Malwarebytes Anti-malware – Removes malware that others don't

Even the best anti-virus and anti-spyware tools miss things. Malwarebytes Anti-malware has a good reputation for cleaning up some of the things that other tools don't.

//

Was it an oversight that you left Malwarebytes out of your list software in What software do you use?

Nope.

That article was about software that I use frequently and have installed on most or all of my Windows-based PCs.

I do recommend Malwarebytes Anti-malware often – almost daily, in fact. But I don’t run it that often myself.

To understand why I might actually recommend something that I don’t use frequently, we need to understand Malwarebyte’s role and how it fits into my view of the war against malware.

It’s not an anti-virus tool

The folks in the Malwarebytes forums are quick to point out that Malwarebytes Anti-malware isn’t a substitute for anti-virus software. In fact, if you run Malwarebytes Anti-malware, you’ll see that they explicitly recommend that you run anti-virus tools in addition.

I run (and recommend) Microsoft Security Essentials as my anti-virus tool.

It’s not quite an anti-spyware tool

Another characterization that you’ll not find anyone using is calling Malwarebytes Anti-malware an anti-spyware tool.

What Malwarebytes Anti-malware has a great reputation for is simply this: removing malware that other tools miss.

While that’s perhaps the closest or least inaccurate characterization, I’ve noted that the folks at Malwarebytes avoid calling it that. In a sense, the term is too vague anyway; to the extent that most people think of “spyware,” it’s also perhaps too limiting.

So, I also run (and recommend) the same Microsoft Security Essentials as my anti-spyware tool.

So just what is Malwarebytes Anti-malware?

As it turns out, Malwarebytes is hard to pigeon-hole. It has characteristics of both anti-virus and anti-spyware tools and it certainly removes things that we might consider viruses and spyware, and yet it’s not really a complete solution for virus protection, although perhaps it’s close to a solution for anti-spyware.

And yet – those terms just don’t cover or characterize the tool properly.

Hence, it’s an anti-malware tool.

Why I recommend it

What Malwarebytes Anti-malware has a great reputation for is simply this: removing malware that other tools miss.

The nature of the race against malware means that no single anti-virus or anti-spyware tool is going to detect and remove every possible infection. No tool is perfect.

When faced with someone who suspects or has all the indications of their machine being infected with malware of some sort, my instructions almost always boil down to this:

  • Run an up-to-date anti-virus scan, making sure that both the anti-virus tool and its database are as up-to-date as possible.
  • Run an up-to-date anti-spyware scan, making sure that both the anti-spyware tool and its database are as up-to-date as possible.
  • Consider running a scan using the free Malwarebytes Anti-malware tool.

That last line is there simply because experience shows that even up-to-date scans with good anti-virus and anti-spyware tools can still miss things, things that Malwarebytes Anti-malware will sometimes catch.

Running Malwarebytes Anti-malware all the time

Like many anti-spyware and anti-virus products, the PRO version of Malwarebytes Anti-malware can be installed and instructed to run regularly scheduled scans.

There’s absolutely nothing at all wrong with that. Used in addition to a good anti-virus program, it provides an added layer of security. Even though it overlaps in some ways with anti-spyware tools, running it in addition to one of those may also be a reasonable solution. It’s possible (although I have not confirmed) that it’s not unreasonable for MalwareBytes Anti-malware to take the place of an anti-spyware tool.

That’s just not how I use it, and it’s not the scenario that I end up recommending. Nothing against that scenario; it’s just not the way I use Malwarebytes.

Why Malwarebytes Anti-malware isn’t installed on my machine

Put a different way, I consider Malwarebytes Anti-malware a great on-demand solution, and I run it only when I feel I need to.

If I suspect that there is malware of some sort on my machine, then I absolutely grab the latest version of Malwarebytes Anti-malware and scan the heck out of my machine.

I just don’t bother installing it until I run into that situation. Fortunately for me, that doesn’t happen very often.

Unfortunately for others, however, it does, and as a result, Malwarebytes Anti-malware is something I mention to people almost daily.

Malwarebytes Anti-malware.

I recommend it.

There are 15 comments:

  1. Ben Reply

    I feel like I should add something to this discussion; MalwareBytes is known by most malware designers, and many malware programs (such as fake AV scanners) will actually block malwarebytes from being installed. There are ways around this, of course. Sometimes it is as simple as renaming the setup file; other times it isn’t.
    I highly recommend keeping malwarebytes installed pre-emptively and regularly updated, to ensure there is one less headache when you need to do a removal.

  2. Kevin Reply

    Good plain article Leo. Have run MBAM for 4 years now and it has never found anything. But I do run 4 other “On Demand” and they have not either. I, as you have ob. worked out believe in the “Tiered System” of scanning. But have used MBAM on other comp’s and found it very effective. 2 others I would recommend to most people are SAS and Hitmanpro. Suppose you can never be too careful. If any failure there is always the image backup :-)

  3. Lynn Reply

    FYI, Malwarebytes Anti-malware just released an update for its free version (1.65.0.1400). I also use Malwarebytes Anti-malware in the same manner as Leo. I use Bitdefender 2011 as my primary AV software, but I still want a second software company to use as an occasional check. Today the updated Malwarebytes Anti-malware found a file it flagged, and Bitdefender had not flagged.

  4. jimeee Reply

    Perfectly explained Leo. I also use Microsoft Security Essential and have SuperAnitSpyware running actively and both MSE and SAS runs a scan every night. Then on weekends I clean my computer and registry with CCleaner and I scan with Malwarebytes Antimalware too. Maybe that is a little overkill but a few times over the years my computer has just about been wiped out by the “bad stuff.”…haha…

    Keep up the great work and thanks for being there for us lessers in the computer world.

    Jim
    ===

  5. Gabe Reply

    I’ll second Ben’s point. While Leo won’t need it on his computer because he’s capable of getting it on there if needed, most casual users who come to me and want me to fix their infections are another story. If I work on a client’s (read:friend or family member) computer, I do like Ben suggests and install it as a premptive measure. I also remove any shortcuts to it, including the start menu entry because if I don’t, 6 months from now when they re-discover it they think it’s something bad due to its name being so ridiculous. I do the same with HijackThis.

  6. CPMJohn Reply

    After recently suffering an attack by Trojan:Win32/FakeSysef, a couple of Exploits and more, I ended up (luckily) at bleepingcomputers.com. One of their associates helped me through the complex procedures of eliminating everything. Near the end, I used Malwarebytes (free) to catch pum.hijack.startmenu and others. I was advised to buy MBAM Pro and run it along side of MS Sec Ess, which I did. Two weeks later I got an email supposedly from my nephew’s wife with a “family message.” Acutally, we have a google family doc so I thought nothing of opening it. Blamo, MBAM immediately popped up and isolated an attacker…never did “hear” from MSSE. I also was running MSSE when I got the original attack. The bleepingcomputers agent advised me, because I asked about the value of MSSE, that he sees the same attacks from those using McAfee, Norton, etc. In fact, he uses MSSE…plus MBAM Pro. Folks, I saw the evidence with my own eyes. Petaluma, CA

  7. BAW30s Reply

    This is sheer heresy, I know, but after years of experience I’ve come to the tentative conclusion that these security products are generally more trouble than they are worth. Most of the time I check suspect files with on-line scans like Jotti before running them and use Comodo Time Machine or Horizon Rollback to return to a previous system state if my computer is compromised. These, unlike System Restore, are generally not affected by malware and offer a pre-boot screen for when a system has become unbootable. The effects of rootkits these days can be so insidious and severe that generally antiviruses neither prevent them nor reverse their damage. ComboFix has generally worked best for me after the event, but the system is still often never quite the same after the attack.

  8. Bill Trail Reply

    Leo,
    I’ve got 13 years in the virus removal business just south of Atlanta, Georgia. You’ve helped me before – and really saved my bacon – for which I’m always so grateful.
    Here’s my secret formula for virus removal with pc’s that will, at a minumum, boot up to a desktop.
    1. RKill
    2. ComboFix
    3. MalwareBytes
    4. SuperAntiSpyware
    5. cCleaner
    6. Glary Utilities – only an old version 2.41 or older
    7. Defraggler
    8. Agent Ransack
    9. Revo Uninstaller
    10. UNHIDE – it’s also at Bleeping Computer’s web site
    11. Microsoft Malicious Software Removal Tool
    12. Microsoft Security Essentials – every word of Leo’s comments about MSE are valid.
    All except Glary Utilities are no better than the last time they were downloaded and updated. These software tools change and improve as do the viral threats we all face. They change almost by the minute.
    Leo, you’ve avoided recommending ComboFix just like everybody else – even including it’s author, Lawrence Abrams… who also authors Rkill. I’ve had it bite me one time in all of the five years I’ve used it and we’re talking about thousands of repair jobs. ComboFix is the only reliable tool I have in my tool kit right now for combating ROOT KITS and BOOT KITS. These horrible versions of viruses are the most formidable of all the threats we face. And most root/boot kit removal tools are, for me anyway, just about as horrible to use. Thank goodness for ComboFix and for all the good work Lawence Abrams and sUbs do, not to mention their world class website at BleepingComputer.
    I only put in my two cents worth today because all of you, including Leo, have for some reason, left SuperAntiSpyware out of the more general Malwarebytes discussion.
    I would not ever run Malwarebytes without also running SuperAntiSpyware… both immediately after running ComboFix.
    Leo, you’ve repeatedly said that no single tool is adequate in this never-ending fight. Please tell your audience that is never more true than with the dual combination MWB and SAS – what one misses the other picks up. You would not DARE return a pc to a customer – not in Atlanta, any way – after only running one or the other. I don’t own any stock in any company or have any affiliation with anything mentioned here today.
    And lately, Leo, if there’s time I also run the free on-line scans at eSet and F-Secure, sometimes Bit Defender and/or Trend Micro’s Housecall. I always want a 2nd, 3rd, 4th, or 5th opinion when dealing with computer cancer. You know what I mean.
    The FBI says there are upwards of 1,200 new viruses or “viral threats” coming into the Internet every hour. Add to that the email tricks, the downloaded music tricks, the infected USB key a friend brings over to your house, on and on and on. The threats are constantly changing. The tools I use to TRY to stay up with these changing threats change too. So if you talk to me 5 years from now I’ll probably be recommending a completely different soup of tools that have evolved along the way. But for now, this is what the Soup Nazi recommends if you love your computer and your information.
    And update update update every day. Except for Glary Utilities none of these tools and scanners are any better than the last time they were updated. The problem with recent versions of Glary are for another day and another discussion.

  9. AnnJ Reply

    Wow! After reading all these comments, I have only one word for you all – BACKUP.

  10. Paul Pousson Reply

    I use Malwarebyes with Webroot’s Spysweeper and have had no problems. I keep them both on my computer always running. Happy Camper!

  11. Ron M Reply

    Considering the proliferation of malware and its increasing sophistication I’m surprised no one has mentioned Microsoft’s own EMET program. Should be considered a front line defense against 0 day attacks.

    This is what Microsoft says about it. “The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult to perform as possible. In many instances, a fully-functional exploit that can bypass EMET may never be developed.”

    It has been highly recommended by some for all computer users.

    Cheers from Aus, Ron M

  12. steven Reply

    to Bill Trail
    I stopped using super anti spyware, because it only seems to find cookies, which I always delete before I turn off the machine. I have Glary utilities installed and have no problems. I often use combofix and never had any problems, except when I forgot I set the machine to CHKDSK /F. on the next boot. Just select last known configuration in one of the loops and start over. Bob Rankin also does not mention combofix. it is safe and I am not know why it is not mentioned on either site.

  13. Doug W Reply

    Your advice to grab/install Malwarebytes (MWB) when malware is suspected on a machine can be problematic if the malware prevents access to the Internet in general or specifically anti-malware or AV sites. I’ve run across that a number of times over the years. Sometimes it’s a matter of removing a proxy set up by the malware; other times that isn’t the problem. Having an updated version of MWB already on the machine avoids that issue. Using the Pro proactive version is even better – blocking the malware from getting on the machine in the first place.

  14. JustInspired Reply

    I use a combination of Avast Free and Malwarebytes Pro. Malwarebytes doesn’t do scheduled scans on my PC; it is running in real time and will actively block infected websites and downloads.

  15. Hazel Reply

    I’ve been running Malwarebytes for the last two years as part of my regular weekly PC cleanup. I update it every time. In those two years, it has never found or deleted anything – the report at the end of the run is always “No items found”. Not that I’m complaining… but I find it hard to believe that my computer is totally free from malware, spyware or whatever, so perhaps I’m missing something?

    Depends on what you do with your computer, but even though I’ve never had a malware infection, I still run anti-malware tools that continue to tell me I’m not infected. Best to be safe for that one slip-up you hope never happens.

    Leo
    18-Oct-2012

Leave a reply:

Before commenting please:

  • Read the article. Seriously. You'd be shocked at how many people make comments that prove they didn't.
  • Comment only on the article. If you have a new, unrelated question start with the search box at the top of the page.
  • Don't post personal information. Email addresses, phone numbers and such will be removed.

VERY IMPORTANT: because of a rise in comment spam that's making it through our filters any comments that do not add to the discussion - typically off topic or content-free comments - run a very high risk of being flagged as spam and removed.

If you have a new question unrelated to the article above, ask it on the Ask Leo! ask-a-question page.