On Thu, 18 Dec 2008 23:02:41 GMT, Dustin Cook <bughunter.dustin@gmail.com>
wrote:

>M.L. <me@privacy.invalid> wrote in
>news6tjk41bbfuljaookfkosko830la5r8jlv@4ax.com:
>
>>>>>> By the way, certain variants of the AV2008/AV2009 bug are now
>>>>>> blocking MalwareBytes from being installed on infected machines.
>>>>>> Normal workarounds (changing the name of the installation file,
>>>>>> trying to install in Safe Mode, etc) seem ineffective. I'm sure
>>>>>> you're aware of this already, but thought I'd mention it.
>>>>>
>>>>>We are aware of this. It's actually a TDSS rootkit variant that
>>>>>typically gets installed along with AV2008/2009 that is blocking us.
>>>>>Once the driver is disabled however, we own it pretty quick.
>>>>
>>>> How would one disable the rootkit driver?
>>>
>>>There are several methods of disabling it. It's a system level driver,
>>>so depending on the version, you can ask windows to unload it. I'm
>>>sorry about the evasive answering, but I really can't go into details.
>>>
>>>A handy cd that can usually disable the rootkit for you:
>>>
>>>http://www.free-av.com/en/tools/12/a...ue_system.html
>>>
>>>Use that cd first, then you can take advantage of MBAM and various
>>>other utilities of it's nature.
>>
>> Thanks for your prompt reply. I already have that CD, so know I know
>> when to use it to its advantage.
>
>They update it constantly. It's most advised to use the newest you
>possibly can.

Another option would be to use the F-Secure rescue CD that will download
the latest signatures when it is booted so you don't have to keep
downloading a new CD image to get up_to_date protection. The obvious
drawback is that it requires an internet connection to do this, but most
people are already connected and the F-Secure rescue CD does a pretty good
job of identifying and using the connection.

http://www.f-secure.com/linux-weblog...-301-released/