Jump to content

Recommended Posts

New user running MBAM free on XP pro SP2+. Everything works just fine, and when I run a scan, this event pops up in the system event log:

Event Type:	InformationEvent Source:	Service Control ManagerEvent Category:	NoneEvent ID:	7035Date:		2008-12-07Time:		08:49:00User:		**********\AdministratorComputer:	**********Description:The MBAMSwissArmy service was successfully sent a start control.

It looks fine to me, so I tried to trace this service using Windows and Sysinternals tools, but this seems to be impossible.

So, where is it? Rootkit? :D

Link to post
Share on other sites

MBAMSwissArmy is actually a driver, not a service so it loads as a driver would load and wouldn't show up in the system under installed services. Perhaps somehow it is designed to run as a hidden service, but you'd have to ask one of the developers about that. I run the free version as well and have never found any hidden processes loaded by MBAM and as far as I know, the drivers load on demand when you start the program. In fact, the only component I've found from MBAM that loads on boot is the context menu handler which allows you to right click a file or folder and scan it with MBAM. The drivers MBAM loads as far as I know are actually used to remove rootkits/trojans etc.

Link to post
Share on other sites

It is loaded at scan time and unloaded afterwards so as to be lightweight. The file is mbamswissarmy.sys in your System32\drivers folder, feel free to have a look at it. :)

Yes indeed, you are right, and it does appear in the list of drivers in Process Explorer, but only during the scan. Thank you.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.