Anyone know how to get the rootkit scanner to work, some code does not work which prevents the rootkit scanner from loading in Malwarebytes
The following comments are owned by whoever posted them. We are not responsible for them in any way.
Back to Threads Reply to Thread
Anyone know how to get the rootkit scanner to work, some code does not work which prevents the rootkit scanner from loading in Malwarebytes
You should really read my article on the Tips & Tricks section. I have the very faint idea that MBAM might be scanning your bottle anyway.
The rootkit scanner makes sense on a live system where you suspect that a rootkit might be installed and loaded in memory. What you're doing, or should be doing with MBAM running in CrossOver is basically the equivalent of scanning a system using a live CD like the Kasperky Rescue disk.
My point is that if you don't understand how this works, it's probably better that you leave it well alone. If you want this for scanning your Linux system you're better off using a supported solution like the one from ESET.
Silviu Cojocaru on 2014-04-16 10:59
A Windows rootkit scanner that scans a live system will not be able to work in CrossOver, just like a Windows rootkit will not work in CrossOver. CrossOver does not have a Windows kernel(*). It maps Win32 user level API calls to Unix user level API calls. There's only a Unix kernel (Mach or Linux) running. A Windows rootkit works by manipulating a Windows kernel. There is no Windows kernel, so there will be no Windows rootkits. As such, a scanner that pokes around in the (nonexistent) Windows kernel won't work.
That said, you're not immune to malware with CrossOver. A well-written malware could detect that it is running in CrossOver and attack the Linux or Mach kernel instead. For this you need a Linux or OSX rootkit scanner.
What can work though is an offline scanner, which scans a system that is not being executed.
(*) Actually, we do have a process that emulates a Windows kernel, but only in a very limited fashion: It's good enough to load some copy protection drivers. No data is sent through the fake kernel, and many inner workings that are required for rootkits do not exist.
Tho if you were to mount a Windows system and wanted to scan it
"Tips & Tricks section" Those are for the older version 1, I am asking about version 2.0.1.1004, everything else works (in free version) I even get a Icon in the menu bar
You don't need a special "rootkit" scan to do what you want to do. On Windows systems that type of scan will look at running processes (among other things) and determine whether a rootkit is installed and active... with a system that is offline, such as the case of mounting an NTFS partition which contains Windows on it, there is no need for that type of scan.
I honestly have not looked into version 2.0 and I probably won't. The T&T article serves as a guide for advanced users and it's a "try it at your own risk" kind of deal. I do not, under any circumstance, advocate running MBAM with Wine or CrossOver.
CrossOver Forums: the place to discuss running Windows applications on Mac and Linux
