Malwarebytes quarantining it's own files?


First I downloaded MBAR and ran it on my computer with no changes.  It found the same two threats.  I also ran MBAR on my wife's computer which also has Rollback Rx and it only has Webroot as an AV.  It found one driver as a threat, not the same as either of the ones found on my computer.


I was curious so I un-installed Rollback Rx on my computer, rebooted (normal mode), started up mbam, checked the option to turn on rootkit checking and removed all exclusions.  Then I ran a scan and mbam did not detect any threats.  I did not remove either AV, so I feel pretty safe that the problem is with the incompatibility between Rollback Rx and Mbam rootkit detection. 


So for now at least, I will just not have Mbam check for rootkits since it makes sense that Rollback essentially works so similarly to a rootkit. 

  • Staff

Interesting case here indeed, Wildcat1981.

I believe the reason why mbam doesn't seem to detect the same after reinstalling Rollback is most probably because, when you reinstalled Rollback, Rollback "accepted" the installed malwarebytes drivers present already. While, before, malwarebytes was updated during the time you had rollback installed and Rollbacks's "monitoring" mode of the "newly installed malwarebytes drivers" at that time most probably caused it to have differences between low level and windows API reads.


It wouldn't suprise me that, if you update a program where there are also drivers involved -as in "updating an already installed driver"- that malwarebytes antirootkit scan would detect these drivers as well as "Unknown.Rootkit.Driver", because of Rollback RX - and I am pretty confident that other rootkitscanners would see the same.

