Malwarebytes Anti-Rootkit BETA

I still hope you changed your mind

Oh if you just knew how I wished you've been right... Unfortunatelly we have a LOOOT of rootkit samples infecting Windows 7 x86 and x64 on a kernel level breaking through x64 drivers signature verification enforcement. Some of these rootkits infect even Windows 8 right out of a box so it seems I would not lose my job because of lack of bad guys now and on.

 

I always like it when developers come here to interact with the users
Can you answer my post #26?
https://www.wilderssecurity.com/showpost.php?p=2143160&postcount=26

 

someone plz test MBAR with Rollback rx .. Im getting MBR detection ..
Hitman pro also detected Rollback rx as bootkit( that solved with compatibility mode)

 

Thanks for the explanation. I am glad your product is more through. it is nice that it also has a fix for system restore, windows firewall etc since I normally have to fix those manually. Would it still be advisable to run mbam after MBAR? what is the best mode to run MBAR in normal mode or safe mode with networking?

 

Hi Arif

Can you answer my Questions from my post 30

https://www.wilderssecurity.com/showpost.php?p=2143381&postcount=30

 

This is unclear to me, in theory MBAR should skip empty or space-only strings, will take a look closer into that. Could you please check for me: is it endeed an empty string or some white-space characters present there?

 

Could you please do the following:

Run your MBAR from an elevated command prompt using /v switch, which enables a verbose output:
mbar.exe /v
proceed with a scan and after all send me a system-log.txt file?

 

Normally MBAR does all neccessary job to cleanup the computer. But you know, some beasts are artful hence to be absolutely sure I would suggest to spend a time for a full MBAM system scan after all.

 

MBAR involves a quite new technology for Malwarebytes so we have to be absolutely sure it is stable and does no harm to user computers. Rootkits are not the same as a regular malware so this is possible that a code update is neccesary to go after some new variant when it is not enough to just update a definition. So we suppose a quite frequent updates of the rootkit scanner, thats why it has only ~1 month expiration period, but you'll have a newer version available for download after the current one has been expired. After some time when the technology is proven robust and safe we suppose to integrate it into MBAM but please consider that a potentially more light-weight and more flexible in this sence MBAR will be one-step ahead of our big and heavy flagship. So I suppose MBAR will exist even after such integration occured as a sort of a test bench to hit newest rootkits and it is possible it will always be in a BETA stage because of that.

 

Also will it integrate it into mbam when it is Final Yes or no

 

That depends on a lot of things, including the beta testing results.

 

in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
I have AppInit_DLLs (REG_SZ), data shows blank space, if I chose Modify value data it is empty, no blank space, if I chose Modify binary data it shows "0000 00 00" but I can't edit that. I also have the REG_DWORD LoadAppInit_DLLs with data "0x00000000 (0)" and Modify value shows 0 and Hexadecimal. Modify binary data shows "0000 00 00 *lots of spaces* ...." and that I am able to edit.

 

Will integration of AR be part of the paid product? For those who already have life time license, will we still get it or will there be another fee for extra feature?
Honestly I don't mind paying more for extra feature. One thing that I would hate, would be MBAM becoming bloated.
Just keep it nice and lean.

 

MBAM is like a well oiled machine. I hope they leave it alone too.

 

verbose mode not opening..
I tried to download new version.. but the downloaded version is same as that i have ..

 

Hello,

Would you have any comments at to how MBAR measures against Zemana ? Any comments you may have would be appreciated.

 

They are very different products - don't see how they can be compared.

 

I asked the Dev on behalf of several that use Zemana as a courtesy, if there is something forthcoming, there will be, if there are no comments forthcoming, I'll assume no comments will be offered.

 

I understand that you want to hear it from the Dev and not me - let's see if his answer is any different.

 

Yes, there is no implied offense, since the Dev chimed in on thread, my query is aimed at the Dev for her | his perusal.

 

As a "Security Expert" you could have had the courtesy of explain them that they are impossible to compare. Just saying.

 

Why impossible? MBAM and Zemana cover a lot of the same ground. Even thou one is more aimed towards being Antikeylogger.

 

I am the person for whom the difference between Zemana and MBAR was being requested. Rather than try to get my answer via a 3rd party, I am here directly.

Not being security oriented enough to know, can you or the developer tell me what the key differences are with and Antikeylogger and Zemana that is touted as an Antilogger? Would one compete with the other in some way and cancel one out if running together or can they not be run that way?

I am totally confused at this point.

 

Zemana antilogger is a HIPS/BB like program which gives pop-ups(though they have a whitelist and new cloud features) whether some program is allowed to log keystrokes clipboard etc.
MBAR is a on-demand rootkit scanner, for if you suspect your system is infected or you can't clean a rootkit with normal programs. So it is not comparable with Zemana AL, but perhaps you mean MBAM.
MBAM is in free mode an on-demand general anti-malware scanner and the paid version adds realtime scanning and website blocking, much like a normal anti-virus only it focuses on threats that AV's are less good at.