Jump to content

Malwarebytes quarantining it's own files?


Wildcat1981

Recommended Posts

First I downloaded MBAR and ran it on my computer with no changes.  It found the same two threats.  I also ran MBAR on my wife's computer which also has Rollback Rx and it only has Webroot as an AV.  It found one driver as a threat, not the same as either of the ones found on my computer.

 

I was curious so I un-installed Rollback Rx on my computer, rebooted (normal mode), started up mbam, checked the option to turn on rootkit checking and removed all exclusions.  Then I ran a scan and mbam did not detect any threats.  I did not remove either AV, so I feel pretty safe that the problem is with the incompatibility between Rollback Rx and Mbam rootkit detection. 

 

So for now at least, I will just not have Mbam check for rootkits since it makes sense that Rollback essentially works so similarly to a rootkit. 

Link to post
Share on other sites

  • Staff

Interesting case here indeed, Wildcat1981.

I believe the reason why mbam doesn't seem to detect the same after reinstalling Rollback is most probably because, when you reinstalled Rollback, Rollback "accepted" the installed malwarebytes drivers present already. While, before, malwarebytes was updated during the time you had rollback installed and Rollbacks's "monitoring" mode of the "newly installed malwarebytes drivers" at that time most probably caused it to have differences between low level and windows API reads.

 

It wouldn't suprise me that, if you update a program where there are also drivers involved -as in "updating an already installed driver"- that malwarebytes antirootkit scan would detect these drivers as well as "Unknown.Rootkit.Driver", because of Rollback RX - and I am pretty confident that other rootkitscanners would see the same.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.