Malwarebytes Anti-Malware PortableTo make Malwarebytes' Anti-Malware portable is more difficult, as it does NOT run from a USB-Stick by just copying the application directory! Two system files (mbam.sys & mbamswissarmy.sys), two registered libraries (mbamext.dll & ssubtmr6.dll) and one registered ActiveX control (vbalsgrid6.ocx) are mandatory!
Malwarebytes Anti-Malware execution behavior:
* Three objects have to be registered: mbamext.dll, ssubtmr6.dll and vbalsgrid6.ocx
To do so, use the command regsvr32.exe "path\file" (use switch "\s" for 'silent')
(The files are located in the application directory)
* Two system files have to exist:
C:\WINDOWS\system32\drivers\mbam.sys
C:\WINDOWS\system32\drivers\mbamswissarmy.sys
(These files are copied there during install and you have to take them with you)
* Necessary directories are created automatically:
%ALLUSERSPROFILE%\Application Data\Malwarebytes\
%ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\
%USERPROFILE%\Application Data\Malwarebytes\
%USERPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\
%USERPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\
%USERPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\
* Necessary files (definitions) are created upon update:
%ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\ignore.dat
%ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\news.txt
%ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
(Further files like logs are created during operation)
* Settings are saved in registry (HKCU\Software\Malwarebytes' Anti-Malware)
Making Malwarebytes Anti-Malware portable:
* Install
* Copy application directory to any location you like
* Copy mbam.sys & mbamswissarmy.sys from "C:\WINDOWS\system32\drivers\" anywhere you like, to take them with you (eg. the copied application directory)
* Uninstall
* Remove the uninstall files (unins000.dat, .exe & .msg) from the copied application directory if you like
* Take the application directory anywhere you like
* On the host machine copy mbam.sys & mbamswissarmy.sys to "C:\WINDOWS\system32\drivers\"
* On the host machine run:
regsvr32.exe "DRIVE:\PATH\mbamext.dll"
regsvr32.exe "DRIVE:\PATH\\ssubtmr6.dll"
regsvr32.exe "DRIVE:\PATH\\vbalsgrid6.ocx"
(You will be notified about registration success (or errors), use switch "/s" for silent registration.)
(You need admin rights for registration to succeed. Do this from an admin account or with elevated rights)
* Run "mbam.exe" from the application directory (not mbamgui.exe)
Batch to automate the necessary preparation on the host machine:
(Assuming that all mentioned files, including the batch, are located in the same directory)
Code:
COPY "%CD%\mbam.sys" "C:\WINDOWS\system32\drivers\mbam.sys"
COPY "%CD%\mbamswissarmy.sys" "C:\WINDOWS\system32\drivers\mbamswissarmy.sys"
regsvr32.exe "%CD%\vbalsgrid6.ocx"
regsvr32.exe "%CD%\ssubtmr6.dll"
regsvr32.exe "%CD%\mbamext.dll"
(Remember: Administrative rights needed. Use switch "/s" for silent registration)
Traces left on host system and how to clean up:
Malwarebytes' definition files, logs etc. are quite small (below 2MB) wich is small enough, but the system files and settings in registry should be removed anyway and the registered objects should be unregistered in any case!
This leaves us for complete clean-up with:
* DELETE: "%ALLUSERSPROFILE%\Application Data\Malwarebytes"
* DELETE: "%USERPROFILE%\Application Data\Malwarebytes"
* DELETE: "C:\WINDOWS\system32\drivers\mbam.sys"
* DELETE: "C:\WINDOWS\system32\drivers\mbamswissarmy.sys"
* DELETE: HKCU\Software\Malwarebytes' Anti-Malware
* UNREGISTER: regsvr32.exe /u "DRIVE:\PATH\vbalsgrid6.ocx"
* UNREGISTER: regsvr32.exe /u "DRIVE:\PATH\ssubtmr6.dll"
* UNREGISTER: regsvr32.exe /u "DRIVE:\PATH\mbamext.dll"
Batch to automate clean-up:
(Assuming that the batch is located in the same directory as the registered objects. WinXP cmd only! Use DELTREE in DOS instead of RMDIR.)
Code:
RMDIR /S /Q "%ALLUSERSPROFILE%\Application Data\Malwarebytes"
RMDIR /S /Q "%USERPROFILE%\Application Data\Malwarebytes"
DEL "C:\WINDOWS\system32\drivers\mbam.sys"
DEL "C:\WINDOWS\system32\drivers\mbamswissarmy.sys"
REG DELETE HKCU\Software\Malwarebytes' Anti-Malware /f
regsvr32.exe /u "%CD%\vbalsgrid6.ocx"
regsvr32.exe /u "%CD%\ssubtmr6.dll"
regsvr32.exe /u "%CD%\mbamext.dll"
(Remember: Administrative rights needed. Use switch "/s" for silent unregistration)
Additional remarks:
* As mentioned, you need administrative rights at least for objects (un)registration, but you should do any malware scanning and cleaning from an administrative account or at least with elevated rights anyway!
* For both applications there is cleaning done in the "Application Data" directory. Unfortunately the name of this directory is language dependent (it is named differently in some - but not any - non-english Windows locales), eg. in german (as for me), it is called "Anwendungsdaten". You have to change this in the batch files if you are executing them such a system.
In the case of the %USERPROFILE%, the "%USERPROFILE%\Application Data\" directory can be addressed directly by the %APPDATA% variable, but this does not hold for %ALLUSERSPROFILE%. There is no way to address %ALLUSERSPROFILE%\Application Data\ directly in a batch file (at least none i know about).
*****************************************
kui rahulikult läbi lugeda siis pole seal rasket midagi, isegi cmd faili sisu on kaasa antud 