Jump to content

RootKit Detection of version 2.0 to prior versions


Recommended Posts

In the past 2 months or so, I have had about 15 people come to me saying that they were told their computer is infected. Note that I am in no way a malware expert. Prior to version 2.0, MBAM was always able to find rootkits. With these users, it is usually the zeroaccess rootkit that is the problem.

 

Out of the 15 users, 12 of them used versions prior to 2.0, because it wasn't released yet. Every time, MBAM was able to find the rootkit and remove it. The other 3 users are running version 2.0 and MBAM doesn't find any rootkit. For these users, I have ensured that "Scan for rootkits" is checked in the "Detect and Protection tab".

 

I usually use 2 other McAfee rookit programs that can detect the zeroaccess rootkit. With these users running version 2.0, the McAfee programs do detect the rootkit, but are unable to remove. For some reason, MBAM isn't even detecting it. Is anyone aware of any problems with the 2.0 version of MBAM in regards to this?

Link to post
Share on other sites

I guess now that I think about it, in the MBAM logs, the viruses were always identified as Trojans or Malware.Packer, something along those lines. But after removing those, the viruses were gone. My apologies on that one.

 

I don't think these are false positives. The users usually get notified by the security team. All these users are connected to the same network and they forwarded me the emails as they are usually flagged for zeroaccess. So I'm not sure what is going on.

 

Maybe I should have the users run the 1.75 version and see what MBAM finds?

Link to post
Share on other sites

OK, so going back to the original issue, out of 15 users, 12 used v 1.75 and found the threat to be something along the lines of a Trojan, or Malware Packer, correct?

 

And 3 other users running 2.00 did not find anything when scanning the same items of interest?

Link to post
Share on other sites

There are some older variants of ZeroAccess that Malwarebytes Anti-Malware 1.75 was capable of detecting, but most often it cannot fully remove them. Malwarebytes Anti-Malware 2.0 with rootkit scanning enabled should be able to deal with them.

If your users continue to have issues, assuming you are a business customer as seems to be indicated by the information you've provided, please don't hesitate to contact our Business Support Team directly and they will assist you in diagnosing and if needed, cleaning the machines of any malware they might contain.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.