Tag Archives | mbar

Thanks Malwarebytes!

I was just browsing the press sections on some of the anti-malware products I use and noticed that press.malwarebytes.org linked to my post on using MBAR at work.  Thanks Malwarebytes, wasn’t expecting to see that today! 


Continue Reading · 3

Malwarebytes Anti-Rootkit (MBAR) Review and Real World Test at Work

So yesterday I was sitting at my desk and I got an email from one of our Vipre Enterprise Antivirus Agents….

Machine:          PC  (
User:             domain\user
Scan Date:        11/13/2012 2:17 PM
Software Version: 5.0.4464 (we’re in the process of upgrading to version 6.1.22 which has current anti-rootkit tech)
ThreatDB Version: 13968
Policy:           FGWKS


Threat:     Trojan.Win32.Sirefef.pq (v)
Category:   Trojan
Severity:   Moderate Risk (since when are rootkits moderate risks?!?!)
Action:     Quarantined (not true…those rootkits are still very much there)
Traces Found:
Rootkit:       2724,c:\Windows\explorer.exe,c:\windows\system32\z
Rootkit:       916,c:\Windows\System32\svchost.exe,c:\windows\system32\z


So essentially what this email means is that the Vipre agent let a rootkit come through at some point, is now able to detect it, but cannot not remove it.

So, what to do now…I know!!!  I’ll test that new Malwarebytes Anti-Rootkit (MBAR) and then post to results to my blog…and here we are.

Ok, let’s extract the mbar.zip.  Here’s what we have.  Let’s double click on MBAR.


Once MBAR has been opened we’ll update the database


Once the database has been updated we’ll do a scan


MBAR finds 18 infections and removes them.


A subsequent scan via MBAR tells us that everything is clean


For a second opinion, we’ll turn to the proven Hitman Pro.  Looks all clean!





Continue Reading · 7