Malwarebytes is a well know piece of software that helps people combat malware infections, usually the obvious ones like Trojans, Worms, and Viruses. These types of malware were almost too common so to make malware more difficult to find, malware developers started to create rootkit viruses.
Basically a rootkit virus is a small piece of software that can hijack your operating system in order to hide the real malware.
This rootkit malware requires more work to find and kill so this is why we need Anti Rootkit software. Previously we have written about a how to use TDSSKiller rootkit software. Both Malwarebytes Anti-Rootkit and TDSSKiller probably would be the absolute best to try and they are both free.
Malwarebytes Anti-Rootkit (MBAR) is free to download and easy to use. This software should detect and remove the rootkit, which in turn will leave the true malware exposed and easier to eliminate.
How To Download And Install Malwarebytes Anti-Rootkit Software
Please note that you should use this software at your own risk and always take precautions when using this type of software.
Even downloading software like this is risky and you should always go to a trusted website to do so. I recommend you download Mbar from bleepingcomputer.com.
Simply download the program and extract its contents to a directory. Saving it to the desktop is the easiest location. Now you can enter that folder and double click on the mbar.exe file or you can access that through your downloads section in Chrome.
You might be asked if you have admin privileges to let the software install, but other than that it is an easy program to install.
The first thing the software will do is update it’s database to get the latest updates to fight the rootkits.
How To Use Malwarebytes Anti-Rootkit Software
Like I said, Malwarebytes Anti-Rootkit is very easy to use, even a non technical person won’t have any trouble.
1. After downloading and installing, double click on the program to open it.
2. The program will start and you will need to press next to start.
3. The first thing the program will do is update it’s database. This is so it is equipped to catch the latest threats.
4. After updating, you can now scan your computer.
5. Malwarebytes anti-rootkit will scan your drivers, sectors, and your system.
See the screenshot below. It is even scanning the MBR on my hard drive and checking for a signature code. It is also checking to see if the partition is bootable. If the MBR is damaged you will soon be seeing MBR error messages when trying to start your computer.
What If MBAR Finds Some Threats?
Firstly Mbar can find and clean up threats for you. But if you quarantine a file, this software does not have it ‘s own quarantine folder so it uses the Malwarebytes Anti Malware folder. Therefore it is best to have the main Malwarebytes software installed first. If you do have a rootkit on your system Mbar has a great chance of finding it, but the program is not fully developed or perfect yet.
If you want to restore a file from the quarantine area you will need to do that through the main program later.
Malwarebytes Anti-rootkit Damaged My Files
Now if Malwarebytes Anti-Rootkit actually finds something it can remove it. But please note that this can sometimes cause file damage which is common when removing rootkits. What files are damaged greatly depends on the intentions of the rootkit virus but Malwarebytes Anti-rootkit comes with another tool. It is called fixdamage.exe and is downloaded along the the main MBAR software.
Therefore to find the fixdamage.exe file, you need to go to the Mbar folder you downloaded first. Hopefully you downloaded the files to the desktop which will make it easy to find.
If not, simple go to your start menu and type in fixdamage. You will see it appear in the menu above. Click on it to run. Press the Y key on the keyboard to continue.
This little program will fix things like your network connectivity, the Windows Firewall no working or starting, and even things like Windows Update not working. These are common services targeted by rootkits.