootkit BETA

Discussion in 'other anti-malware software' started by Cudni, Nov 10, 2012.

  1. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  2. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    Pretty cool, but doesn't MBAM already effectively find and remove rootkits?
     
  3. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Yes it does, actually. I suppose this is more like a GMER-type tool that specifically targets the latest and greatest rootkits instead of just the general variety? Either way it ran without issue and found me to be clean. I wonder of the tool will remain free past Beta?
     
  4. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    754
    MBAM doesn't remove MBR/VBR based rootkits and patched drivers/code on privileged system files, as per the "we don't disinfect things" ideology MBAM is based on.
     
  5. Brian_12

    Brian_12 Guest

    Awesome! I'm looking forward to using it.
     
  6. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,873
    Just ran a scan...:)

    ScreenShot_MBAM_AR_scan_01.jpg

    ScreenShot_MBAM_AR_scan_06.jpg

    ScreenShot_MBAM_AR_scan_07.jpg

    ScreenShot_MBAM_AR_scan_08.jpg

    P.S. I didn't expect a result other than clean :D
     
  7. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,388
    Location:
    Lancashire
    i suppose the obvious question to ask is if MBAR picks up things which MBAM does not. is there not an anti-rootkit component already in MBAM or is MBAR going to pick up things MBAM does not?
     
  8. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,873

    Good question...BTW, here is the log result, which looks similar to an ordinary MBAM scan.

    Malwarebytes Anti-Rootkit 1.1.0.1009
    www.malwarebytes.org

    Database version: v2012.11.03.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 6.0.2900.5512
    *****This line Deleted because of identifying details********

    11/11/2012 11:39:37 AM
    mbar-log-2012-11-11 (11-39-37).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled: PUP | PUM | P2P
    Objects scanned: 24910
    Time elapsed: 20 minute(s), 35 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  9. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,873
    I have installed MBAR in another snapshot, and have gotten the same problem. It appears that I am unable to update to the latest database.

    ScreenShot_MBAM_AR2_01.jpg

    ScreenShot_MBAM_AR2_02.jpg
     
  10. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,873
    I just started scanning and about 30 seconds after the scan started, the GUI just disappeared. o_O

    ScreenShot_MBAM_AR2_scan_01.jpg
     
  11. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Worked here with no problems. No RKs found.
     
  12. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Same here, updated and scanned a few times, no problems or RK's. :D
     

    Attached Files:

  13. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    LW did you see a total scan time listed anywhere? It does create a scan log in the file folder you placed MBAR in, but all I see are times scans started (if I am reading it correctly).
     
  14. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    anyone tried this with Rollback rx ??:doubt:
     
  15. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    No problems, here. :thumb:
     

    Attached Files:

  16. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Great to see MBAR is finally out to clean nasty MBR based rootkits. Will this be compatible with AV or IS which already scans and removes MBR/VBR based rootkits? If so how?:doubt:
     
  17. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Yes it's there, basically the same as in Tarnak's, in post #8.
     
  18. wtsinnc

    wtsinnc Registered Member

    Joined:
    Oct 3, 2008
    Posts:
    943
    Running either XP Pro or Home Edition I couldn't get it to install; kept getting a prompt to switch to an administrative account which is where I already was.
    I finally got it to install in safe mode, then it wouldn't update.
    Skipped the update and scanned.
    Two "infections" found, both related to Comodo Time Machine.
    I understand how this type of application can trigger a malware scanner, but you'd think by now that CTM would be recognized as a legitimate application.

    Hopefully, just temporary glitches.
     
  19. mrpink

    mrpink Registered Member

    Joined:
    Mar 29, 2010
    Posts:
    376
    No problems on XP SP3
     
  20. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Okay, thanks. I didn't notice that it created both a scan log and system log. The scan log was not displayed after the scan, but was placed automatically in the file folder where MBAR resides.
     
    Last edited: Nov 11, 2012
  21. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    anyone tried with Rollback Rx installed?? Im getting a MBR warning..
    Should be due to rollback rx :doubt:
     
  22. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    I really can't get too excited over this.

    There are a number of good free MBR scanners out there; Avast, Kapersky, Noron's PowerEraser, etc.. All the top tiered AV/IS software have boot rootkit scanners.

    Then there is the issue of the likehood of rootkit infections on WIN 7 - very low.

    I guess for the XP people this will be a benefit.
     
  23. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    754
    Reasoning?
    Malware authors have a business to uphold, supporting "new" (Win 7 is 3+ years old) operating systems and bypassing their protection mechanisms is their main goal which has been fulfilled successfully looking at the current threat landscape.
     
  24. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Well this is a surprise ! I didn't expect to see a new ARK before the end of the year.

    Also at 21Mb's unzipped it's an Extremely large App. I initially wondered what they coded it with :D Then i realised it includes Def's etc, but they "appear" to account for only about 6Mb's, so ?

    So it's Not a true ARK like IceSword/GMER/RkUnhooker etc etc. In fact it's more like for eg, McAfee's Stinger etc, or a dedicated AV/AM that only concentrates on RK's. I know it's still at the Beta stage, so they "might" add in finer capabilities for analysis etc later ?

    Any new App that is able to detect/remove RK's is very welcome, so :thumb: to Mbar for releasing this. I look forward to seeing how actually fares in reality with such nasties.

    mar.png

    Nothing nasty detected there ! but because i have ScriptDefender installed that intercepts those calls, & would prompt me for permission to run them, Mbar wrongly thinks it's Malware :p I've seen these FP's before with other Apps, so just ignore them, but others may not. & remove the protection !

    I have one HD partitioned into C & D. C has Windows & Programs etc & some Data etc on it. D has Lots of Data/Music etc etc on it. I'm not sure why Partition 1 is showing NOT ACTIVE ? Or what Partitions 2 & 3 are ?
     
    Last edited: Nov 11, 2012
  25. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Release Notes and System Requirements would be appreciated.
     
Loading...