Malwarebytes: Not just a pretty ‘anti-malware’ face!


malwarebytes logoMalwarebytes Anti-Malware (MBAM) is one of my all time freeware favorites, and I am certainly not alone in that regard – MBAM is one of the most downloaded freeware programs on the planet. Malwarebytes Anti-Malware follows a common ‘freemium’ distribution model, with the free version providing one of the best (if not the best) and most effective on-demand malware scanner/removers available while the paid for version includes the additional security afforded by real time protection.

What many users may not realize is that Malwarebytes also offers two other relatively recent free security tools… Malwarebytes Anti-Rootkit (AKA MBAR) and Malwarebytes Chameleon. MBAR was first released almost 12 months ago and still remains in Beta stage, which may seem a rather protracted Beta period. However, considering the huge and diverse variety of software configurations out there, it would be nigh on impossible for Malwarebytes labs to predict and test for all possible situations, so they rely on users for final testing and feedback… that’s what Beta is all about. Malwarebytes CEO and founder Marcin Kleczynski had this to say:

With MBAR we have been running the open beta now for almost a year successfully, and while there is a small chance specific configurations could pose issues; we are confident for most users MBAR will be extremely effective against any rootkit infections they encounter.

Rootkits are particularly pernicious little devils and removal often involves damage to the system. That’s because rootkits bury themselves deep into the operating system, replacing critical files with those under the rootkit’s control. So it’s not always just a simple matter of identification and removal, it also often involves a certain amount of damage control. I’ve been following MBAR’s progress with interest for some time, I may have even mentioned it here at DCT at some time, but I’ve always wondered why this latest tool was not included as a component or feature within MBAM itself. We now have the answer, coming from Marcus Chung, Executive Vice President and COO at Malwarebytes:

The bad guys have the edge when it comes to rootkits, they aren’t too worried about breaking the host computer, but we are, very much so. Having a separate tool allows us to make absolutely sure we minimize the risk of breaking the host computer.

Marcus also pointed out what now seems pretty obvious, that it’s all about reaction times. Rootkit developers have become adept at quickly morphing their code once they learn that rootkit removers recognize their handiwork. Using a separate tool, MBAR’s developers can react just as fast without any concern of damaging a larger, more complex program like MBAM, and also avoid the logistics of rolling out a new version of MBAM each time.

Makes perfect sense to me.

The second of the two, Chameleon, is (as the name suggests) pretty much Malwarebytes Anti-Malware in disguise. It’s specifically designed to help overcome those times when malware recognizes the security scanner you are attempting to install or run and prevents you from doing so. Chameleon fools the malware into believing it is something else altogether, allowing it to start and hopefully destroy the infection.


Lets’ take a closer look.

Malwarebytes Anti-Rootkit:

Unlike its big brother, MBAR is fully portable. Simply download the 13.1MB zip package available here: http://www.malwarebytes.org/products/mbar/, extract the contents and then double click mbar.exe to run.

The initial screen is merely a warning regarding the Beta situation which we have already covered. Down the left hand side under “Overview ” you will see the steps set out in logical sequence – each click of the Next button will take you through to the following step:

MBAR intro

Update: downloads and adds the latest definitions

MBAR interface - download

Scan System: around 5 minutes to completion on my Win7 64-bit system


MBAR scan

Cleanup: if you are fortunate and your system is clean you will see this

MBAR scan results

In the following screenshot I have highlighted three of the files included in the MBAR folder:

MBAR files

  • ReadMe.rtf – because it contains useful information which you should read through.
  • mbar.exe – to help identify the correct file to run MBAR… and
  • fixdamage.exe – because that is the file you may need to run to fix any damage following identification and removal of an infection

If after running the MBAR, restarting and verifying that the system is now clean of infection you experience other problems, such as lack of internet connectivity then run the tool fixdamage.exe included with the package. It will repair certain system services and settings which are frequently broken by certain rootkits. After running this tool you should always restart your computer even if it does not prompt you to do so.

MBAM is a very effective all-rounder but this little tool is dedicated specifically to the identification and removal of the particularly nasty rootkit family of malware.

Chameleon:

Did you know that, if you have the latest version of MBAM Free installed on your PC, then you already have Chameleon available? Yep, Chameleon is now included in MBAM’s program folder:

chameleon folder

If you find that malware is preventing MBAM from running, simply navigate to and open the Chameleon folder, then click on the executable to run Chameleon:

chameleon execute

If you do not already have MBAM installed and malware is preventing installation, Chameleon is also available as a separate 1.4MB zip download here: http://www.malwarebytes.org/products/chameleon/

History has taught us that the name Malwarebytes is synonymous with excellence in security software, and with these three tools on hand, you should be ready to tackle even the most stubborn of infections.

About the Author

Jim Hillier

Jim is the resident freeware aficionado at DCT. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele... as well as writing for DCT, of course.

There are 13 comments

Comments are closed.