Ubuntu and Malwarebytes

[jacobmlcanderson]

My name is Jacob Anderson, and I absolutely LOVE freewares. I'm a Windows freeware fanatic, a guy with no credit card but a nag for software that does many things for me. Malwarebytes and MSE are the two antivirus freewares I use in combination to protect my computers and my friends' computers. I love the idea of a free OS, too. I'm into using Ubuntu, and I have even got an 8 gig flash drive that I can boot Ubuntu up from on any computer that boots usb. Thanks to Linux's amazing hardware compatibility, drivers are RARELY an issue for booting from the flash drive for any computer! I'm posting because I think it would be one small step for me and a giant leap for Malwarebytes if they created a .deb installer for Linux that scans hard drives with Windows installed on them. The reason I'd like to do this is because I dealt with the Windows Pro Defense virus on one of my friends' computers. It was the worst spyware I'd ever seen! I had to rename the mbam.exe to something random lik jfkldssdl.exe just so it would run, and then every time the scan completed and I tried to remove the files the spyware caused Malwarebytes to stop responding. I had to use a portable task-manager freeware called Daphne Portable (Because Windows task-manager was not being allowed to run) to find the process, then find the executable. I couldn't delete it in windows so I took note of the file path booted from Ubuntu on my flash drive to delete the virus's executable file. Finally I booted, scanned, and cleaned off the mess left from the virus's war we had. I just think it would be amazing if we could boot up a free operating system (Linux) that was compatible with Malwarebytes and clean off these extremely clever and complex spywares like Windows Pro Defense. I don't know what kind of work it takes to make a stable version for Linux, but unfortunately it's just something that Linux Wine will never really handle. Linux and Malwarebytes working together would be an amazing freeware combination that will knock viruses and spyware off their feet before they know what's happening, and I'd be thrilled to see this happen sometime. Thank you everybody for your time and consideration! =)

[daledoc1]

Hello and welcome to MBAM forum:

Glad you like MBAM!

That's QUITE a wall of text , but it looks as if you are asking if there is a Linux/Ubuntu version of MBAM?

At least as of Dec 2011 and THIS POST by forum moderator, Exile360, there is no Linux version of MBAM:

There is no Malwarebytes version for Linux at this time. Currently Malwarebytes Anti-Malware only works with Windows.

I'm sure one of the MBAM staff will have a more complete, more technical & updated reply for you on this question.

Cheers!

daledoc1 (just a Windows home user)

[jacobmlcanderson]

Thanks =)

[exile360]

We don't have anything for Linux at the moment, however, we do have something very powerful for dealing with infections that try to block Malwarebytes Anti-Malware from running, namely Malwarebytes Chameleon. Please refer to these tutorials for details on how to use Malwarebytes Chameleon and other methods to deal with persistent threats that block Malwarebytes Anti-Malware and other tools from running, I'm certain it will prove useful .

[DarkSnakeKobra]

Last time I checked it didn't run under WINE. The only thing I found to work was Spybot. For Linux security I normally recommend:

OSSEC

ClamAV

Rkhunter

Tiger

Chkrootkit

Firestarter

[jacobmlcanderson]

Thank you all for your responses, I'll do some looking into the Malwarebytes Chamelion. I did find a way to boot an OS from a flash drive and run Malwarebytes, though, and it works great!

[screen317]

Which OS did you boot from?? How was Malwarebytes Anti-Malware put the flash drive??

[DarkSnakeKobra]

Which OS did you boot from?? How was Malwarebytes Anti-Malware put the flash drive??

I'm very curious too?

[AdvancedSetup]

You can easily boot from a USB drive with a Windows OS and install Malwarebytes on it, but it will scan that OS not the OS of the infected system. All it is then is a flat file scanner which your Anti-Virus would be much better at. Malwarebytes will scan the loaded Windows registry and file system which in this case is the USB drive. You can tell it to scan the infected drive but again that is not the same thing as running directly from the infected system which is how Malwarebytes works.

[jacobmlcanderson]

Well, I guess I'll tell my secret, lol. I installed Linux Ubuntu on a flash drive and installed VirtualBox to add a Windows XP virtual machine. I installed malwarebytes on the Windows XP VM and just have to boot up from the flash drive, boot up the WinXP VM, mount the hard drive that needs to be scanned in the VM, and scan it! Linux Ubuntu takes care of the drivers, so you can boot up on pretty much any computer that's not bore-you-to-death slow, and then the virtual machine drivers are simply handled by VirtualBox. So, there you have it; a way to boot up from a flash drive and use Malwarebytes to scan a hard drive! This technique isn't very problematic, I think it's an extreme accomplishment.

[AdvancedSetup]

Except for the fact that flat file scanning which is what you're doing is probably only about 10% of the power that Malwarebytes would have if it were running directly from the affected operating system. I'll say again, your Anti-Virus will be much better at doing flat file scanning than trying to do what you're doing.

[DarkSnakeKobra]

I agree. Malwarebytes' true power is being run directly on the infected machine when the malware is active. Similar reason why safe mode is not recommended. The mounted OS is not running and such the malware would likely not be active.

[jacobmlcanderson]

Windows Pro Defense prevents Malwarebytes from running. You can rename the executable file or using Malwarebytes Chameleon, but with the Windows Pro Defense virus either way it will freeze up Malwarebytes during the removal of the files it finds. Booting from a remote OS leaves the virus dormant and removes the files (the executable, mainly) that prevent Malwarebytes from removing ANY files. So, booting from the remote OS first and then running Malwarebytes in the actual OS is how you can get rid of that particular virus. Otherwise you must MANUALLY remove the executable first like I did, and you'd have to have computer knowledge, which not ALL users of Malwarebytes have. I'm sure there will be more really nasty viruses like this one, too, so I think there is atleast some good that I contributed by coming up with a way to boot from a flash drive to any computer and scan using Malwarebytes, a freeware that I think is AMAZING, and recommend to everyone that asks me for help.