Jump to content

Malwarebytes Anti-Rootkit version questions


Recommended Posts

For thought having problems with Malwarebytes Anti-Rootkit check the version. I have come across fake Malwarebytes Anti-Rootkit version on website. EXP (mbar-1.09.4.1001.exe) The only true version is from this web site.

Hope this help you as well the support team with tickets and emails. 

Screen Shot from Real and Fake.

Real & Fake.png

Edited by DrThrax
Link to post
Share on other sites

  • Staff

It sounds like you have Malwarebytes Anti-Malware version 2.x installed, with self-protection enabled?

Create and obtain Farbar Recovery Scan Tool (FRST) logs

  1. Download FRST and save it to your desktop
    Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
  2. Double-click to run FRST and when the tool opens click "Yes" to the disclaimer
  3. Press the "Scan" button
  4. This will product two files in the same location (directory) as FRST: FRST.txt and Addition.txt

Please attach both those logs, FRST.txt and Addition.txt in your next reply.

Link to post
Share on other sites

  • Staff

Thanks for the logs. I've not seen the error you mentioned with Malwarebytes 3.2, only with older versions of Malwarebytes Anti-Malware.

We can first try to run MBAR in Safe Mode.

  1. In Normal Mode, click on Start > Settings (or press the Windows key + I) 
  2. Click on Update & security 
  3. Click on Recovery , then under 'Advanced startup' click on 'Restart Now'.
  4. When the computer restarts, click on Troubleshoot.
  5. On the next screen, click on Advanced Options.
  6. On the next screen, click on Startup Settings.
  7. On the next screen, click on Restart.
  8. After the computer restarts, you will be on a "Startup Settings" screen.
  9. Press the number 5 on your keyboard.
  10. The computer will restart into Safe Mode with Networking.

Once in Safe Mode with Networking, try running a scan with MBAR version 1.09.4.1001

If it succeeds, please attach the two logs created, in the mbar folder:

mbar-log-2017-xx-xx(xx-xx-xx).txt (where xx-xx(xx-xx-xx) is the date and time of the scan)
system-log.txt

If there is still an error while trying to run MBAR in Safe Mode, let's run a new scan with FRST, from within the Windows 10 Recovery Environment.

You will need a USB drive for this next step, and a copy of the FRST tool on the USB drive

  1. In Normal Mode, click on Start > Settings (or press the Windows key + I) 
  2. Click on Update & security 
  3. Click on Recovery , then under 'Advanced startup' click on 'Restart Now'.
  4. When the computer restarts, click on Troubleshoot.
  5. On the next screen, click on Advanced Options
  6. Select Command Prompt, Windows will restart.
  7. Select your normal user account, and enter your password (if you have one)
  8. In the command window type in notepad and press Enter.
  9. The notepad opens. Under File menu select Open.
  10. Select "Computer" and find your flash drive letter and close the notepad.
  11. In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  12. Note: Replace letter e with the drive letter of your flash drive.
  13. FRST will open
  14. When FRST opens click Yes to disclaimer.
  15. Press the Scan button.
  16. It will make a log (FRST.txt) in the flash drive. Please attach it to your reply.

 

 

Edited by tetonbob
Link to post
Share on other sites

  • tetonbob changed the title to Malwarebytes Anti-Rootkit version questions

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.