Malwarebytes anti-rootkit


Scorecard and Summary

Name: Malwarebytes anti-rootkit
Type: Emergency scanners,
Price:  (free available)

Positive Sides of Malwarebytes anti-rootkit

Free and works against majority of common rootkits. Downloadable updates.

Negative Sides of Malwarebytes anti-rootkit

Still in beta. Multiple files and libraries, which might have problems specific cases. Some of the anti-rootkits are distributed as single executable. The version on the page requires updates even after fresh download.

Malwarebytes anti-rootkit Review Details

Malwarebytes Anti-Rootkit (MBAR) is a rootkit scanner. It is made for searching and removing of rootkits (computer infections that hijack operating system in order to hide Windows Registry entries and existence of other malware files). After a rootkit is removed, it is possible to see hidden files and Windows Registry entries again therefore it is easier to remove other malware infections.

MBAR is effective in removing rootkits belonging to these families and having the following technologies:

  • Kernel mode drivers hiding themselves such as TDL1, TDL2/TDSS, MaxSS, Srizbi, Necurs, Cutwail, etc.
  • Kernel mode driver patchers/infectors, embedding malicious code into core files of an Operating System, such as TDL3, ZeroAccess, Rloader, etc.
  • Master Boot Record infectors such as TDL4, Mebroot/Sinowal, MoastBoot, Yurn, Pihar, etc.
  • Volume Boot Record/OS Bootstrap infectors like Cidox.
  • Disk Partition table infectors like SST/Alureon.
  • User mode patchers/infectors like ZeroAccess.

The most important point is that Malwarebytes Anti-Rootkit is a decent enough alternative for other well-known tools and works on both 32 and 64 bit systems. While one anti-rootkit program might fail, another might pick and disable the parasite that hides malware processes and files.

What  I do not like in a current version is the following. First of all, it is not a single executable, but several ones with a couple of library files. This might cause some problems on heavily infected systems. Additionally, even the freshly downloaded items need updates, which might be impossible on systems where network is blocked completely.


November 16th, 2012 16:55, March 18th, 2015 03:46