Malwarebytes Toolset Quick Start Guide

Document created by jyamada Employee on Jun 4, 2019
Version 1Show Document
  • View in full screen mode

Getting Started - First Time Use

When you first use the Malwarebytes Toolset (MBTS), you will need internet access to allow it to validate your license key and you should update all components.

  1. Download the Malwarebytes Toolset with your license key pre-injected using the URL contained in your confirmation email.

  2. Extract the MBTS_X.X.X.XXXX.zip package file to the root of a USB flash drive or a dedicated directory within a USB Flash Drive.

    Note: Ensure the path where the Malwarebytes Toolset is extracted to does not include any ASCII/UNICODE extended set characters.

  3. Double click MBTSLauncher.exe from the extracted package.

  4. Once the Toolset launches and validates your license, go to Toolbox > MyTools > Check for Updates

  5. Download all available updates

 

For additional information on the features of the Malwarebytes Toolset and how to use them, please see the latest Malwarebytes Toolset User Guide and Malwarebytes Issue Scanner Technical Reference.

 

How do I manually download the Malwarebytes Toolset?

You can download the latest build of the Malwarebytes Toolset using the URL in your confirmation email. If needed, use the syntax below to manually obtain the Malwarebytes Toolset with your product key pre-injected:

 

Alternatively, there are generic URLs if the auto-injection system is down/not working correctly.

 

What is the difference between the Standard and MBTS Full download of the Malwarebytes Toolset?

The Standard download is a smaller package with only the following core components:

  • Malwarebytes Toolset (Inform, Network Devices Scanner, Portable Scanner, Issue Scanner, and Toolbox)

 

Additional standalone components can be downloaded as needed when they are executed via the Toolbox or downloaded using the MBTS Updater by going to Toolbox > MyTools > Check for Updates.

The Full download is a larger package with the following core and standalone components:

  • Malwarebytes Toolset (Inform, Network Devices Scanner, Portable Scanner, Issue Scanner, and Toolbox)

  • Malwarebytes Breach Remediation v2 CLI

  • Malwarebytes Breach Remediation v3 CLI

  • Malwarebytes AdwCleaner

  • Malwarebytes Anti-Bundleware

  • Malwarebytes Anti-Rootkit

  • Malwarebytes for Windows (installer)

  • Malwarebytes Support Tool

  • Fab’s AutoBackup Pro v7

 

How do I update the components of the Malwarebytes Toolset?

The Malwarebytes Toolset checks for a new release at launch. If one is available, an orange notification banner appears with an option to start an in-place update. For all other components or to manually update, use the MBTS Updater by doing the following:

  1. If you have not already done so, launch the Malwarebytes Toolset

  2. Click on the Toolbox component.

  3. Go to MyTools and click Check for Updates (aka the MBTS Updater)

  4. Select the components you want to update then click Download

  5. Follow any additional steps presented.

 

Any Toolbox item supported by the MBTS Updater can also be updated upon launch. If there is a new version, you have the option to download and use that one OR continue to use the older version.

 

How do I run a malware scan?

We include a portable version of Malwarebytes, the Malwarebytes Portable Scanner. To use it, perform the following:

  1. If you have not already done so, launch the Malwarebytes Toolset

  2. Click on the Scan component.

  3. Click Scan for Malware.

  4. Follow any additional steps presented.

 

By default, a malware scan will always prompt if you want to kill non-essential processes, check for database updates, and perform a Threat scan. If you want to change this default behavior, click on the Settings icon (it looks like a gear) and select Edit Default Scan.

 

If you want to perform a one-time custom scan, click the Custom Scan button and select the scan options you want to use.

 

How do I update the malware database/definitions?

By default, we always check for updates when you run a malware scan. Since you may be in situations with no internet access, we highly recommend updating the database/definitions at least once a day on an internet connected PC. You can accomplish that two ways:

  1. If you have not already done so, launch the Malwarebytes Toolset

  2. Click on the Scan component.

  3. Click the Settings/gear icon next to Malwarebytes Breach Remediation and select Run Manual Update

  4. Follow any additional steps presented.

 

OR

 

  1. If you have not already done so, launch the Malwarebytes Toolset

  2. Click on the Toolbox component.

  3. Go to MyTools and click Check for Updates (aka the MBTS Updater)

  4. Select the Malwarebytes Rules component and then click Download

  5. Follow any additional steps presented.

 

How do I scan for malware or issues from Command Prompt/Command-Line?

The Malwarebytes Portable Scanner and Malwarebytes Issue Scanner can be launched from the command line by passing /scan:malware or /scan:issues respectively to MBTS.exe or MBTSLauncher.exe. Below are examples of this:

  • Malwarebytes Portable Scanner
    • MBTSLauncher.exe/scan:malware
    • MBTS.exe/scan:malware
  • Malwarebytes Issue Scanner
    • MBTSLauncher.exe/scan:issueso
    • MBTS.exe/scan:issues

 

If you need additional automation or scripting capabilities for malware scans, a Malwarebytes Breach Remediation (MBBR) for Windows CLI is included with the Malwarebytes Toolset. You can find it in the Toolbox under the Remediate section or in the directory structure at the following locations:

  • Malwarebytes\MBBRv3\x64\mbbr.exe
  • Malwarebytes\MBBRv3\x86\mbbr.exe
  • Malwarebytes\MBBRv2\mbbr.exe

 

For more details on how to use MBBR via CMD, see the Malwarebytes Breach Remediation User Guide.

 

Does the Malwarebytes Toolset and/or Malwarebytes Breach Remediation support offline usage?

Both products support offline usage. Just make sure the Toolset has been validated (required on first use) and updated then you can use it offline for 7 days with version 1.3 and 15 days with version 1.4+. If you are only using the Malwarebytes Breach Remediation CLI utility, it supports 15 days of offline usage.

 

How do I scan and export with Inform from Command Prompt/Command-Line?

You can perform an Inform Export silently from the command line by passing the following arguments to MBTS.exe or MBTSLauncher.exe:

  • /scan:inform /LogFile:”Path to file” - Silently runs an Inform operation and outputs the results in plain text to the file specified.
    • If /LogFile is not specified, then the exported text file is saved to the following location: %UserProfile%\Desktop\Inform_%COMPUTERNAME%_%DATE&TIME%.txt
    • If only a file name is specified for /LogFile (e.g. "Inform Log File.log"), then the specified file will be saved to %MBTS_ROOT% (aka the directory where MBTSLauncher.exe is stored).

 

How do I use AdwCleaner

AdwCleaner is included as a standalone component designed to remove adware, toolbars, and more. You can run it by doing the following:

  1. If you have not already done so, launch the Malwarebytes Toolset

  2. Click on the Toolbox component.

  3. Go to Remediate and click on AdwCleaner

  4. Follow any additional steps presented.

 

How do I use Malwarebytes Anti-Bundleware?

Malwarebytes Anti-Bundleware is a standalone tool designed to remove unneeded bundled software and junkware. You can use it by doing the following:

  1. If you have not already done so, launch the Malwarebytes Toolset

  2. Click on the Toolbox component.

  3. Go to Remediate and click on Anti-Bundleware Scanner Beta

  4. Follow any additional steps presented.

 

How do I scan for local network devices?

The Malwarebytes Toolset includes a Network Devices scanner to perform a detailed local network device inventory scan. To use it, perform the following:

  1. If you have not already done so, launch the Malwarebytes Toolset

  2. Click on the Inform component.

  3. Go to Network then click Start Scan under Network Discovery

  4. Follow any additional steps presented.

 

How do I scan for SMART Attribute and Disk Errors of a disk drive?

The Disk Drive Issue Scanner of the Malwarebytes Issue Scanner performs this function. Please note that only failures or issues will be presented, but you can see the full details by clicking on the Scan Report. To use the Malwarebytes Issue Scanner, perform the following:

  1. If you have not already done so, launch the Malwarebytes Toolset

  2. Click on the Scan component.

  3. Click on Scan for Issues

  4. Follow any additional steps presented.

 

For additional information on the Malwarebytes Issue Scanner, please see the latest Malwarebytes Issue Scanner Technical Reference.

 

How do I add tools?

The MyTools component of the Malwarebytes Toolset allows you to bring along additional tools, scripts, and batch files in to the UI.

  1. If you have not already done so, launch the Malwarebytes Toolset

  2. Click on the Toolbox component.

  3. Go to MyTools and click MyTools Editor

  4. Click the + icon to add a tool

    • To import a directory of tools, click the Batch import button instead (looks like a download icon)

  5. Complete the Create Tool form and click Save

     

For more details on how to use the MyTools feature, including advanced features like variables and batch tool importing, check out the latest Malwarebytes Toolset User Guide.

 

How do I launch MyTools or Toolbox tools from Command Prompt/Command Line?

Any tool from the Toolbox (including MyTools) can be launched from the command line by passing /toolbox:”Name of Tool” to MBTS.exe or MBTSLauncher.exe. These tools will be launched as Administrator and pass on the special variables defined in the MyTools section of the User Guide. Below are examples of this:

  • Malwarebytes AdwCleaner
    • MBTSLauncher.exe/toolbox:”AdwCleaner”
    • MBTS.exe/toolbox:”AdwCleaner”
  • Windows PowerShell
    • MBTSLauncher.exe/toolbox:”WindowsPowershell”
    • MBTS.exe/toolbox:”WindowsPowershell”

 

How do I access the Toolset if I have forgotten my Startup Password?

You can recover access by doing the following:

  1. Delete the Toolset license file at “\Malwarebytes\MBTS\Data\Configuration\mbts-license.dat”

  2. Relaunch the Toolset

  3. Enter your Toolset license key and click Verify

 

Are There Command Line/Command Prompt Options for running the Malwarebytes Toolset?

Yes, command line options are available to utilize some components of the Malwarebytes Toolset quickly for automation and/or scripting purposes. These options can be passed to MBTSLauncher.exe or MBTS.exe. Below is a list of those options and their applicable syntax:

  • /password:”Your Startup Password” - Suppress prompt for your Startup Password.
  • /scan:inform /LogFile:”Path to file” - Silently runs an Inform operation and outputs the results in plain text to the file specified.
    • If /LogFile is not specified, then the exported text file is saved to the following location:
      %UserProfile%\Desktop\Inform_%COMPUTERNAME%_%DATE&TIME%.txt
    • If only a file name is specified for /LogFile (e.g. "Inform Log File.log"), then the specified file will be saved to %MBTS_ROOT% (aka the directory where MBTSLauncher.exe is stored).
  • /scan:malware - Scans for malware with the Malwarebytes Portable Scanner using the current Default Scan settings. These settings can be changed using the MBTS.exe GUI (Scan > Settings icon > Edit Default Scan).
  • /scan:issues – Scans for issues with the Malwarebytes Issue Scanner.
  • /repair:network – Performs a Network Reset.
  • /repair:wmi – Performs a WMI Reset.
  • /toolbox:”Name of Tool” – Launches the specified tool in quotes from the Toolbox or MyTools.
  • /LogLevel:<0-5> – Launches the Malwarebytes Toolset with a specified logging level output for the “DebugLogging.txt” file. This is used for troubleshooting the Malwarebytes Portable Scanner. The default loglevel is 1 (ERRORS) and is used if no log level is specified. The following is a definition of each log level:
    • 0-none
    • 1 – Events marked as Errors only are logged
    • 2 – Events marked as Errors and Warnings are logged
    • 3 – Events marked as Errors, Warnings, and Info are logged
    • 4 – Events marked as Errors, Warnings, Info, and Debug are logged
    • 5 – Events marked as Errors, Warnings, Info, Debug, and Trace are logged
    • The DebugLogging.txt file is stored in the following locations depending on the architecture of the operating system:
      • 64-Bit (x64) - Malwarebytes\MBTS\x64\DebugLogging.txt
      • 32-Bit (x86) - Malwarebytes\MBTS\DebugLogging.txt

 

Note: MBTS.exe and MBTSLauncher.exe are not a console applications. They will not send output to the console window once they execute.

 

How do I get technical support?

Please start a new topic in the Malwarebytes Toolset area of the Malwarebytes Forums (Malwarebytes Techbench > Malwarebytes Toolset) or email our team the details at techbench@malwarebytes.com.

Attachments

    Outcomes