Jump to content

Does Malwarebytes really "scan" files it already THINKS are bad?


JohnnyDoomo

Recommended Posts

I've used Malwarebytes for years, and trusted what it claimed was bad and good... until I came across this post https://forums.malwarebytes.org/index.php?/topic/48956-suspected-false-positive/after a Google search.

 

My concern is from how the administrator answers the problem.

 

"Cracks and Keygens are illegal and unwanted, are a major source of nowadays malware and that's why we detect them."

"2) 90% of the users who use cracks and keygens frequently get infected anyway since most of them are bundled with malware or are malware."

 

I am not about to argue the legitimacy of cracks, but from my understanding, is the Admin of Malwarebytes claiming that their software doesn't even scan if the file is infected or not, and merely knows that the file is a software crack, and so it simply marks the file?

 

If this is the case, it seems like Malwarebytes is not truly doing its "job" and is just going off of file reputation or name reputation.

 

I'm interested in an official answer, as I have no need for software that is giving me its "best guess", and isn't actually scanning my files for malware/intrusions.

 

Again, I am not talking about cracks, or keygens, but that the admin responds in a manner that because most cracks have infections, they mark any crack with an infection, instead of actually knowing, or scanning the said file for "bad" content.

 

Am I not understanding how Malwarebytes really works? Is this just an old forum thread, that doesn't display how MB currently handles files now?

 

I'm interested if MB works on simple blanket rules, as I would start to trust its results a lot less, if that's the case.

 

Thanks for any insight into this.

Link to post
Share on other sites

MB ? ==> Milton Bradley ?

 

First you have to understand what "infected" means. 
If you have a file infecting virus that prepends, appends or cavity injects malicious code into a legitimate file then that file is infected.  Since it is file infecting virus it can now infect other files or systems.
If you have malware that prepends, appends or cavity injects malicious code into a legitimate file then that file is infected.  If that infected file can not infect other files or systems the the file is deemed "trojanized" or "patched".
 
If you have a trojan then it is malicious by design it is not "infected".  There is a possibility that a trojan can become infected by a file infecting virus ( Sality, Parite, etc).  Then, and only then, can the file be deemed "infected".
 
Let us look at the malware submission guidelines...

Purpose of this forum

Disclaimer: We apologize, but we will not be adding corrupted files, archived/collections(Old sample(s) 3months + since file creation)  or file infectors. Secondly, we will not add key generators, hacking tools, Joke applications, Casino applications or game cheats unless they contain malicious trojan code.


So unless a keygen or game cheat has been repackaged with malware, the file will not be targeted.  That's the key here.  A keygen or game cheat is not malware so it is not targeted.  If someone disguises a trojan as a keygen and there is actual malicious code then the file would be targeted. If someone has a packaged installer for a game cheat or keygen and the package includes malware such as a downloader trojan then it will be targeted.

 

First you have to understand what malware is and what it entails and then we can categorize different types of files based upon content and intent.  We can talk generalities but do you have a file that is "specific" in mind ?

Link to post
Share on other sites

Yes the specific file I have in mind is a "cracked" .dll file for Adobe After Effects. I'm trying to get a CS6 version, since Adobe is trying to push their CC line (subscription based) down my throat, and have removed all avenues of officially purchasing CS6.

So, back to the .dll, it's main purpose is to keep the After Effects trial from ever expiring. You are suppose to install the trial and replace 1 .dll file to allow it to be used. So everything but Malwarebytes on https://www.virustotal.com/ scan the file to be ok.

So because this is a crack, and there are multiple versions of the crack, my concern is if the file is safe, despite it coming from perhaps untrusted sources.

I say this because, like all cracks, there are multiple releases, some can be infected (or whatever term you deem it should have, from above). So I'm interested in MalwareBytes is simply marking this specific .dll file as "infected" because it knows the name, and that it's a crack, but not that it specifically knows THIS "release" of the crack.

Hopefully revealing my purpose does not get this thread locked or deleted, as I truly have attempted to pursue all avenues of trying to get this software legitly, but Adobe is trying to erase all existence of it, and get people onto their subscription model.

Crack or not, I'm interested if MalwareBytes actually knows the content of THIS file to be bad, or is just marking it because it's different than the official file from Adobe.

Link to post
Share on other sites

Please do realize that the Forum in general and individuals, such as my self, do not condone software piracy.
 
Forum Piracy Policy

 

You haven't posted the Virus Total Report URL but it could very well be a legitimate Adobe DLL that has been "patched" to disable Adobe licensing controls.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.