For Computer Security, Can Malwarebytes Do the Job?

This is a sponsored post written by me on behalf of Malwarebytes. All opinions are 100% mine.

While I am writing this, a sick, but beautiful, custom-built ASUS desktop is running behind me. It belongs to a client and is normally used by his teenage daughter. It is running a full Malwarebytes scan.

In the past, she has had infections on her computers twice that I know of. The first time was on an older HP, which was running Norton Virus Protection. At that time I normally carried a USB stick with RKill and the free version of Malwarebytes on it. I had found that Malwarebytes, by itself, did a good job of picking up things that other popular applications missed, but the addition of RKill to stop harmful processes before running a scan seemed to be more effective. So I plugged in the stick, ran the two apps, and cleaned her computer. The next time she had a problem, it was with the new ASUS, and this time she had McAfee installed. Again, I was able to find things with Malwarebytes that had got by McAfee.

I am not saying anything bad about either Norton or McAfee. None of the popular anti-malware programs will catch everything. These two examples just happened to be the programs she had installed or that came with her computers.

For Computer Security, Can Malwarebytes Do the Job?

So when her father called me with indications that something was wrong again, I stopped by to check out her security. After cleaning the last infection, I had installed Microsoft Security Essentials in place of McAfee, which was about to expire anyway, and the free version of Malwarebytes. Lately, I have been recommending this combination for several clients and it seems to work well for them. MSE gives realtime background protection and a manual scan from Malwarebytes every now and then keeps the game honest. Since I am rather cheap, I have no experience with the paid version of Malwarebytes, but I suspect the realtime aspects and other features make it an effective primary security agent.

By the way, if you download a copy of Malwarebytes (or anything else!), always check the URL to see where it is coming from. If you do not do this simple check, you could end up with a surprise. Enabling the Web of Trust (WOT) in your browser is also a good thing. Careless clicking has got me the Babylon toolbar twice — you might think I would have learned after the first time!

The latest version of Malwarebytes comes with Chameleon, which does away with the necessity of running RKill first. Chameleon has the ability to attempt to run and kill harmful processes using a variety of aliases to fool malware that could be looking to stop things from getting in their way. Assuming that Chameleon runs okay, it will attempt to update Malwarebytes and then run a quick scan. This is okay, but for serious work, I interrupt the quick scan and select the full scan option. Remember that Chameleon only stops harmful processes temporarily. It must be followed immediately by a real scan.

This is what I did at the clients’ house, but since I did not have time to wait for the scan to complete, the father said he would watch it and, if it found anything harmful, he would delete them. The next day I called and asked how it went. He said that Malwarebytes found “several things” and he deleted them. I asked if he had noted the names of any. He did not. I asked if any were Trojans. He did not know, but the computer was working well now. I told him to call if anything else went wrong.

For Computer Security, Can Malwarebytes Do the Job?

Two days later he called. The ASUS was intermittently rebooting and Firefox was stopping operation at random times. That is not much to go on, so I told him it would be best if I simply brought the bad boy home and looked at it more carefully. Then I asked when they first started seeing problems, since several months ago it had been working correctly. He said that it had been acting funny for maybe a month.

When I got the ASUS home, the first thing I did (with it in isolation) was to attempt to restore the system to a time earlier than a month ago. The system only had four restore points and they only reached back three weeks. Hmm…

So that is why the scan is proceeding behind me. I wanted to watch the process myself. Another surprise was a popup window warning me that Microsoft Security Essentials service was stopped. The computer was at risk. Hmm…

So what will I do if the Malwarebytes scan returns with no malicious software found? I will likely remove the hard drive and install it as an external drive on a test computer so that I can run other anti-malware scans on it. The last resort will be to scrub the hard drive and re-install Windows. I prefer not to do that, but sometimes a clean start is best. Let us pray Malwarebytes works its magic again. This blog must be posted shortly, so I will not be able to report the results today. The scan has taken over an hour so far. It is a pretty computer. I hope it will be okay.

In a future post, I will be more specific about the failure rates of various popular anti-malware applications — free and paid. Several sites specialize in testing and reporting results. There is a distribution of scores for various tests, but there’s some clustering at the top performance by the usual suspects. Unfortunately, the analysis of malware protection is not as trivial as saying program X found more of the test infections than program Y. When evaluating anything, we just naturally prefer a single parameter, but life, and fighting malware, is more complicated. Suffice it to say that I have seen nothing yet to dissuade me from the combination of MSE backed up with the free version of Malwarebytes. An exception might be to use the paid version as the primary protection.

The folks from Malwarebytes will be covering the famous DEF CON (hacker convention) from July 26 – 29th, 2012 at the Rio Hotel in Las Vegas on Twitter as well as their security blog, Malwarebytes Unpacked. There, you’ll also find a new three-part series, Phishing 101, that may teach you a few things about this rampant problem and how to avoid becoming an unwitting victim of some scammer’s plots and schemes.

Article Written by

  • Dustin Harper

    I never use just one program when removing an infection. It doesn’t work that way. You have to use the right tool for the job. Malwarebytes is very effective and is my #1 go to program. However, it doesn’t fix everything. Sometimes, you need other programs (TDSS Killer, ComboFix, UnHide, etc..) to completely remove an infection. But, Malwarebytes is definitely worth the entry cost (free trial, but I grabbed a full version).

    I don’t think there are any programs out there with a 100% effective rate. Some can detect but not clean a certain virus while others can’t even detect it. Some can clean up that specific one but leave others on the machine… You just have to use the right tools for your infection.

    • sdeforest

      And you have put your finger on why a single number cannot describe the effectiveness of a particular application. In your litany of tools, let us not overlook the feared regedit. Sometimes you just have to go into the registry.

  • Jason

    Malwarebytes is great and by far the best program I recommend to family and friends when they call for their computer emergencies. I have a MAC now primarily because it was always a chore to have to run multiple programs to clean up my then PC every few weeks. I love computers and technology but for me I want it to be fun so I wanted something a little less fussy. I get calls several times a week and malwarebytes is still the best recommendation I can make. Great article btw!

    • sdeforest

      Another option is to use Linux. Neither it nor a MAC is immune to infections, but there are fewer of them for obvious reasons: there are more PCs to attack. I will have to try to full Malwarebytes program.

  • aw3som3

    with minimal skill computer users, seriously malicious hackers will try to create space on their harddrive, remotely, so that this now to this hacker available space can be used to store and execute tasks as well as functions. similar to a bot computer then, very scary things can be done via that device, and I’m talkin the unmentionable and all of the internet.

    • sdeforest

      That is an important point–effective hacking need not take a genius, just a person with bad intent.

  • http://www.facebook.com/bitemore.gfotwo Bitemore Gfotwo

    I’ve been using Malwarebytes (actually, both my roomie and I use it on all our computers) for about four years. We’ve had Linux and Windows (XP and & 7) and Malwarebytes has worked beautifully on all of them all the time. We use the paid version. It is NOT expensive, and, considering that with more expensive AV/Firewall software we always had viruses invade, and it hasn’t happened with Malwarebytes, well… what is not to like?

    • sdeforest

      i agree. It is a great product. I intend to write some more about it.

  • zitiboat

    Just some thoughts…
    I moved to Jacksonville, Florida recently and the only choice for internet was ATT-Uverse because I was just outside CLEAR WiFi reach.
    Twice At&t downloaded a troubleshooter application for their propriety Gateway modem/router.
    TWICE I HAVE HAD CRASHES AND CONNECTIVITY ISSUES immediately following. Reboots crash before the welcome screen sometimes and others as soon as my WiFi adapter gets plugged back in indicating the problem is in the adapter settings.
    Windows7 calls home to Microsoft and fixes the adapter settings after 2 or 3 attempts to network fail. Next time I will skip the “High Priority” recommended download.

    Another thought; I Beta tested PESTPATROL:
    http://www.softpedia.com/get/Antivirus/PestPatrol.shtml
    way back in 1998 because of a Lockergnome recommendation before the dollar ruled the recommendations and have 7 licenses that I use to bring back to life severely infected (1127 infections found) machines for family and friends that like to play online poker. I got it free but at $29.95 it is a REAL bargain. That many infections takes about 6 hours to deep scour out but for lighter malware trouble a scan averages 8-9 minutes.
    Tell ‘em zitiboat approves this one.

    • sdeforest

      Did you use only one type? You have to be careful about using anti-malware programs that butt heads, but it can be done.

  • Nick Dellorto

    I love MalwareBytes. I think it’s overall the best thing you can get for your computer. If you look at like Norton, McAfee, the other ones whose names I don’t remember… they have different products specifically for AntiSpyware, for Security, for Antivirus, where as MalwareBytes protects you from anything. It’s never failed me like the others sometimes have.
    My cousin asked me to help him fix his laptop, which had tons of rootkits, trojans, and rogue antispyware on there. In Safe Mode I got MalwareBytes running and from there it managed to take care of it all. Not to mention, it’s free, and it protects my PC too.

    • sdeforest

      I agree with everything you said, but I would go another step further. As good as it is, Malwarebytes cannot find everything, so I still use at least two different systems. But then I am a bit paranoid about infections. I have seen a lot of nasty things on clients’ computers, most of which had some type of protection.

  • http://www.facebook.com/gregalderco Greg Alder

    This is good! Thanks for posting

    • sdeforest

      Thank you for the comment

  • Ben

    Four observations: (1) No anti-malware product is going to be 100% effective 100% of the time. If there was such a product we’d all be using it. (2) Because of #1 it is mandatory that more than one on-demand scanning tool be used to supplement the primary real-time monitoring tool.* (3) Using something is better than using nothing at all. (4) No anti-malware product will protect a careless user. If someone insists on using a torrent or P2P site, visiting adult sites, etc be prepared for malware.**
    *Malwarebytes Pro with real-time monitoring was designed to play nice with other real-time monitoring products. It’s OK to ignore the usual rule of not having two real-time monitors running at the same time.
    **Not saying that all users of torrent or P2P sites are doing anything illegal. Just saying you don’t know what kinds of crap OTHER people are letting you download. And that doesn’t mean they are deliberately doing something wrong. They could have been infected by someone else and don’t realize it. And so on and so forth.

  • http://netsperience.org decibel_places

    Ever since someone recommended Malwarebytes, it has been my ultimate weapon against malware; coupled with Spybot and Avast AV, I keep a clean machine

    • sdeforest

      See my next post for some links to YouTube videos showing the power of these combinations.

  • sdeforest

    I agree with everything you wrote.

  • http://www.facebook.com/andreathepenguin Andrea Ivins

    I too find that using the combination of Rkill, Malwarebytes (free version), and MSE work wonders in cleaning an infected system. It is pretty neat that we have come to the same conclusion when defeating malware. I will say that after all scans have finished and if Windows still doesn’t work right, I also run an up to date scan with Combofix. Nice blog! I am a new fan! -Andrea

    • sdeforest

      Thank you for the comments. Combo fix is a nice final try before reinstalling Windows. I like the report it puts out.