M.L. <me@privacy.invalid> wrote in
news:kuohk4p1usr3b92rq7fdsehasgkn0pojrh@4ax.com:

>>> By the way, certain variants of the AV2008/AV2009 bug are now
>>> blocking MalwareBytes from being installed on infected machines.
>>> Normal workarounds (changing the name of the installation file,
>>> trying to install in Safe Mode, etc) seem ineffective. I'm sure
>>> you're aware of this already, but thought I'd mention it.
>>
>>We are aware of this. It's actually a TDSS rootkit variant that
>>typically gets installed along with AV2008/2009 that is blocking us.
>>Once the driver is disabled however, we own it pretty quick.
>
> How would one disable the rootkit driver?

There are several methods of disabling it. It's a system level driver, so
depending on the version, you can ask windows to unload it. I'm sorry
about the evasive answering, but I really can't go into details.

A handy cd that can usually disable the rootkit for you:

http://www.free-av.com/en/tools/12/a...ue_system.html

Use that cd first, then you can take advantage of MBAM and various other
utilities of it's nature.





--
Regards,
Dustin Cook
Malware Researcher
MalwareBytes - http://www.malwarebytes.org