Malwarebytes
Posted by Zel-kun on June 10th, 2009 filed in Tech TalkI really don’t do enough tech talk here, especially considering my job in IT. So, it’s time to change that.
Yesterday I saw a ticket in our queue indicating one of our users was having trouble with an application crashing her computer. Our coporate image is tightly locked down, and users cannot install programs or make registry changes. As such, it’s fairly rare for one of the approved applications to crash a machine, but it has happened.
I took the ticket and decided to call the user after I finished testing a laptop at my desk. About ten minutes later I overheard someone talking to my co-worker about her machine crashing. I realized it was the user and motioned her over. She had a laptop, so I asked her to get it from her desk and bring it down.
I thought I was in for an easy task, simply re-installing the offending application. She brought the laptop to my desk, and I asked her to login and try to reproduce the error. She was not even able to get that far. After she logged in, she tried to open up Internet Explorer, but Windows would not let her, citing an access violation. At this point, the sirens in my head started to go off, this was going to be much more difficult than I originally suspected.
A moment after that, a Windows security banner popped up saying a Win32.Brontok worm has infected the computer. Being as we disable the Windows Security Center in favor of our proprietary security, I doubted we had the actual Brontok worm.
What we had was malware.
This type of malware is like a virus. It infects your computer without your knowledge and loads your registry down with bogus entries. Oftentimes, the goal is to trick you into buying protection from a virus. Malware is the mafia of software. There’s an uncanny similarity. Malware infects your computer, until you pay to have it removed. The mafia will continue to trash your store until you pay for its protection.
This particular bit of Malware was especially nasty, because it DID crash any application I tried to open, and it prevented me from getting online. Everything I attempted was accompanied by a cryptic error message. I googled the error messages, and if they were all true, this laptop would have had everything from a corrupt system file to cholera.
Because the solutions for those error messages relied on the computer ACTUALLY having those problems, the solutions did not work. The registry entries for the Brontok worm weren’t there, nor were the .dlls for countless other problems the error messages indicated.
I had been working on the machine for nearly an hour when I decided that I’d probably need to rebuild re-image the machine (re-install Windows). It wasn’t that I didn’t want to sit there all day and figure it out, but spending too much time on a single issue is time that could be better spent on other issues and projects. Especially when re-imaging a machine only takes a few hours and is largely unattended.
At this point Tom, a co-worker of mine, suggests Malwarebytes. He said it’s worked well for him recently, and was worth a shot. I went to the website and downloaded it. I put it on my flash drive, and transferred it over to the laptop. I installed it, then headed off to lunch while it performed a full system scan.
When I came back, nearly a dozen error messages had popped up on the computer, some from Malwarebytes. But despite that, the scan was still going, so I let it continue. Shortly afterwards the scan finished and said it needed to reboot.
After the reboot, I logged in with no error messages. I started up IE, again nothing. I loaded up Excel and Word, and launched a dozen new IE windows. Eveything opened without error. I called the user back to my desk and had her try logging on and launching the application that had originally given her the issue. She logged on and opened the application without incident, and was ecstatic that she’d finally be able to get her reports done.
Malwarebytes, you devoloped a wonderful application that is intuitive, professional-looking, and most importantly, works.
Zel-kun out.
June 10th, 2009 at 2:48 pm
I enjoyed this post a lot, and I have a lot of respect for MBAM and the software they produce. It’s effective and I recommend it as part of peoples’ overall security measures.
However, I would like to introduce myself and SUPERAntiSpyware. I’d also like to provide you with a complimentary license for your use and evaluation. If you would like the license, simply let me know an email address to send it to and I will do so right away.
SUPERAntiSpyware was established over 5 years ago, and we now protect over 15 million users worldwide from harmful spyware infections. I’m confident that you’ll find it a powerful tool in your fight against malware.
Thank you very much for the opportunity to introduce myself. I appreciate your time and consideration.
Mike, SUPERAntiSpyware
June 10th, 2009 at 3:10 pm
Hi Mike, I would love the chance to try out SUPERAntiSpyware. I visited the site and it does look fairly comprehensive.
You can email me at jon@zelkun.com
June 8th, 2010 at 8:47 am
[...] back, I wrote a post on Malwarebytes, a malware-removal tool I’ve used. On that post, a gentleman from another tool, [...]