Besides the general functionality of allowing a user to detect and remove rootkits automatically, Malwarebytes Anti-Rootkit contains a set of tools allowing to an experienced user to perform some actions to locate unknown rootkits and remove them manually. To protect itself from being terminated by a rootkit or other malware, MBAR uses Malwarebytes Chameleon technologies which prevent modification or removal or MBAR by malware which may reside on the system. This allows MBAR to complete the detection and removal process regardless of such attacks. MBAR uses an active internet connection to keep its database up to ensure that the most current definitions are used in order to detect and remove the latest 0-day rootkits.
Malwarebytes Anti-Rootkit has been tested and proven to be effective against the following types of rootkits:
Kernel mode drivers hiding themselves, like TDL1, TDL2/TDSS, MaxSS, Srizbi, Necurs, Cutwail, etc.
Kernel mode driver patchers/infectors, embedding malicious code into core files of an Operating System, such as TDL3, ZeroAccess, Rloader, etc.
Master Boot Record infectors such as TDL4, Mebroot/Sinowal, MoastBoot, Yurn, Pihar, etc.
Volume Boot Record/OS Bootstrap infectors like Cidox
Disk Partition table infectors like SST/Elureon
User mode patchers/infectors like ZeroAccess.
And many more!
Malwarebytes Anti-Rootkit is a stand-alone application but it shares some features of Malwarebytes Anti-Malware which may or may not be already installed on the computer, though certain functions dealing with ignore listing and managing the quarantine may only be available if Malwarebytes Anti-Rootkit is installed.
Malwarebytes is not responsible for issues that may arise during use of this tool, however all reasonable efforts will be made by Malwarebytes to help you recover any data, if it is necessary.
What's New in This Release:
This version includes fixes for several issues including the BSOD/incompatibility with Dell Desktop and some other third party software and removal of traces of certain ZAccess variants it previously was unable to.