Malwarebytes Anti-Rootkit (MBAR) Review and Real World Test at Work

So yesterday I was sitting at my desk and I got an email from one of our Vipre Enterprise Antivirus Agents….

Machine:          PC  (10.30.11.29)
User:             domain\user
Scan Date:        11/13/2012 2:17 PM
Software Version: 5.0.4464 (we’re in the process of upgrading to version 6.1.22 which has current anti-rootkit tech)
ThreatDB Version: 13968
Policy:           FGWKS

—————–

Threat:     Trojan.Win32.Sirefef.pq (v)
Category:   Trojan
Severity:   Moderate Risk (since when are rootkits moderate risks?!?!)
Action:     Quarantined (not true…those rootkits are still very much there)
Traces Found:
Rootkit:       2724,c:\Windows\explorer.exe,c:\windows\system32\z
Rootkit:       916,c:\Windows\System32\svchost.exe,c:\windows\system32\z

—————–

So essentially what this email means is that the Vipre agent let a rootkit come through at some point, is now able to detect it, but cannot not remove it.

So, what to do now…I know!!!  I’ll test that new Malwarebytes Anti-Rootkit (MBAR) and then post to results to my blog…and here we are.

Ok, let’s extract the mbar.zip.  Here’s what we have.  Let’s double click on MBAR.

mbar-icon

Once MBAR has been opened we’ll update the database

mbar-database-update

Once the database has been updated we’ll do a scan

mbar-scan

MBAR finds 18 infections and removes them.

mbar-infections

A subsequent scan via MBAR tells us that everything is clean

mbar-scan-no-more-rootkits

For a second opinion, we’ll turn to the proven Hitman Pro.  Looks all clean!

hitman-pro-scan



 


 

 


, , ,

7 Responses to Malwarebytes Anti-Rootkit (MBAR) Review and Real World Test at Work

  1. Brian November 15, 2012 at 3:22 am #

    Excellent results! Thanks for sharing, Matt.

  2. Dave November 15, 2012 at 2:34 pm #

    Wow, I have not used MBAR before and just read the tutorial at bleeping computer. Sounds like a great tool to have, I especially like the the fixdamage.exe feature. i could have used that in the past for sure! Thanks Matt.

  3. Clint Hill November 16, 2012 at 8:42 am #

    I really love the simple GUI and effectiveness of this anti-virus software. It provides just the protection I need. Keep up the good work guys. 🙂

  4. Simon November 16, 2012 at 3:37 pm #

    If its anything as good as its sister product MBAM it will be awesome. However as its only in Beta for novice computer users it may be best to wait for the Final release.

  5. Dave Curtis December 11, 2012 at 3:33 am #

    Matt you are well known and respected. Even on other Malware help sites. Kudos. Dave

Trackbacks/Pingbacks

  1. Thanks Malwarebytes! | Remove-Malware.comRemove-Malware.com - December 10, 2012

    […] the anti-malware products I use and noticed that press.malwarebytes.org linked to my post on using MBAR at work.  Thanks Malwarebytes, wasn’t expecting to see that […]

Leave a Reply