Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Some questions on using MalwareBytes


Recommended Posts

1) Speaking hypothetically, lets say that after running a quick scan, MalwareBytes detects 500 infected files. I could get rid of the infection in 1 click by using MalwareBytes' built in removal tool.

I have read elsewhere on the forums that although MalwareBytes can remove infected files, it lacks the ability to disinfect files. I assume that this implies that a file which is critical to the running of a program or Windows itself could be infected and that MalwareBytes will delete this file, rather than disinfect it.

Is the risk of this happening made greater if I run MalwareBytes in safe mode? What about if I were to mount an infected hard drive in an enclosure and then scan it from another machine?

How can I methodically remove an infection whilst ensuring that a system will not be damaged once MalwareBytes has returned the results?

2) After an infection has been removed via the above process, and a computer appears symptomless, can I be sure at this point, that the computer is without an infection? Should I always run two scans with MalwareBytes; One to clean the system and one to ensure that nothing has been left behind?

3) I have also read on the forums that the difference between a full and quick scan is that a full scan will remove dormant traces of an already dead infection as well as dormant infections in system restore points. Is it better to delete all system restore points and make a new one (once I am sure the infection is gone) or just run a full scan in the first place?

4) The suggested advice on using MalwareBytes seems to be that it should only be run in normal mode and that it is useless to run it in safe mode. However, I find that an infection usually prevents MalwareBytes from running in normal mode. In these circumstances, should I run two scans, one in safe mode to get the OS in a usable condition in normal mode and a second in normal mode to remove everything else? Or is there a better way?

5) Since rootkits are able to mask their presence from detection tools in both safe mode and especially in normal mode, it seems that MalwareBytes is not the right tool for dealing with rootkits. Is this right? If so, what tool should I be using instead, perhaps from a bootable DVD or by mounting the hard drive in another machine?

If MalwareBytes does detect a rootkit, what sort of information in the results screen lets me know that it is a rootkit as opposed to some other kind of infection? If MalwareBytes does detect a rootkit, and I remove it using MalwareBytes, can I assume that the rootkit is gone from my system?

Link to post
Share on other sites

Hello Fluffy: :D

Please read carefully, this response is to the best of my knowledge:

  1. If even hypothetically speaking that many infections are detected then the best action would be to seek experts help, like in normal life one consults a specialist
    This is basically the job of your installed antivirus
    MBAM is designed to work effectively in normal mode, as not all the drivers are loaded in safe mode
    At times MBAM alone will not be able to completely eradicate these nastiest leaving behind remnants that require special tools and expert's knowledge. Please read and follow the instructions in I'm infected - What do I do now? An Expert will assist you in removal process
  2. This could be best answered by the helping expert depending on the type of infection, as sometimes removal is not associated with complete eradication and a format and reinstall is recommended
  3. That's correct, but again one must have necessary expertise to ensure system is clean
  4. At occasions experts may ask a scan in safe mode because they have other logs
  5. It would be better not to use any specialized tool at own your as this may lead your system non-bootable

Should you have any other question(s) please post back using MXyBj.png button

Link to post
Share on other sites

  • Staff
3) I have also read on the forums that the difference between a full and quick scan is that a full scan will remove dormant traces of an already dead infection as well as dormant infections in system restore points. Is it better to delete all system restore points and make a new one (once I am sure the infection is gone) or just run a full scan in the first place?

4) The suggested advice on using MalwareBytes seems to be that it should only be run in normal mode and that it is useless to run it in safe mode. However, I find that an infection usually prevents MalwareBytes from running in normal mode. In these circumstances, should I run two scans, one in safe mode to get the OS in a usable condition in normal mode and a second in normal mode to remove everything else? Or is there a better way?

5) Since rootkits are able to mask their presence from detection tools in both safe mode and especially in normal mode, it seems that MalwareBytes is not the right tool for dealing with rootkits. Is this right? If so, what tool should I be using instead, perhaps from a bootable DVD or by mounting the hard drive in another machine?

3. The quick scan is not static and is adjusted over time to deal with all current threats. I have never needed to do a full scan while developing definitions to kill and infection.

4. Normal mode should be used in all cases where our scanner functions normally. If forced to do a safemode scan it would be a good idea to follow with a regular mode scan.

5. Malwarebytes can scan for and remove many kinds of rootkits including ADS and cloaked files. There are certain rootkits that make removal very difficult but this is not the majority by any means.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.