Jump to content
yardmetre

Does MBAM 3.x target mp3 files amd other media files?

Recommended Posts

I came across Windows Media Player Scripting Fix by developer of SpywareBlaster. This made me wonder if mp3 and other media files could be infected or could cause problems similar to those seen in wma files. I searched these forums and found this entry by  David H. Lipman Posted January 21, 2014, " One should not confuse SAS and MBAM, which are adjunct scanners, with traditional anti virus scanners which target media files, graphic files, data files or script files and other files that may be malicious or used in exploitation vectors. (topic/140812-can-an-mp3-file-contain-malware).

If I recall correctly, when 3.x was launched it was claimed that traditional anti-virus software was no longer required. I'm wondering if the new MBAM does in fact now target all types of media files. I'm mainly concerned with mp3 audio and mp4, mkv and avi video files. Am I just wasting my time scanning a folder containing mp3 files even though MBAM reports that it's scanned those files?

Apart from MBAM I only run Windows Defender.

Thanks.

 

 

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven't done so already, please run these two tools and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Farbar Recovery Scan Tool (FRST)
    1. Download FRST and save it to your desktop
      Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
    2. Double-click to run FRST and when the tool opens click "Yes" to the disclaimer
    3. Press the "Scan" button
    4. This will produce two files in the same location (directory) as FRST: FRST.txt and Addition.txt
      • Leave the log files in the current location, they will be automatically collected by mb-check once you complete the next set of instructions
  • MB-Check
    1. Download MB-Check and save to your desktop
    2. Double-click to run MB-Check and within a few second the command window will open, press "Enter" to accept the EULA then click "OK" 
    3. This will produce one log file on your desktop: mb-check-results.zip
      • This file will include the FRST logs generated from the previous set of instructions
      • Attach this file to your forum post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Share this post


Link to post
Share on other sites

Hello and Welcome!

Malwarebytes' Anti-Malware ( MBAM ) does not target scripted malware files.  That means MBAM will not target; JS, JSE,  PY, .HTML, VBS, VBE, WSF, .CLASS, SWF, SQL, BAT, CMD, PDF, PHP, etc.
It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, RTF, etc.
It also does not target media files;  MP3, WMV, JPG, GIF, etc.
 
Until MBAM, v1.75, MBAM could not access files in archives but with v1.75 came that ability so it can unarchive a Java Jar (which is a PKZip file) but it won't target the .CLASS files within. Same goes with CHM files (which is a PKZip file) but it doesn't target the HTML files within. MBAM v1.75 and later specifically will deal with; ZIP, RAR, 7z, CAB and MSI for archives. And self-Extracting; ZIP, 7z, RAR and NSIS executables (aka; SFX files).
 
MBAM specifically targets binaries that start with the first two characters being; MZ
They can be; EXE, CPL, SYS, DLL, SCR and OCX. Any of these files types can be renamed to be anything such as;  TXT, JPG, CMD and BAT and they will still be targeted just as long as the binary starts with 'MZ'.
 
**  It is presumed all the files are downloader trojans.  It would be the payload that MBAM would target.  Unfortunately, all the files have age which makes their likelihood of downloading any payload very low.  Thankfully, the lifespan of payload URLs is rather short.

 
NOTE:  Malwarebytes' Anti-Exploit ( MBAE ) is designed to deal with many of the types of malware associated with scripts, documents and media files where MBAE will protect the computer against Exploitation attempts whether they were exploits of software vulnerabilities or taking advantage of an application in an unusual way and works at an "action level" and not a "file level" like MBAM. MBAE provides protection of applications that are commonly  known to be associated with and normally used by the file type.
Reference:  MBAE FAQ

Thanks go out to @David H. Lipman

Share this post


Link to post
Share on other sites

Yes, it doesn't directly target these types of files with its standard malware detection engine, however it does block attacks using these types of files behaviorally through its signature-less modules such as its anti-exploit component.  This means that even though a scan may not detect a maliciously crafted MP3 or document file (PDF, DOC etc.), the anti-exploit component will detect it when the user attempts to open/execute the file when the script/exploit contained within the malicious file actually tries to launch, thus detecting the threat and preventing the exploit/attack from succeeding.  This also has the distinct advantage of not needing to rely on signatures/updates to detect new variants of these kinds of attacks since it stops these threats based on the abnormal/malicious behavior they exhibit so Malwarebytes doesn't have to wait until the Research team has received a sample or gotten reports from infected users in order to react and roll out a signature/database update to protect the rest of their customers.  Everyone is protected from the beginning through those signature-less behavior based protection components.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.