Jump to content

Rootkit found in Malwarebytes' Anti-Malware: hidden Service MBAMSwissArr


Recommended Posts

What do you think about this here?

http://img809.images...arr20130107.jpg

http://imageshack.us...rr20130107.jpg/

When installing Malwarebytes' Anti-Malware 1.70.0.1100, i get this:

ROOTKIT FOUND

A suspicuous object (Rootkit) has been found on your system. This could be a hint to a malware-infection. The object should be deleted instantly.

ROOTKIT-INFORMATION

Filename Rootkit-name

SVC: MBAMSwissArr Rootkit: Hidden service

ACTIONS WHEN FOUND

Delete now (recommended)

Other OK

I deleted it, and Malwarebytes' Anti-Malware 1.70.0.1100 seems to run fine.

But what's about that rootkit in Malwarebytes' Anti-Malware 1.70.0.1100 ?

post-104917-0-38529500-1357551154.jpg

post-104917-0-26886800-1357551175.jpg

Link to post
Share on other sites

Thank you for your fast answer, AdvancedSetup.

Hm, Malwarebytes' Anti-Malware 1.70.0.1100 seems to run fine here.

The only thing that i observe is, that Malwarebytes' Anti-Malware has no longer a startup-entry (for mbamgui.exe) as my old Malwarebytes' Anti-Malware 1.62.0.1300 had it, but Malwarebytes' Anti-Malware 1.70.0.1100 is starting automatically and showing its icon in the system tray, like that one of Malwarebytes' Anti-Malware 1.62.0.1300 before, blue colour icon now instead of red colour before, of course.

What's the hidden service "MBAMSwissArr" is doing exactly ?

Link to post
Share on other sites

  • Root Admin

I'm sorry but we don't go into great detail on how the internal program works. The file though is a driver we use for removing malware.

As I said you have crippled the program and it will not work properly anymore. That was an old method that is no longer used by our program and normally I'd recommend a clean removal and reinstall however I see you have other posts on the forum so you should probably work on those as you have some different things going on.

Thanks

Link to post
Share on other sites

  • Staff

This issue Reported to the Avast Forum. Awaiting Reply. Thread HERE

I've got the same detection, except action taken=Ignore

What version of Avast! was this on? Was this from upgrading from a previous version of Malwarebytes' Anti-Malware or installing it fresh without any previous version being installed? Also, what OS are you using?

Link to post
Share on other sites

Avast detected this through a Scheduled scan. Running a quick scan or full scan with Avast comes up clean. Avast would have been the last installed. Used to have MSE. I have been running Malwarebytes' since version 1.2 something on all my machines.

Thank you for being so cooperative ^_^

Anything I can do to help get this sorted out, just ask, ;)

NOTE: All exclusions added to Avast and Mbam. Re-set scheduled scan to 17:15 hrs or 5:15 pm CST to try to dupilicate this.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.