Page 5 - index
P. 5
(Continued from page 4) efit is the improvement of the system’s perfor-
stealthy type of software, often malicious, de- mance since fewer programs are loaded and run-
signed to hide the existence of certain process- ning. The process is simple, as the file is ready to
es or programs from normal methods of detec- run when downloaded to a convenient location;
tion and enable continued privileged access to no special installation or configuration is neces-
a computer.” MalwareBytes has published a sary, as StartUpLite is ready to run as download-
free “BETA” (pre-release or “not totally refined” ed. Being a “Lite” program, it is small and not very
version) of its Malwarebytes Anti-Rootkit BETA powerful, but it can detect many of the most com-
available for download from
cording to MalwareBytes, “Malwarebytes Anti- sequence. The user needs to be aware that re-
Rootkit BETA removes the latest nastiest root- moving a program from the boot sequence does
kits and repairs the damage they cause. not delete or uninstall the program itself, but only
“Malwarebytes Anti-Rootkit BETA is cutting stops it from loading at boot.
edge technology for detecting and removing the Many users are aware that files that are loaded
nastiest malicious rootkits.” Being a BETA ver- and running cannot be easily removed, as they
sion, a current download has a finite life, with appear to be locked, and inaccessible. File-
an expiration date, preventing the BETA from ASSASSIN is a free utility that can unlock and
being used for a long period of time; once ex- delete any type of locked file on the computer.
pired, a more recent ‘BETA’ version, or even a While legitimate files are often locked because
final version, may be downloaded. Since thou- they are in use, or are critical system files, many
sands of new malware builds appear every day, varieties of malware and viruses are also locked
this anti-rootkit utility needs its digital signature to add a layer of difficulty in their removal; File-
files updated frequently, as several updates are ASSASSIN can unlock and delete these files.
released every day; these updates enable the Since necessary system files are often locked in
anti-rootkit software to detect the latest known order to protect them from accidental (or inten-
rootkits. The scan is very comprehensive, and tional) removal, MalwareBytes includes the fol-
may take quite a while to complete, as it scans lowing warning on the FileASSASSIN website:
the sectors of the hard drive, the installed driv- “Warning: Please use caution with FileASSASSIN
ers (a popular place for malware to hide itself), as deleting critical system files may cause system
operating system files, and the registry. Once errors.” If used with extreme care, FileASSASSIN
the scan is completed, any suspected rootkits can be a very useful utility, but it may not be ap-
are displayed. I recommend checking the box propriate for inexperienced users, as it is too easy
enabling the creation of a restore point prior to to use it to unlock and delete legitimate required
the removal of any rootkits found, just in case a or critical system or data files.
false positive is encountered, and a legitimate Just as malware can lock files in order to make
file is incorrectly identified and removed as a them difficult to delete, malware can also lock
rootkit. The restore point file can be used to registry entries for the same reasons. Some of
bring back whatever was deleted. these locked registry keys have been known to
A common complaint among PC users regards reinstall malware after the actual malware pro-
the slow booting of the computer when turned gram files have been deleted. MalwareBytes of-
on; this is often because too many programs, fers RegASSASSIN as a free utility to unlock
often unnecessary, are being loaded each time these malware placed locked registry entries by
the computer is booted. Not only does this slow utilizing a simple two step process.
the boot process, it also consumes system re- “RegASSASSIN removes malware-placed regis-
sources, such as memory and processor ca- try keys in two simple steps—just reset permis-
pacity, as unneeded programs are always load- sions and delete!” As with the other ASSASSIN
ed and running. Microsoft has a crude but effec- products, MalwareBytes includes the following:
tive startup manager built into Windows, the “Warning: Please use with caution as deleting
“MSCONFIG” command invoked by entering critical registry keys may cause system errors.”
the command from the Start → Run process. The RegASSASSIN file is a tiny 63.7 kB file that
The demand and need for easy-to-use startup is ready to run when downloaded, with no further
managers is so great, that many PC utilities in- installation. The instructions are simple; first, run
corporate a startup manager of some type in RegASSASSIN by clicking on it to open it. The
their products. MalwareBytes is now offering its second and final step is to, “Enter the registry key
free “StartUpLite” from its website at
The sole purpose of StartUpLite is to speed the may not be for the novice, but for the experienced
boot process by eliminating unnecessary pro- user or technician, as it would be too easy to de-
grams from the boot process; a secondary ben- (Continued on page 6)
5
