Should malware removal programs be renamed for security reasons?

FranzB · 20 Dec 2011

On internet i have seen several times the advice to change the name by which a particular malware removal program is known since some malware recognizes the files
or the ---.exe and then prevents its installation onto an infected computer or its execution, even if the program was installed on the computer before the infection took place.
This was advised for TDSSKiller (tdss.exe should be renamed to e.g. whatever.com)
Malwarebytes AntiMalware should be renamed before using it on an infected computer.
See e.g.
How To Easily Remove Google Redirect Virus
http://www.usenetmessages.com/view.p...&id=476887&p=C

Can anyone say anything about this? And should this also be done routinely with other malware removal programs? If that would really be necessary/advisable then why wouldn't the providers give you the choice of renaming by asking if you want to, or simply give you no choice but rename their product? Probably not many people would ever think of doing it themselves.

seavixen32 · 20 Dec 2011

I'm perhaps being rather cynical, but I'm very suspicious of articles that have a link to a 'registry cleaner' or any other so-called utility that claims to clean or speed up your computer.

I'm of the opinion that some of these can easily corrupt your registry or your system.

Microsoft Security Essentials along with Malwarebytes and ignoring suspicious web pages or links has kept my computer free of viruses so far.

As for renaming Malwarebytes, I certainly wouldn't do it. If the door is already open, the undesirable alien is already in and only its removal will suffice.

The door needs to be locked, not just have its name changed. :)

marsmimar · 20 Dec 2011

I'm not a lawyer and I don't even play one on TV. So this is just personal opinion. :)

I think that most software companies (not just the antimalware companies) tend to err on the side of caution when it comes to their products. They "dumb down" their instructions, or lack thereof, to accomodate the average user. The default instructions apparently work for the vast majority of people. For those relatively few folks who need more advanced instructions, the specific product help forum, product customer support, or sites like this one provide additional ways to circumvent the malware.

I consider my computer knowledge to be slightly above average. I'll try using the software product "as is". If it doesn't work, then I'll dig into the bag of tricks I've learned for an alternate method. So I don't think it's necessary or advisable to routinely rename antimalware programs. IMHO.

Petey7 · 20 Dec 2011

The only times you need to change the names of the anti-malware program's executable is in the specific instance where a virus prevents the running of a program based solely on the executables name. I do not see the point in doing it in the case discribed in the second link since the person already advised running MBAM in safe mode (ie virus probably won't be running anyways). Also, he left out what I consider to be an important step. You can download a stand-alone update for mbam which will update the database version to the newest one without having to go online. Viruses are becoming more advanced and can know what something is even if the executable is named differently, so that method is becoming less likely to work over time anyways.

Corrine · 20 Dec 2011

Petey7 is correct:

Petey7 said:

The only times you need to change the names of the anti-malware program's executable is in the specific instance where a virus prevents the running of a program based solely on the executables name.

GamePlanner · 20 Dec 2011

Nice and to the point answer by petey7.

FranzB · 02 Jan 2012

With thanks to all for your information and advice.