malwarebytes effectiveness

xxsilk109xx

xxsilk109xx

New Member
Reaction score
1
Location
Savannah, GA
I have been using this combo of malwarebytes and superantispyware to run scans for virus's

I have usually had great results with the two, however today I ran a scan on a really infected computer, malwarebytes found some 500 infected files. Cleaned them up, rebooted and I was splash after splash of fake virus programs. I rebooted into safe mode and ran another malwarebytes scan and it came up with nothing:(

After I run malwarebytes it usually gets rid of the nasty stuff, then i pull up SAS and get rid of the adware, browswer hijacker, etc. But lately it seems that malwarebytes hasnt been doing that good of a job..

For example on the computer I stated above, I ran MS security essentials and it found 5 trojans that malwarebytes didnt find...

just seems weird.
 
xxsilk109xx said:
I have been using this combo of malwarebytes and superantispyware to run scans for virus's

I have usually had great results with the two, however today I ran a scan on a really infected computer, malwarebytes found some 500 infected files. Cleaned them up, rebooted and I was splash after splash of fake virus programs. I rebooted into safe mode and ran another malwarebytes scan and it came up with nothing:(

After I run malwarebytes it usually gets rid of the nasty stuff, then i pull up SAS and get rid of the adware, browswer hijacker, etc. But lately it seems that malwarebytes hasnt been doing that good of a job..

For example on the computer I stated above, I ran MS security essentials and it found 5 trojans that malwarebytes didnt find...

just seems weird.
Click to expand...
Not weird at all, the black knights will always be ahead of the game. This is the reason you need to manually identify the core elements of virus/malware infection rather than rely upon consumer-focused scanning software. What rootkit tools do you use?
 
Well how do you manually identify the core elements for each virus?

I use sophos anti root kit, can you maybe suggest something better?
thanks!
 
I use GMER as my first shot, but will also use Icesword, Rootkit Unhooker & Backlight Eliminator.
 
The days of mbam and spybot saving the day are over, I've said it many times. We are in the new age of the rootkit and worse.

Work on your manual virus killing skills or you wont survive 2010.
 
So far I haven't had a system that security essentials couldn't clean up. I don't know if leaves any traces behind but it kills the active component of whatever it does find which is what counts. It's less resource intensive than superantispyware and it's free.
 
NYJimbo said:
The days of mbam and spybot saving the day are over, I've said it many times. We are in the new age of the rootkit and worse.

Work on your manual virus killing skills or you wont survive 2010.
Click to expand...

Quite right. The people writing the malicious software have gotten much better at avoiding detection.
 
usacvlr said:
So far I haven't had a system that security essentials couldn't clean up. I don't know if leaves any traces behind but it kills the active component of whatever it does find which is what counts. It's less resource intensive than superantispyware and it's free.
Click to expand...

MSE is really turning into a great move from MS, but its a shame they took so long to come up with it. When I first used it I was less than impressed, but now it goes in every vista box I clean and most XP machines unless they have something already running. Today I cleaned up a ladies machine that had "Cyberdefender" which did nothing for her. After purging all the crap I left her with MBAM and MSE and told her to stop using utorrent and limewire

As long as MS doesn't turn into pricks and try to charge for MSE they will take a GIGANTIC bite out of the Antivirus industry.
 
I agree with the statements of "you wont survive 2010 without knowing how to manually kill 'em" and just out of curiosity did you update MBAM before you ran the scan, the main reason i ask is because i ran into a really nasty one and found it had only been in the system less than 2 weeks, but basically you couldnt open anything (even explorer) even in safe mode, to get around i had to open safe mode with command prompt and work from there but MBAM couldn't update at all so i had to manually remove them, in the end i also had to do a repair as well. maybe someone here with a bit more knowledge could advise on some rootkit tools and let us know the pro's and cons?

What do people think of RootRepeal?
 
iptech said:
That site hasn't been updated in over two years. It used to be a good site, it's OK to learn the basics of rootkit detection, but the software links souldn't be relied upon.
Click to expand...

I know, I was just showing him a variety of the anti-rootkit tools that are available.
 
Rootkits now a days are really bad, it doesn't matter if you run mbam or sas they both can come up clean if you have a rootkit or some new malware, what is needed in fighting any kind of malware is a understand of what windows should be doing and what it shouldn't, start reading your anti-malware programs results of what and where they find items, start learning how to use programs like process explorer and autoruns. No one program is going to catch everything, I have noticed here lately mbam is catching more things than sas but tomorrow it may be the other way around. Malware writers will all ways be a step ahead of anti-mailware programs, you need to try to keep all your anti-malwares up to date, malware comes out everyday. I find it helpful to be able to work outside of windows with live CD's like Dr. Web, Avira Rescue, UBCD, UBCD4win, etc.

Here is some anti-rootkit programs you might want to try:
(Some are old programs but free, see which ones catchs the most)
Gmer (Gmer is what combofix uses) http://www.gmer.net/
TDSS Killer http://support.kaspersky.com/downloads/utils/tdsskiller.zip
AVG Rootkit Remover http://www.softpedia.com/get/Antivirus/AVG-Anti-Rootkit.shtml
Avira AntiVir AntiRootkit Tool http://dlpro.antivir.com/down/windows/antivir_rootkit.zip
F-Secure Rootkit http://www.softpedia.com/get/Antivirus/F-Secure-BlackLight-Rootkit-Detection.shtml
McAfee Rootkit Detective http://download.cnet.com/McAfee-Rootkit-Detective/3000-8022_4-10720121.html
SYSINTERNALS/MS RootkitRevealer http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx
RootKit Unhooker http://forum.sysinternals.com/uploads/20071210_182632_rku37300509.rar
Spybot S&D RootAlyzer http://forums.spybot.info/downloads.php?id=8
Trend Micro Rootkit Buster http://www.trendmicro.com/download/rbuster.asp
Icesword http://mail.ustc.edu.cn/~jfpan/download/IceSword122en.zip
(Remember not all rootkits are bad)
 
Manual rootkit removal is the only way to go in my opinion. It is the only way to get rid of the bad stuff in a timely manner and it isn't hard once you have done it a couple of hundred times.

I mostly learned my manual removal techniques by looking at what the scanners where flagging. I also find combofix + malwarebytes to be effective when things still aren't quite working right and/or you have a litlle extra time.
 
MSE misses some rootkits too and certainly cannot clean all the ones it spots.

There is no single automated tool for finding and cleaning all rootkits. As far as I can tell amongst the best tools around are: GMER, Kernel Detective and Rootkit Unhooker. They require knowledge and experience to use and it is not always obvious how to clean an infection even if you find one.
 
My normal routine is to clean the machine of junk files if possible, disable everything that autostarts and reboot. After reboot run Process Explorer, pause anything suspicious in Process Explorer and the run SAS Portable Quick Scan. When it's done reboot, do the same as above but with MBAM quickscan. Normally after that I can go through and manually remove anything that is suspect, run Auto-Runs and remove links to anything that is missing a file or I know shouldn't be there, and then run Hi-Jack this to double check. I also run some of the other tools that are quick to run just to be safe like CWS Shredder, TDDSKiller, and a few others. Usually they return nothing though.
 
You must log in or register to reply here.

Similar threads

Appletax
[SOLVED] Computer occasionally deletes audio drivers on Dell Vostro 7500
Replies
3
Views
584
Appletax
Appletax
HCHTech
M365 Office apps crashing on open
Replies
4
Views
751
HCHTech
HCHTech
britechguy
ListHotKeys - VBS to PS1 conversion - Why doesn't the latter give me the pop-up?
Replies
0
Views
75
britechguy
britechguy
HCHTech
Windows server activation problems
Replies
12
Views
554
Sky-Knight
Sky-Knight
Appletax
[SOLVED] Intel Rapid Restore Driver Causes BSOD - DRIVER_POWER_STATE_FAILURE
Replies
3
Views
593
Appletax
Appletax
Back
Top