DP's Security Bits

Introduction

In the past malware infections typically consisted of worms, trojans, backdoors, and viruses that were easily detected, and for the most part, removed. To make an anti-virus program's job more difficult, an increasingly popular tactic for malware developers is to use a type of computer infection or technology called rootkits. Rootkits are computer infections that hijack your operating system so that it does not properly report the existence of other malware files, Windows Registry entries, and to make it more difficult to detect other computer infections that it may be protecting.

Malwarebytes Anti-Rootkit, or MBAR, is a rootkit scanner that searches your computer for rootkits and then removes them. Once Malwarebytes Anti-Rootkit removes the rootkit, any files or Windows Registry entries that the rootkit was hiding will then be visible and be easier to remove.

MBAR has the ability to target rootkits that belong to the following families or that use the following rootkit technologies:

• Kernel mode drivers hiding themselves, like TDL1, TDL2/TDSS, MaxSS, Srizbi, Necurs, Cutwail, etc.
• Kernel mode driver patchers/infectors, embedding malicious code into core files of an Operating System, such as TDL3, ZeroAccess, Rloader, etc.
• Master Boot Record infectors such as TDL4, Mebroot/Sinowal, MoastBoot, Yurn, Pihar, etc.
• Volume Boot Record/OS Bootstrap infectors like Cidox
• Disk Partition table infectors like SST/Elureon
• User mode patchers/infectors like ZeroAccess.

This tutorial will walk you through using Malwarebytes Anti-Rootkit to remove rootkits from your computer. It will also provide guidance on how to resolve problems that result from removing these rootkits. If you have any questions regarding this program, please feel free to ask us in the AntiVirus, Firewall and Privacy Products and Protection Methods forum.

http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-rootkit/