Jump to content

Can MBAM disinfect files?


Recommended Posts

I don't think it disinfects. Normally when a system file is infected, it's best to restore a backup of that file instead of trying to disinfect it, but I'm not even sure that MBAM does that. Try a forum search, and see what you find.

I have noticed a couple of times reference to "restore a backup of that file". How is this done please? I know about System Restore, but are you referring to an individual file?

Link to post
Share on other sites

I have noticed a couple of times reference to "restore a backup of that file". How is this done please? I know about System Restore, but are you referring to an individual file?

The System Restore is one way. There are also backups made when Service Packs are installed that can be restored, but I think ComboFix is the only tool I've seen that will restore them (note that ComboFix is a tool that should only be used under the direction of an expert, and not something to play around with on your own).

I don't see these backups used very often. Maybe exile360, or one of our other volunteers knows more about it.

Link to post
Share on other sites

  • Staff

If you're talking about a system file that was replaced/modified by malware and MBAM removed it, you can use the Recovery Console to restore it. A good basic tutorial can be found here: How To Restore System Files Using Recovery Console

If a file is removed by MBAM, it does create a backup and can be restored using MBAM's interface, but if the system is unbootable, there would be no way to use MBAM to restore it because it's backups are encrypted so you wouldn't be able to use an offline disc like Bart's PE/WinPE to do the job. Your only hope in that case would be the Recovery Ronsole or System Restore. In Vista, as long as you have a Vista disc to boot from you can use System Restore offline, if you're using XP you'd have to have Microsoft's ERD 2005 (AKA MS D.a.R.T.): MS Diagnostic and Recovery Toolset 30 day Trial or another tool that works similar like Avanquest's Fix-It Utilities Which has the same offline functionality for accessing System Restore points.

Link to post
Share on other sites

If you're talking about a system file that was replaced/modified by malware and MBAM removed it, you can use the Recovery Console to restore it. A good basic tutorial can be found here: How To Restore System Files Using Recovery Console

If a file is removed by MBAM, it does create a backup and can be restored using MBAM's interface, but if the system is unbootable, there would be no way to use MBAM to restore it because it's backups are encrypted so you wouldn't be able to use an offline disc like Bart's PE/WinPE to do the job. Your only hope in that case would be the Recovery Ronsole or System Restore. In Vista, as long as you have a Vista disc to boot from you can use System Restore offline, if you're using XP you'd have to have Microsoft's ERD 2005 (AKA MS D.a.R.T.): MS Diagnostic and Recovery Toolset 30 day Trial or another tool that works similar like Avanquest's Fix-It Utilities Which has the same offline functionality for accessing System Restore points.

Thanks for all of this information. I only downloaded Malwarebytes a yesterday so I am not sure what to do with it so am learning from the forum. I have only done two scans so far with MBAM and am still trying to figure out what to do with the results. I had a message of one virus which I believe was a tracking cookie. I could not get MBAM to remove this into the quarantine file and did not know whether it was safe to delete this, so I ran a Spybot Search and Destroy and a Ccleaner, then another scan with MBAM and that scan was clear, so I believe that I have removed the file. As you can see I am not sure how to use the programme.

mbam_log_2009_02_05__12_51_36_.txt

mbam_log_2009_02_05__12_51_36_.txt

Link to post
Share on other sites

  • Root Admin

Hello and Welcome to Malwarebytes.org

If you're having Malware related issues with your computer that you're unable to resolve.

  1. Please read and follow the instructions provided here: I'm infected - What do I do now?
  2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
  3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.
  • Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
  • Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
  • Using these other tools often makes the cleanup task more difficult and time consuming.
  • If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
  • Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
  • There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review
  • NOTE: If for some reason you're unable to run some or any of the tools in the first link, then skip that step and move on to the next one. If you can't even run HijackThis, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.
Link to post
Share on other sites

  • Staff

I'll give you an example of how MBAM works. I was testing some malware in my VM (Virtual Machine) and the infection was infecting all the executable files on the system with a worm. I scanned with Malwarebytes' and it picked up and removed the source of the infection, but didn't detect or delete the infected exe's (good thing as the system wouldn't function without them). I did a scan with Kaspersky and it disinfected the infected exe's without deleting them. Based on the types of threats and use of Malwarebytes' this makes perfect sense, as file infectors by definition are classic "viruses" and should be caught/removed by any antivirus worth it's salt. In case you were wondering, the trojan that was the source of the infection was detected and removed by MBAM while Kaspersky missed it. A prime example of Malwarebytes' doing it's job to fill in the gaps of what antivirus software misses.

Another note: Often with system files a backup can be recovered by using the SFC tool in Windows. Instructions on the usage of SFC can be found here: System File Checker How To's

Link to post
Share on other sites

Hello everyone.

I was wondering if MBAM can "heal" files infected with something, or can it only delete the offending file?

Thanks in advance...

The present version does not have the ability to try to heal anything, no. At this time, MBAM's only option is to delete the offending file and replace it with a known clean copy. At this time, we don't do any of the replacing, that's upto you. Various individuals have already posted methods that can be used to restore various specific files.

If you have any other questions, you are certainly welcome to ask anytime! One of us will be happy to assist you in any way we can.

Link to post
Share on other sites

I don't see these backups used very often. Maybe exile360, or one of our other volunteers knows more about it.

My favorite tool is running windows xp as a repair disk

http://www.michaelstevenstech.com/XPrepairinstall.htm

Now that SP3 has finally been released

http://www.winsupersite.com/showcase/xpsp3_slipstream.asp

these techniques are fairly simple and user friendly

Yoda said "Do or do not. There is no try."

Link to post
Share on other sites

  • Staff

Thanks for adding that Chewy. I usually neglect this method myself due to all these darn "recovery discs" the oems like to ship now instead of real OS installation CD's, but it's great when possible.

I keep the extracted i386 folder from the standalone SP3 on a flash drive for use with sfc, too bad that method doesn't work with Vista (just extracts an installer and a bunch of .cab files).

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.