The malware writers definitely know it and program for it.
I just finished cleaning a client's PC which had been infected with Vundo (among others). It allowed me to install MBAM (after I changed the install file name), but somehow managed to block the install from writing the MBAM exe to the MBAM folder. Got around that by burning a CD from a clean system with the entire MBAM folder and telling the infected system to go find the exe there when the desktop icon couldn't find it.
It took half a dozen runs to clean the PC, but appears to have worked.