The manufacturer of Malwarebytes, one of the best antimalware we can find on the market, has launched a new free Anti-Rootkit tool which is currently in the testing phase.
Rootkits have the ability to infect the system in such a way that they can go unnoticed by the usual scanning methods, allowing attackers to have control over a computer for much longer.
Although it is true that many antivirus programs have the ability to detect and eliminate rootkits, in some cases it is necessary to use specialized tools such as Malwarebytes Anti-Rootkit (MBAR).
The program is free and you can download it from here, it does not require installation and it is very easy to use. Once downloaded, unzip the contents of the ZIP file or simply drag the mbar folder to the desk. Inside you will see the following:
The file mbar.exe marked on the image is responsible for launching the application with a double click, in case the program cannot run normally it can be run from safe mode or safe mode.
Before carrying out an analysis, it is advisable to update the database (Update button) to get the latest malware definitions from the internet:
Then the Next button is pressed and you will reach the scanning window where you should simply press the button Scan.
Malwarebytes Anti-Rootkit has the ability to detect and remove various rootkit types including those that infect boot sectors. Some examples of threats that you can eliminate are the TDL family, MaxSS, Srizbi, Necurs, Cutwail, ZeroAccess, Rloader, Mebroot / Sinowal, MoastBoot, Yurn, Pihar, SST / Elureon, among many others.
In case of detecting an infection, the program will request to restart the equipment, this is an essential step in the elimination process. Once it restarts, it is a good idea to run another scan to make sure the system is clean.
Finally mention that the MBAR package also includes the FixDamage tool.
What is it for? When this type of cleaning is carried out, it is possible that some system services affected by the rootkit stop working, this is where it comes into play fixdamage.exeto repair them:
It just runs and in the window that opens press the Y key (for Yes) to do its job, finally you have to restart the PC. It should be mentioned that it should only be used if after removing a rootkit you experience problems such as a lack of connection, a disabled firewall and the like.
Download: Malwarebytes Anti-Rootkit (MBAR)
It is important to note that it is in BETA status, it is not a final product and it may present errors. On the other hand, these kinds of programs do not fulfill the function of a resident Antivirus, that is, do not protect the team in real time. They are only run once to perform the analyzes without interfering with other security programs.
You can find more anti-rootkits in this Infospyware compilation and in this article I wrote some time ago about bootkits and MBR analysis.