Malwarebytes, developers of the popular anti-malware tool, have released a beta version of a new anti-rootkit tool. As we learned from the Malware Report that the Microsoft Malware Protection Center put out last month, rootkits have gone from being theoretical to practical to common. In my organization, I know I have seen plenty of malware infections and rootkits like the TDSS family are sometimes found running in the background, collecting information or downloading more malware constantly. While the Malwarebytes Anti-Rootkit is in beta, it’s a great relief to get another tool in the toolbox to fight infections.
You can download and run the Anti-Rootkit tool at your own risk since it is in beta. In the Malwarebytes blog post announcing its availability, the Malwarebytes team goes on to explain rootkits and how to properly use the tool.
When you download and extract the tool, you run mbar.exe. If their driver is not installed, it will prompt to install it with a reboot. When the computer comes back up and after login, a scan will commence. It scans drivers, hard drive sectors and finally, files, memory and the registry.
After the scan completes, it will prompt for cleanup and can actually repair some of the damage done to the system by the malware. I’m awaiting the next reported infection so that I can give the tool a shot. So far I’ve run it on a few clean computers and had no problems but nothing detected either.