Jump to content

Anti-Rootkit Slow to Start


Recommended Posts

Hey I've noticed some behaviour with MBAR, which I'm not sure if it's normal. After Malwarebytes Anti-Rootkit found a Virus (Trojan.Agent) in WinRAR, I wiped my system and reinstalled everything. Now I have been running scans with MBAM and MBAR every day both in Safe Mode and in Standard Mode, it didn't find anything.

Right now I'm noticing that MBAR does start very slowly. Like I click the icon and it takes about 1 to 2 Minutes for the program to show on my screen, when I tried to start scanning it took an eternity as well, but it is scanning right now.

I did scan with MBAM beforehand and it didn't find any viruses. MBAR is finished now as well and didn't find anything. Do I need to be worried anyhow?

Link to post
Share on other sites

Hi, @LookingforAnswer, and :welcome:

I just verified and I show no long delay running it here, and my system install is all of 3 days old.  So, a couple of questions to verify info:

  1. What operating system are you running?
  2. When you say you wiped your system and reinstalled everything, is that a drive format and reinstall the operating system and programs?
  3. Are you running MBAR from the desktop (default location for extraction), or another location?
  4. (Assuming you have Vista+) Are your UAC settings set to default, or have you modified them in anyway?

That should help get the ball rolling.

Link to post
Share on other sites

I manually installed it as a subfolder to MBAM. Btw right now it started normal and quick in Standard Mode Windows

From Top to Bottom the folder contains:

[Data]
[imageformats]
[Languages]
[Plugins]
dda.dll
License
master.conf
mbam.dll
mbamcore.dll
mbamdor
mbamnet.dll
mbar
mbar.dll
[bunch of scan logs]
msvcp100.dll
msvcr100.dll
QtCore4.dll
QtGui4.dll
Readme
system-log

Data contains:
[Configuration]
actions.ref
rules.ref
swissarmy.ref

Configuration contains:
build.conf
config.conf
database.conf
local.conf
manifest.conf

imageformat contains:
qico4.dll
qicod4.dll

Languages contains:
English.lng

Plugins contains:
fixdamage

Another question if I am at it, does MBAR only detect rootkits or does it detect other stuff as well? Like the Trojan.Agent I had, was it necessarily a rootkit?

Link to post
Share on other sites

Might try keeping it in a folder that is not under program files / program files (x86).

As for detection, well, my understanding is that MBAR is aimed solely at rootkits, MBAM is aimed at mostly malware, but some rootkits as well, and MBARW is aimed solely are Ransomware.  However, it would not surprise me if there is overlap between the products.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.