In the past malware infections typically consisted of worms, trojans,
backdoors, and viruses that were easily detected, and for the most
part, removed. To make an anti-virus program's job more difficult, an
increasingly popular tactic for malware developers is to use a type of
computer infection or technology called rootkits. Rootkits are computer
infections that hijack your operating system so that it does not
properly report the existence of other malware files, Windows Registry
entries, and to make it more difficult to detect other computer
infections that it may be protecting.
Malwarebytes Anti-Rootkit, or MBAR, is a rootkit scanner that
searches your computer for rootkits and then removes them. Once
Malwarebytes Anti-Rootkit removes the rootkit, any files or Windows
Registry entries that the rootkit was hiding will then be visible and be
easier to remove.
MBAR has the ability to target rootkits that belong to the following families or that use the following rootkit technologies:
- Kernel mode drivers hiding themselves, like TDL1, TDL2/TDSS, MaxSS, Srizbi, Necurs, Cutwail, etc.
- Kernel mode driver patchers/infectors, embedding malicious code
into core files of an Operating System, such as TDL3, ZeroAccess,
- Master Boot Record infectors such as TDL4, Mebroot/Sinowal, MoastBoot, Yurn, Pihar, etc.
- Volume Boot Record/OS Bootstrap infectors like Cidox
- Disk Partition table infectors like SST/Elureon
- User mode patchers/infectors like ZeroAccess.
This tutorial will walk you through using Malwarebytes Anti-Rootkit
to remove rootkits from your computer. It will also provide guidance on
how to resolve problems that result from removing these rootkits. If you
have any questions regarding this program, please feel free to ask us
in the AntiVirus, Firewall and Privacy Products and Protection Methods forum.