Jump to content

Malwarebytes causing boot-up problems


Recommended Posts

Just thought I should let you guys know this. I've had five customers in the last week who have told me that Malwarebytes has "broken their computers". They all removed malware with Malwarebytes and found that their computers would not boot into Windows afterwards.

With two of these computers I was able to boot into Safe Mode and restore the files from Malwarebytes quarantine. The computers then booted up normally again and I was able to remove the rootkits/rogueware etc using other methods.

But with three of these computers I could not even get them to boot into Safe Mode. I had to examine the drives under a BartPE environment, replace userinit.exe, delete some other 'rogue' files, edit the registry with ERD Commander and then run bootcfg /rebuild and fixboot to get to a stage where I could actually completely cure the underlying rootkits/rogueware problem.

Don't get me wrong, I'm not complaining. Those five people paid me good money to fix their computers that Malwarebytes had "broken".

I'm only telling you this because I am generally a big fan of MBAM and I don't like people saying that it's not a good program. I think MBAM is an excellent program. But I think it may be a good idea to re-examine the definitions for some of the latest 'rogue' antimalware programs, and also to put some kind of boot-up error warning in the results dialog and Help files if MBAM detects that the userinit.exe file has been compromised.

Link to post
Share on other sites

The issue is that there were other things there that did not get detected or removed, either because they were not in the database they had when they scanned, or because there was an undetected rootkit protecting files. Many infections even replace system files like explorer.exe and userinit.exe so that when they are removed the system will no longer log in or display the desktop.

Chances are that it will be fixed in a database update.

Do you have any HijackThis or ComboFix logs from these systems? Do you have the scan logs from Malwarebytes' Anti-Malware so that we can see what was removed?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.