Tech Tip of the Day: How to download and run Chameleon by Malwarebytes

** THIS POST HAS BEEN UPDATED **

Malwarebytes Chameleon is a tool that was developed in order to get Malwarebytes Anti-Malware running when blocked by an active infection on a user's system.

It accomplishes this in several ways, but in order to run, Chameleon itself must be able to run in spite of the infection as well.  That's where the filenames come in and is the reason you'll find files like 'svchost.exe', 'winlogon.exe' and 'iexplore.exe' among others within the Chameleon folder.  Those are actually just renamed copies of the main Chameleon executable, mbam-chameleon.exe.  The reason that we do this is because infections, particularly rogue/fake antivirus programs, will often block processes from launching simply based on their file or process names, or they will only allow certain 'whitelisted' processes to run.  These whitelisted processes are often a user's internet browser (hence the use of names like 'firefox.exe' and 'iexplore.exe') or critical system processes (hence 'svchost.exe', 'winlogon.exe' and 'rundll32.exe').

There are several methods for launching Chameleon itself, depending on the situation that the user is dealing with.  Malwarebytes provides a help file called 'chameleon.chm' which is accessible via the START menu under All Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk'.  This is the best and simplest way to use Chameleon as all the user has to do is open the help file and follow the instructions.

Unfortunately, launching the help file is not always possible, so Malwarebytes does provide other methods to get Chameleon running.
 
If Malwarebytes Anti-Malware is already installed but the Chameleon help file will not open, the user may attempt to launch the Chameleon executables manually by browsing to their Malwarebytes Anti-Malware program folder under 'Chameleon' and double-clicking on the executables located there one by one until they find one which is able to launch which will be indicated by a command prompt window providing instructions on what to do next to run Chameleon.

Once Chameleon is up and running, it will attempt to update Malwarebytes Anti--Malware's database, kill all malicious processes running in memory, and then initiate a scan with Malwarebytes Anti-Malware.  Upon completion of the scan, the user may remove the infections from their system, rebooting if required, and their system should be running normally again, free of infection.

If Windows Explorer is not running, the same method can be used to launch the help file or executables by using Windows Task Manager and simply browsing to the location of the files and trying to open them one by one that way.

Now, if Malwarebytes Anti-Malware is not already installed, Chameleon can get it installed for the user.  Malwarebytes has provided Chameleon as a separate download available here on their website: http://www.malwarebytes.org/products/chameleon

All the user needs to do is download that file, extract it to a new folder in a convenient location such as their desktop, and then attempt to use the included help file (Chameleon.chm) to run Chameleon.  If the help file will not open, then the user should proceed with the same method applied above by double-clicking on each of the provided Chameleon executables one by one until they find one that opens.

Upon opening, the user should follow the onscreen instructions and Chameleon will proceed to download and install Malwarebytes Anti-Malware for the user and then will proceed to run through the same process as described above (updating the database, killing malicious processes and performing a scan).

*All information provided by Samuel E. Lindsey of Malwarebytes Corporation