After some customizing and tweaking of the old script, I decided to re-release a new “version” of the Malwarebytes portable script.

I got the idea from a forum post over at Comodo.com. After some tweaking of their methods, I think I’ve come up with a decent script that does it’s job effectively.

First, I’ll go through the script step by step:


@echo off
title LEAVE THIS BOX OPEN!!!
echo WARNING!!!
echo.
echo If Malwarebytes Portable asks you to restart after scanning, CLICK NO!
echo You'll need to EXIT Malwarebytes Portable and restart manually.
echo.
echo Otherwise, the program files will be left over and Windows will think it's
echo installed.
echo.
echo.
echo If you DO accidentally click restart. Open Malwarebytes and close it manually to delete the program files again.
echo.
echo Continue? {Y N}
set /p MBAM_Warning=
if "%MBAM_Warning%"=="y" goto start
if "%MBAM_Warning%"=="n" goto eof

This section is pretty simple. It basically warns the user that Clicking Yes on the restart prompt could seriously screw up Malwarebytes. It’ll try to restart without unloading the files, which will cause some to be left over creating a partial install. Not good.


:start
cls
echo Registering Services...
regsvr32.exe "%~dp0program\vbalsgrid6.ocx" /s
regsvr32.exe "%~dp0program\ssubtmr6.dll" /s
regsvr32.exe "%~dp0program\mbamext.dll" /s
echo Copying Malwarebytes System Files...
COPY "%~dp0program\mbam.sys" "C:\WINDOWS\system32\drivers\mbam.sys" /Y
COPY "%~dp0program\mbamswissarmy.sys" "C:WINDOWS\system32\drivers\mbamswissarmy.sys" /Y
echo Creating Temp Directory...
mkdir "%ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware"
echo Copying Definitions...
xcopy "%~dp0program\rules.ref" "%ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware" /Y /Q

This section will register the services, copy important system files to the drivers folder and also copy over the definitions to the %allusersprofile% folder.


echo Starting...
"%~dp0program\mbam.exe"


Now that Windows has been faked into thinking Malwarebytes is installed, it’ll start the mbam program and the script will wait while Malwarebytes is open. I used a utility called sleep.exe and can be found at the ComputerHope.com. The awesome part is that it’s completely usable and you can even update it, just as if it’s really installed.


echo Saving new definitions...
xcopy "%ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref" "%~dp0program" /Y /Q
if exist "C:\Program Files (x86)\Malwarebytes' Anti-Malware" goto eof
if exist "C:\Program FilesMalwarebytes' Anti-Malware" goto eof
echo Removing Temp Directory
RMDIR /S /Q "%ALLUSERSPROFILE%\Application Data\Malwarebytes"
RMDIR /S /Q "%USERPROFILE%\Application Data\Malwarebytes"
"%~dp0program\sleep.exe" 750

Once Malwarebytes is closed, it executes the rest of the script. If you updated Malwarebytes as it was open, the updated definitions file will overwrite the older version and will copy to your program folder for future use. The temporary directories are also deleted. This section also has a safeguard that checks if Malwarebytes is legitimately installed on the computer, if it is, it’ll just copy the definitions skips the removal process and exits the script.


echo Deleting Malwarebytes System Files...
DEL "C:\WINDOWS\system32\drivers\mbam.sys"
DEL "C:\WINDOWS\system32\drivers\mbamswissarmy.sys"
"%~dp0program\sleep.exe" 750
echo Removing Malwarebytes Registry Entry...
REG DELETE "HKCU\Software\Malwarebytes' Anti-Malware" /f
"%~dp0program\sleep.exe" 750
echo Deleting Malwarebytes Services...
regsvr32.exe /u "%~dp0program\vbalsgrid6.ocx" /s
regsvr32.exe /u "%~dp0program\ssubtmr6.dll" /s
regsvr32.exe /u "%~dp0program\mbamext.dll" /s
"%~dp0program\sleep.exe" 2000
exit
:eof
exit

This section deletes the system files, registry entry and unregisters the Malwarebytes services. Now it’s as if Malwarebytes wasn’t even there.

Now that I’ve gone over the script, I’ll go through how to build Malwarebytes portable. For the most part it’s easy to do. If you want, you can follow the directions in the discussion board that I mentioned above.

1. You’ll need to start by installing a copy of Malwarebytes.

2. Once it’s installed, copy the application directory to a folder. Since I simply called my folder “folder”, you may need to change the script. Something I didn’t mention was the %~dp0 command, which will take the drive letter, path and name of the batch file to form the full directory the batch file resides in. Basically, no matter what you do, make sure the Malwarebytes application directory folder is one level deeper than the script. When the script is executed, it’ll look in the folder that’s just beyond it.

3. Once the application directory folder has all Malwarebytes program files in it, you’ll need to copy over the mbam.sys and mbamswissarmy.sys files and put them in the application directory folder. They should be located in the C:\WINDOWS\system32\drivers\ folder. For some reason, sometimes the mbamswissarmy.sys file doesn’t show up after being installed. In that case, just copy the mbam.sys file and skip to step 4 . After putting Malwarebytes Portable together, if it works fine I’m sure it’ll be ok. If you get Error 723, I’d suggest that you install an older version of Malwarebytes and try to copy the mbamswissarmy.sys from that version. I don’t know why sometimes mbamswissarmy.sys isn’t included after Malwarebytes is installed. I’ve seen it happen a few times.

4. Copy the rules.ref definitions file located: “%ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes’ Anti-Malware\” to the application directory folder.

5. Try to run it. Good luck!

Possible issues:

Apart from the mbamswissarmy.sys problem, sometimes the definitions file gets corrupted. It could be malware related. In those cases, it might be a good idea to keep a backup copy of the definitions handy just in case. If something goes wrong, copy it to the application directory folder.

If you do click yes to the restart prompt after running a scan, after the bootup, you’ll need to run the script again and allow the script to unregister/delete the program files. We offer a download of the MalwareBytes Portable script that is covered in this article.