Rootkits

[Britec]

Malwarebytes Antirootkit is not the same as Malwarebytes, its designed to remove rootkits.

[Beatriz Alma]

Hi Britec :

I did the first one , could temporarilly disable only AVG , Malwarebytes did warnm me , if you disable you will loose your Licensie.

I downloded Malware antirootkit , warned me about rootkit activity before starting look jpg ,  but could not run because the Malwarebytes , how can I temporarily disable without loosing the licensie?

Below the text from aswMBR.

Two years ago my husband deleted some files , maybe that caused the whole thing and we could not update windows sinds then , is XP so now is imposible anyway.

I just found inside Malwarebytes pro , the plugin fixdamage , should I run it? Althoug the Pro don't see the rootkits ?

Thank you .
Gr Bea

[Britec]

You should not lose your licence if you exit out of Malwarebytes Pro. 
Also Windows XP has expired now, which leaves you wide open to all sorts of exploits.


 Malwarebytes Anti-Rootkit (MBAR)

• Please download Malwarebytes Anti-Rootkit and save the file to your desktop.
• Double-click MBAR.exe to run the installer.
• Select a convenient location to extract the contents and click OK.Navigate to the location you selected.
• Double-click MBAR.exe to run the programme.
• Follow the prompts to update the programme and scan your computer.
• Upon completion, click Cleanup*and reboot your computer.
• After the reboot, rerun the programme to verify no threats remain. If threats are still detected, click the Cleanup button once more.
• Upon completion, two logs (mbar-log.txt and system-log.txt) will be created.*Copy the contents of both logs and paste in your next reply.
• Note: Both logs can be found in the MBAR folder.
  
  

[Beatriz Alma]

Hi Britec :
I asked MWB aboute the licensie , they wrote me
To disable the protection when it's already running, right-click the icon in the system tray(by the clock) and select 'Exit'.
To enable it afterwards, open up Malwarebytes Anti-Malware and click the 'Fix Now' button.

I'll try it an run MWB antirootkit as you said , I send you above the aswMBR txt that you asked me .
When starting mwb antirootkit appears :
Registryvalue App Init_Dlls has been found , which may be caused by rootkit activity . Press no if you are not sure , if tool crashes , restart an press yes . Do you want to remove this value and restart the tool ? Which shoud I choose ?

We have programs that only run on XP , that's why we keep it.
Thank you .

[Britec]

Press no, if tool crashes , restart an press yes


You have all your data backed up? because if not, now is the time.

[Beatriz Alma]

O..O you are right , I'll move all D , E anf F data to a portable drive first . The rootkits wil be attached to the data when I copy ?

What ever happends , thak you very much .
We'll donate , your work is very good.

[Britec]

Data should be fine once backed up, you can always scan that drive once its backed up. 
Maybe once your backed up attempt removal of suspected rootkit. 
Did Malwarebytes Anti-rootkit detect anything? do you have the log file? 

[Beatriz Alma]

Not jet , I was busy doing the back up and the MWB Premium started warning me that hid section antirootkit was disconected , you are not protected he said and started scannig ,
Is almos finished then I'll try ,
can I update MWB antirotkit ?
take the internet cable off
deactivate MWB
and the run the MRB antirootkit ?
or the PC has to be conected to the inernet ?

---

I'm running it of line , if the PC still works after , I'll try it online and send you the result

[Beatriz Alma]

Of line he did not find anything , now online

[Britec]

Yeah always update Malwarebytes Anti-rootkit and then run a scan, clean any results found. Reboot then post details.