Jump to content

Recommended Posts

A recent scan for hidden registry entries provided 6 hits related to mbamswissarmy.sys. See:

Starting search for hidden objects.

HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MBAMSwissArmy\type

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MBAMSwissArmy\start

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MBAMSwissArmy\errorcontrol

[NOTE] The registry entry is invisible.

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

C:\WINDOWS\system32\drivers\mbamswissarmy.sys

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MBAMSwissArmy\displayname

[NOTE] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MBAMSwissArmy\Security\security

[NOTE] The registry entry is invisible.

This was detected while my free, unregistered version of mbam was not open, and no mbam process was running.

I cannot find the file mbamswissarmy.sys anywhere on my hard drive. It certainly is not among the mbam program files and is not in the windows/system32/drivers folder either.

Am I infected with some sort of malware?

Link to post
Share on other sites

Greetings :)

Please open Malwarebytes Anti-Malware and begin a scan (it can be a Quick scan or a Full scan, your choice) and while the scan is running, mbamswissarmy.sys should be present in C:\Windows\System32\drivers. MBAM simply removes the file when it isn't using it and then replaces it again when it is using it for a scan.

Link to post
Share on other sites

Greetings :)

Please open Malwarebytes Anti-Malware and begin a scan (it can be a Quick scan or a Full scan, your choice) and while the scan is running, mbamswissarmy.sys should be present in C:\Windows\System32\drivers. MBAM simply removes the file when it isn't using it and then replaces it again when it is using it for a scan.

I did, and that's exactly what happened. Thanks for the information and reassurance. Very clever!

Link to post
Share on other sites

  • 6 months later...

I tried to locate the mbamswissarmy.sys in C:\Windows\System32\drivers on my Windows 7 64-bit laptop while running a free Malwarebytes scan but it doesn't appear. How do I find it? I'm trying to add the file to the Malwarebytes BartPE plugin by following the instructions here: file:///C:/pebuilder3110a/plugin/MalwareBytes%20Anti-Malware/MalwareBytes%20Anti-Malware.htm

Link to post
Share on other sites

I tried to locate the mbamswissarmy.sys in C:\Windows\System32\drivers on my Windows 7 64-bit laptop while running a free Malwarebytes scan but it doesn't appear. How do I find it? I'm trying to add the file to the Malwarebytes BartPE plugin by following the instructions here: file:///C:/pebuilder3110a/plugin/MalwareBytes%20Anti-Malware/MalwareBytes%20Anti-Malware.htm

Greetings and welcome :)

Currently we do not officially support using Malwarebytes Anti-Malware in any PE/bootable form or environment. That being said, mbamswissarmy.sys does not exist on x64 Windows versions.

I hope that clears things up for you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.