OFFICIAL SECURITY BLOG
November 15, 2012 | BY Adam Kujawa
Did you know the term ‘malware’ refers to more than just viruses and worms? Did you know that there are types of malware that infect your system at so deep a level that the operating system doesn’t even realize they are there? Did you know that some malware could make the files, services and running processes associated with its operations invisible? This kind of malware is known as a rootkit and it is a serious problem in today’s computer security world. Many antivirus solutions have a hard time even detecting rootkit activity, let alone removing it. To answer the call in the fight against rootkits, Malwarebytes has taken up arms and introduced a new soldier in the cyber-war. Meet Malwarebytes Anti-Rootkit.
Malwarebytes Anti-Rootkit, as you will find out in this blog post, is a very useful and powerful tool. However, it is currently in a BETA status, meaning that we are still testing it out and making sure that it works across all operating systems and with all users, it also means that we cannot guarantee that the software will perform error free. In saying that, there might be a chance that using this software could damage your system and you should use it AT YOUR OWN RISK. If you do decide to use this tool in its current state, you are agreeing to the terms of our license agreement, included with the software as “License.rtf”.
Please be sure to backup any valued data you have before you proceed to use this tool, just as a precaution. Finally, Malwarebytes bears no responsibility for issues that may arise during use of this tool, however all reasonable efforts will be made by Malwarebytes to assist in recovery should the need arise. Thanks!
A rootkit is a special type of malware that embeds itself deep into the operating system at a level that allows it to manipulate the information the operating system sends back to the user as well as applications. This means that rootkits can completely control the operating system as well as hide any presence of its existence.
Rootkits have been around for about 20 years and were originally developed for non-malicious purposes and not even for the Windows operating system. As the years progressed, it became apparent to cyber-criminals that the employment of rootkits was the way to go, and therefore, we have rootkit malware like ZeroAccess and Rustock.
The biggest issue with rootkits, beyond their intended operations, is how to get rid of them. See, rootkits embed themselves into the operating system in such a way that allows many legitimate and important function calls and data to be passed through their oversight. Think of it like a hard-water filter installed on your water pipe system right outside of the point where the water enters your house. If you tried to remove that filter, you would then have a problem with your water correctly getting into your house. In the same regard, if you removed a rootkit, you might inadvertently break some vital functionality of the operating system; in the worst case, it might even make your system un-bootable.
To put our foot down and fight back against stubborn rootkit malware, Malwarebytes has developed a new product designed specifically for the detection and removal of rootkits: Malwarebytes Anti-Rootkit.
At a high level, this is what Malwarebytes Anti-Rootkit, or ”MBAR”, can do for you:
Malwarebytes Anti-Rootkit scans your systems drivers, hard drive sectors, and system files to seek out rootkit activity and remove it from your system. This means that MBAR will delve into the dark crevices of your system where rootkits like to hide and disrupt their ability to link into the operating system and modify data, disrupt system calls, etc.
Once it removes the links, it will use the Malwarebytes Anti-Rootkit engine to detect all additional rootkit files and set them for removal. After this, the system will require a restart that allows Malwarebytes Anti-Rootkit to remove the malware before it has a chance to embed itself into the system again.
In the distant past, malware consisted of a few viruses that destroy data and worms that try to spread malware as far as they could. In those days, a simple antivirus/anti-malware solution would be the answer for nearly all computer security issues. However, currently we deal with much more advanced, targeted and nefarious types of malicious software such as rootkits. Therefore, it is necessary to be able to protect your system against these threats that conventional antivirus/anti-malware solutions cannot.
In addition, think back to the water filter analogy, where breaking the connection between the water filter and the pipes could cause serious damage to the water system. Malwarebytes Anti-Rootkit not only removes the rootkits or evil water filter but also repairs the damage it made to the system by reestablishing links and fixing vital services that had been modified by the rootkit, in essence it ensures that your water is flowing. It does this with a tool known as fixdamage.exe that is included with the Malwarebytes Anti-Rootkit ZIP file.
So now that you know what a rootkit is, what Malwarebytes Anti-Rootkit can do about them and how it does it, naturally want to try it out for yourself. To do this, just click the link below and download the ZIP file containing Malwarebytes Anti-Rootkit and read on to find out how to use it.
Here is a step-by-step breakdown on how to use Malwarebytes Anti-Rootkit.
11. After your reboot, you should run MBAR again to ensure that all infections have been removed from the system.
Keep in mind that Malwarebytes Anti-Rootkit does not require an installation of Malwarebytes Anti-Malware and makes it a great tool for quickly disinfecting the systems of your friends and family on the fly if they can’t install Anti-Malware because of the rootkit blocking them. Put it on a USB stick with an up to date definition file or onto a CD with other valuable tools.
This product will always be updated and upgraded in order to have the best chance of taking out the bad guys and defeating rootkits as they come out. If you want to help in this fight, please do, by letting us know on our forums what kind of experiences you have had with MBAR and even how you think it might be better. Thanks for reading and stay safe!