Jump to content


Photo

Detecting and Removing Rootkits


  • Please log in to reply
8 replies to this topic

#1 Utopian

Utopian

    New Member

  • Members
  • Pip
  • 34 posts
  • Gender:Male
  • Location:Iloilo

Posted 18 May 2009 - 03:42 AM

Can Malwarebytes detect/remove rootkits? and if so, how good is it at detecting and removing these?

#2 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,017 posts
  • Gender:Male

Posted 18 May 2009 - 04:15 AM

Yes it can, and it's pretty darn effective in my experience :P . Just note, there are a few rootkits out there right now that specifically target Malwarebytes' and other security tools and sites from loading and these often have to be handled with the assistance of a more knowlegable person to help a user disable the rootkit and then use the other tools, like Malwarebytes' Anti-Malware, to get the rest of the infection(s).
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 Utopian

Utopian

    New Member

  • Members
  • Pip
  • 34 posts
  • Gender:Male
  • Location:Iloilo

Posted 18 May 2009 - 04:25 AM

Thanks for the response exile360. Currently I'm looking for the best rootkit scanner/remover but since malwarebytes does remove rootkits then I don't need look further? If i still need to, could you recommend anything here? In a scale of 1 to 10 how would you grade Malwarebytes at removing rootkits?

#4 Utopian

Utopian

    New Member

  • Members
  • Pip
  • 34 posts
  • Gender:Male
  • Location:Iloilo

Posted 18 May 2009 - 04:40 AM

The reason why I'm looking for the best rootkit scanner is because recently Malwarebytes took so long to update(your also replying in my other post :P), and sometimes my PC lags for no apparent reason, I thought this could be due to a rootkit.

I only use AVG AV as security protection and Malwarebytes for on demand scan, I update them daily for about 2 months now since I got my PC. Problem is in my scouting for rootkit removers I could see that most of these have negative effects when they remove the rootkits and also it seems that no tool is close to perfect, in my readings AVG rootkit remover had best reviews but its been discontinued by AVG in 2007(so its old), although you can still get it from other sources. No reviews on how Malwarebytes does in this, thats why I asked here its performance grade for detecting and removing rootkits.

#5 exile360

exile360

    exile

  • Administrators
  • PipPipPipPipPipPip
  • 16,017 posts
  • Gender:Male

Posted 18 May 2009 - 04:57 AM

Oh, ok. Well if you want an AV (arguably more effective than AVG), not only at detecting rootkits, but also other threats as well, then you have many choices, and two of them are free: Avira and Avast! (both free) and if you're willing to purchase I'd recommend either Kaspersky or NOD32. As far as dedicated rootkit detectors, I've used BlackLight (made by F-secure) on many occasions, but much like AVG's rootkit scanner, it hasn't been updated in a long time ;) . There are better anti-rootkit tools out there, but honestly they aren't really for use by those without extensive knowlege about how they work and what's good and what's bad. The tools I'm talking about are those like RootkitRevealer, GMER and RootRepeal. Those three usually require assistance by someone more knowlegable to analyze the logs (such as the individuals who assist in our own Malware Removal - HijackThis Logs area of the forum ;) ) or by the members on the Sysinternals forum.

As a side note, I've seen many use MBAM along with the AV's I mentioned and they've had excellent protection with it and they seemed to get along quite well :P . As far as your suspicions, it most likely was an issue with the connection, were it a rootkit or other infection blocking Malwarebytes' it either wouldn't even have been able to run or wouldn't have been able to update at all (or both) and you probably wouldn't be able to access this site right now. Usually when there are issues like slow updates etc it is caused by a temporary hiccup with the database distribution network that Malwarebytes' uses and is generally corrected quite quickly ;) .
Samuel E Lindsey
Product Manager

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6 Utopian

Utopian

    New Member

  • Members
  • Pip
  • 34 posts
  • Gender:Male
  • Location:Iloilo

Posted 18 May 2009 - 06:49 AM

Many thanks for the info. I hope your right about it, and most likely you are. Still I'd like to know how good Malwarebytes is at detecting/removing rootkits because they are some of the most dangerous threats and since its one of its capabilities so that I could gauge whether to add more to my PC defenses or not. How does it rate in a scale of 1 to 10 in rootkit a)Detection and b)Removal? just in case the worst happens....

#7 GT500

GT500

    Mostly Cantankerous

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 6,250 posts
  • Gender:Male
  • Location:Fortville, IN

Posted 18 May 2009 - 07:41 AM

Thanks for the response exile360. Currently I'm looking for the best rootkit scanner/remover but since malwarebytes does remove rootkits then I don't need look further? If i still need to, could you recommend anything here? In a scale of 1 to 10 how would you grade Malwarebytes at removing rootkits?


Malwarebytes' Anti-Malware is not a dedicated rootkit scanner, and while it can detect and remove many rootkits there is always the possibility that it will miss something (as with all security products from all vendors).

If you want a dedicated rootkit detector, then here are a few links for you:

GMER

Rootkit Unhooker

RootkitRevealer

For we wrestle not against flesh and blood, but against principalities, against powers, and against the worldly governors, the princes of the darkness of this world...


#8 Utopian

Utopian

    New Member

  • Members
  • Pip
  • 34 posts
  • Gender:Male
  • Location:Iloilo

Posted 19 May 2009 - 12:12 AM

I've read that these rootkit removers are prone to false positives and could even destroy a PC thats why I don't like installing just anything. I think I'll just stick with Malwarebytes for now since accdg to exile360 'its pretty darn effective' :P (but he did'nt give me the grade 1 to 10 just how effective it is). I just hope he's right.

In the case that Malwarebytes does find rootkits will it remove them 'cleanly' through the standard removal method, without harming my PC or is there a method specifically for removing rootkits, and if there is where can I find instructions for removing them? Thanks again.

#9 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,163 posts
  • Gender:Male
  • Location:US

Posted 19 May 2009 - 12:29 AM

Yes, using these tools without understanding what they do or how to use them can be detrimental to your system and could even stop it from ever booting again without manually reinstalling Windows. So that's a good decision to stay away from such tools without having a lot of experience on computer internal workings.

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users