Malwarebytes Anti-Rootkit Beta

For discussions about security.
Post Reply
Message
Author
User avatar
xman
Posts: 144
Joined: Thu 24 Sep 2009, 06:31

Malwarebytes Anti-Rootkit Beta

#1 Post by xman »

I downloaded and ran latest free Malwarebytes Anti-Rootkit Beta in my Windows machine some days ago. Mbar told that there is probably some rootkit activity because of some appinitdll's and asked permission to remove them. After scan I have to remove 'betterinstaller.exe' which was malware according Mbar.

Couple days later I found that I have problems with flash video when I use any Trident browser: no full screen. I found also browser periodically unresponsive. I run Microsoft Fixit, restored IE settings and removed couple of programs I have lately installed but problem remained.

Many hours later Mbar Beta was my primary suspected. I use restoration point which Mbar created when it removed 'bi.exe malware': No effect. Then I used earlier restoration point done by Microsoft update: Full screen was back. I installed all Microsoft Updates available and video was OK and browser responds.

Reliable Kaspersky Anti-rootkit utility TDSSKiller found nothing but stupid me. I ran again latest Malwarebytes Anti-Rootkit Beta and removed appinitdll's it asked to do but not 'betterinstaller.exe' which was now safe. IE full screen video was gone but I got it back after using Microsoft update restoration point.

Conclusion: bi.exe could be adware and rare antivirs detect it as adware according Virustotal, but Mbar was real malware which broke my system. It's okay because it asked my permission before it did it.

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#2 Post by Barkin »

I regularly use Malwarebytes main product, MBAM. On a very few occasions it generated false-positives.

I use MBAM as a somewhat-paranoid second opinion for Microsoft's own-brand anti-malware.

cthisbear
Posts: 4422
Joined: Sun 29 Jan 2006, 22:07
Location: Sydney Australia

#3 Post by cthisbear »

Malwarebytes Antimalware Free is the Antz pantz.

As for the other ...Beta = Beware.

This is the genuine one??????

http://support.microsoft.com/kb/197571

http://msdn.microsoft.com/en-us/library ... 63040.aspx

and this is.

http://www.prevx.com/filenames/37151188 ... T.DLL.html

Chris.

User avatar
nubc
Posts: 2062
Joined: Tue 23 Jan 2007, 18:41
Location: USA

#4 Post by nubc »

@ cthisbear
I'm now using Microsoft Security Essentials on XP boxes, which pretty much disallows Malwarebytes Anti-malware. What is your opinion of MSE, cthisbear?

EDIT: Just read a review claiming that MSE is very difficult to uninstall, even with MS-provided remover. This reviewer claimed that after MSE (unsatisfactorily) uninstalled, attempts to install AVG subsequently failed. I haven't unistalled MSE before, will have to try it.
Last edited by nubc on Wed 12 Dec 2012, 21:31, edited 1 time in total.

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#5 Post by Barkin »

nubc wrote:... I'm now using Microsoft Security Essentials on XP boxes, which pretty much disallows Malwarebytes Anti-malware.
I use MSE continuously, and occasionally use the free version of MBAM for a second opinion that my computer is clean, (as I mentioned previously MBAM can occasionally give false-positives).

i.e. MSE does not block my occasional use of the free version of MBAM, (which does not have "real-time" scanning). NB: two "real-time" antmalware programs running simultaneously could slow each other down and cause conflicts, ( like two security guards chasing each other, each mistaking the other for an intruder ).

User avatar
xman
Posts: 144
Joined: Thu 24 Sep 2009, 06:31

Mbar was the only one

#6 Post by xman »

A week ago I had time to play dangerous game with free antiviruses: Panda Cloud, Microsoft Security Scanner, Kaspersky Cloud Scanner, Bitdefender, SuperAntiSpyware, Kingsoft 3.5 & 5.5, Avast, MBAM, McAfee Labs Stinger, and rootkit scanners: Kaspersky TDSS, MBAR, Avast. Panda was primary antivirus installed in 7 and it was extremely aggressive against Avast products: rootkit scanner exe was send to Panda recycle bin four times before I shut down Panda, and trying to install Avast antivir was blue screen issue.

Malwarebytes Anti-Rootkit Beta was only one which find something 'suspicious' and removed needed safe stuff.

User avatar
xman
Posts: 144
Joined: Thu 24 Sep 2009, 06:31

#7 Post by xman »

Barkin wrote:NB: two "real-time" antmalware programs running simultaneously could slow each other down and cause conflicts, ( like two security guards chasing each other, each mistaking the other for an intruder ).
Old fact is that two active antivirus can't live in same computer, but times can change: Kingsoft Antivirus 2012 is designed to work along with other antivirus products despite being a real-time antivirus and antimalware scanner, as exception products using Vipre engine.

Test results:
http://www.kingsoftsecurity.com/forum/v ... f=9&t=1302

[Dec 12] Kingsoft Antivirus 2012 SP5.6 Officially Released:
http://www.kingsoftsecurity.com/forum/v ... f=9&t=1320

Review:
http://www.instantfundas.com/2012/08/ki ... -free.html

Post Reply