The future of malwarebytes and superantispyware.

Discussion in 'other anti-malware software' started by bollity, Jun 19, 2011.

Thread Status:
Not open for further replies.
Page 2 of 2
  1. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    :) :D :D
     
    PJC, Jun 29, 2011
    #26
  2. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    862
    Personally I've never found MBAM very useful for rootkits, but looking into it more I find that it's actually is capable with a few:

    Comparitive Analysis of Rootkit Detection Techniques, May 2011:
    http://sce.uhcl.edu/yang/research/A Comparitive Analysis of Rootkit Detection Techniques.pdf

    namely Rustock, Black Energy, and even Zeus/Zbot. It shows that it's not able to remove TDL3 though. It'll find the TDL3 droppers though if you're lucky enough to scan before they install.

    Interestingly Table 7 suggests MBAM and Combofix are the best combination for automated removal of rootkits, at least while the system is active. Obviously better to mount the HDD offline if a rootkit is suspected though.

    SAS OTOH can definitely remove an established TDL3 rootkit. Can't remember if it can do TDL4 while the system is active, probably not.
     
    Last edited: Jun 29, 2011
    RJK3, Jun 29, 2011
    #27
Page 2 of 2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...