Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAM rootkit scan shows disabled in logs


  • Please log in to reply
3 replies to this topic

#1 dannyboy950

dannyboy950

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:05:16 AM

Posted 14 November 2015 - 03:01 PM

In MBAM's settings I have rootkit set to scan for rootkits on every scan.

Yet the last 5 or 6 times it ran the logs show rootkit scan is disabled.

 

A glitch or do you think some malware has been able to change it??

Each time it scans it useually finds and quarentene a few things. A few have proved to be false positives. Which is normal for most scanners.  Malware evolves and changes so quickly.


Edited by hamluis, 14 November 2015 - 03:20 PM.
Moved from All Other Apps to AV/AM Software - Hamluis.

HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


BC AdBot (Login to Remove)

 


#2 MoxieMomma

MoxieMomma

  • Members
  • 471 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 14 November 2015 - 04:56 PM

Hi:
 

In MBAM's settings I have rootkit set to scan for rootkits on every scan.
Yet the last 5 or 6 times it ran the logs show rootkit scan is disabled.
 
A glitch or do you think some malware has been able to change it??


There is a known issue with logging that particular setting on some systems; it is due to be fixed with a future build.

If ARK is enabled in the settings, then it is taking place, even if it does not show in the log.

Having said that, there are 2 places to enable ARK (anti-rootkit) scanning.
1 is in the GUI/Dashboard > Settings > Detection and Protection

The other is in the Advanced Settings for the scheduled scan task in the Automated Scheduler.
 

Each time it scans it useually finds and quarentene a few things. A few have proved to be false positives. Which is normal for most scanners.


That is absolutely NOT the case for MBAM, either the ARK or routine malware scanning. False positives are actually few, far between and rapidly fixed by the MBAM Research Team.

 

If you are seeing MBAM hit on files that you think should not be detected (aka "False Positives"), then I suggest the following:

1) First, please read the informational sticky topic HERE.

2) Then, please post the requested information in a new, separate post in the File Detections F/P section of the MBAM forum HERE.

The Research Team will analyze the information and adjust the rules database accordingly, as needed.

 

OTOH, if you think you might be infected, I suggest following @QM7's advice from your other topic HERE, to seek a bit of expert help with scanning and cleanup.

 

Cheers,

 

MM


Edited by MoxieMomma, 14 November 2015 - 05:58 PM.


#3 dannyboy950

dannyboy950
  • Topic Starter

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:05:16 AM

Posted 24 November 2015 - 03:58 PM

Thank you for your reply. A little late I have been busy with other issues. I did recently send an email to MBAM support outlining my issue.

Awaiting a reply as well as a reply from the Malware Forum here.

 

It is hard being patient when the only thing you have left to keep your mind occupied is messing up and unable to fix it.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:16 AM

Posted 25 November 2015 - 05:57 PM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users