Rootkit Tool From Malwarebytes.org

Robert Leaman · Post by **Robert Leaman** » 21 May 2013 3:37 pm

This is a good tool from Malwarebytes. It looks for rootkits, displays them, and cleans them. Although this is a beta version, it has operated well on my computer for a month without any problems. There is an update feature that downloads new definitions and automatically updates the program. Rootkits can be extremely difficult to find and even more difficult to remove. Malwarebytes has a very good reputation but it will best to read the information available at the following website.

http://www.malwarebytes.org/products/mbar/

Bent Romnes · Post by **Bent Romnes** » 22 May 2013 5:30 pm

Robert I DL'd it and tried it by doing a scan and no rootkits were found on my system. So I guess the only way to find out if it works is if you do have a rootkit and the scanner finds it and gets rid of it.
I wonder if Wiz might shed some light on this and if it works as intended.

Wiz Feinberg · Post by **Wiz Feinberg** » 22 May 2013 6:27 pm

Rootkits are meant to be invisible to the user. They are put there to protect other malware from complete removal by security tools. The rootkit itself doesn't usually do an awful lot on its own. The other software it protects is what does the bad stuff.

If your computer becomes infected with malware that you try to remove, yet it keeps returning, look for a rootkit big brother.

Rootkits hook into the Windows kernel and add functions to it. It hides its own presence so that it can stay alive to protect the malware that it is linked to.

In addition to rootkits there are bootkits. Bootkits hook into the boot sector of your hard drive, which gets relocated up the drive. They take control as the system boots up. Again, these are hidden from the user and are there to protect other malware.

The best way to detect and remove boot and root kits is by booting from a separate bootable drive that contains a mini-operating system and a portable anti-boot/root kit scanner. By scanning your hard drive when it is dormant, the normally hidden kits are exposed completely and can be eliminated. Bootkits are removed by overwriting the master boot record with a fresh copy from either a LiveCD, or the operating system installation media, or by relocating the original sector 0 back to where it belongs.

Microsoft has released an offline scanner that gets updated every 10 days (I think), which can detect and remove bootkits and rootkits, as well as ransomeware and viruses.