Malwarebytes Anti-Rootkit Beta
Posted: Wed 12 Dec 2012, 07:18
I downloaded and ran latest free Malwarebytes Anti-Rootkit Beta in my Windows machine some days ago. Mbar told that there is probably some rootkit activity because of some appinitdll's and asked permission to remove them. After scan I have to remove 'betterinstaller.exe' which was malware according Mbar.
Couple days later I found that I have problems with flash video when I use any Trident browser: no full screen. I found also browser periodically unresponsive. I run Microsoft Fixit, restored IE settings and removed couple of programs I have lately installed but problem remained.
Many hours later Mbar Beta was my primary suspected. I use restoration point which Mbar created when it removed 'bi.exe malware': No effect. Then I used earlier restoration point done by Microsoft update: Full screen was back. I installed all Microsoft Updates available and video was OK and browser responds.
Reliable Kaspersky Anti-rootkit utility TDSSKiller found nothing but stupid me. I ran again latest Malwarebytes Anti-Rootkit Beta and removed appinitdll's it asked to do but not 'betterinstaller.exe' which was now safe. IE full screen video was gone but I got it back after using Microsoft update restoration point.
Conclusion: bi.exe could be adware and rare antivirs detect it as adware according Virustotal, but Mbar was real malware which broke my system. It's okay because it asked my permission before it did it.
Couple days later I found that I have problems with flash video when I use any Trident browser: no full screen. I found also browser periodically unresponsive. I run Microsoft Fixit, restored IE settings and removed couple of programs I have lately installed but problem remained.
Many hours later Mbar Beta was my primary suspected. I use restoration point which Mbar created when it removed 'bi.exe malware': No effect. Then I used earlier restoration point done by Microsoft update: Full screen was back. I installed all Microsoft Updates available and video was OK and browser responds.
Reliable Kaspersky Anti-rootkit utility TDSSKiller found nothing but stupid me. I ran again latest Malwarebytes Anti-Rootkit Beta and removed appinitdll's it asked to do but not 'betterinstaller.exe' which was now safe. IE full screen video was gone but I got it back after using Microsoft update restoration point.
Conclusion: bi.exe could be adware and rare antivirs detect it as adware according Virustotal, but Mbar was real malware which broke my system. It's okay because it asked my permission before it did it.