Jump to content
jayman1000

Protip: Dont count on Malwarebytes as the only malware protection program.

Recommended Posts

Here's a little tip that I probably should known: Dont count on Malwarebytes as the only malware protection program. I ran a Malwarebytes scan that found nothing while I was definately infected with a browser search redirect malware. This must have been on the system level because it intercepted searches from any browser I tried, even new ones I installed as a test. It redirected searches when I clicked on links in search engines to the same homepage y***m.l***e-in-air.net (I blocked out some of the URL to not inadvertently help spread this malicious link). Seems to be some type of dating site, live chat or porn site (I haven't clicked on anything when that page comes up).

I then decided to do a Trend Micro housecall scan. Found nothing. I then did a Free Norton Scan. Nothing. Installed AVG antivirus. Nothing. I then installed 360 Total Security and enabled Bitdefender engine and Avira engine. Guess what, it found 18 virus threats and after cleaning and restarting that obnoxious search redirect crap was gone.

This is not meant as a demeaning post against Malwarebytes. I like Malwarebytes, it's very good and is excellent at blocking malicious sites and malware, but clearly there are things that it does not catch. The same is no doubt true for 360 Total Security too, so I would not rely on that solely either.

Share this post


Link to post
Share on other sites

Do you have your scan logs from the products that did detect the infection? If we're missing something, having that information would be very helpful so we can make sure we detect it in the future

Share this post


Link to post
Share on other sites
3 hours ago, dcollins said:

Do you have your scan logs from the products that did detect the infection? If we're missing something, having that information would be very helpful so we can make sure we detect it in the future

I can try to find them. I did a malwarebytes scan after I had used 360 total security and MB didnt find anything still (of course no surprise sinse it didnt find anything before). Then I ran AdwCleaner which surprisingly found some stuff. Shouldn't MB already find everything that AdwCleaner finds? what is up with that?

Share this post


Link to post
Share on other sites

Im sorry I just looked through the Log of 360 Total Security and the latest dates are from 24. juli 2018, so whatever things it found now it didn't log it. What about the AdwCleaner, does that make a log of some kind I can give you? Because it did find some things also.

Share this post


Link to post
Share on other sites

Note this is the MB3 scan report form BEFORE I ran 360 Total Secutiry and Adwcleaner. It's curious that MB3 found nothing while Adwcleaner did. I thought MB3 should be able to find anything that Adwcleaner finds?

Share this post


Link to post
Share on other sites
On 10/14/2018 at 6:37 PM, jayman1000 said:

and is excellent at blocking malicious sites

Have you recently seen the " Malwarebytes for Home Support / False Positives / Website Blocking "???

8 from every 10 reported are indeed FPs with the message " Thanks, the block will be removed. " So, no, not "excellent at blocking malicious sites"

Share this post


Link to post
Share on other sites
58 minutes ago, lock said:

Have you recently seen the " Malwarebytes for Home Support / False Positives / Website Blocking "???

8 from every 10 reported are indeed FPs with the message " Thanks, the block will be removed. " So, no, not "excellent at blocking malicious sites"

ok yeah I know that it blocks a lot of not malicious sites. I have that problem too. I think it stems from they way because they use a clasification that I am not sure how exactly is setup, but it means that many sites that are not malicious at all can be placed in a malicious classification list that means MB will block it. To be fair I would rather have MB err on the side of caution. What I think MB lacks is better tools for customization. When MB blocks a site it's not super easy to just add that site to the exception list, you have to go through some convoluted steps to achieve that. Additionally for example when torrenting MB may block a lot of IP's adresses. This means that it constantly pops up that notification about "Blocking website". This popup intrudes in all other applications, including full screen videos and fullscreen games. If you want to watch video or play games uninterrupted while torrenting you have no other choice than to COMPLETELY disable notifications. There are no ways to only disable specific notifications, it's either all or nothing. Of course still would like be notified about other treats, just not the ip blocking from my torrent program, but as it is now that is impossible. This is obviously just one example of major lack of customization. Which is huge oversight form the MB devs. And it's been like that for a loong time now.

Share this post


Link to post
Share on other sites
2 minutes ago, jayman1000 said:

Additionally for example when torrenting MB may block a lot of IP's adresses.

I have Web protection Off on my MBAM and instead I use Firefox with ublock origin and Malwarebytes browser extensions.

Seems to work much better.

Share this post


Link to post
Share on other sites

We already explained why there are so many requests for sites to be unblocked in the thread below. The short version is: At one time, those sites were doing something malicious (serving out infected files, serving as a bot control center, hosting malicious ads, etc) so they get blocked. Once users report that their sites are clean, we then remove the block on their page.

Of note, since you mentioned the Malwarebytes browser extension, it uses the same database as Web Protection inside Malwarebytes, and adds some more protection as well. So if you're disabling Web Protection because you believe it has too many false positives, then using the Chrome extension isn't going to solve your issue.

Share this post


Link to post
Share on other sites
20 hours ago, jayman1000 said:

Note this is the MB3 scan report form BEFORE I ran 360 Total Secutiry and Adwcleaner. It's curious that MB3 found nothing while Adwcleaner did. I thought MB3 should be able to find anything that Adwcleaner finds?

No, the entire reason that ADWCleaner still exists as a standalone tool/separate download is specifically because it uses its own databases and targets some items that Malwarebytes does not currently.  If all of the detections in ADWCleaner are integrated into Malwarebytes 3 then it is likely that ADWCleaner will be retired at that time just as JRT was when all of its detections were integrated into Malwarebytes 3 and ADWCleaner.

Share this post


Link to post
Share on other sites
13 hours ago, exile360 said:

No, the entire reason that ADWCleaner still exists as a standalone tool/separate download is specifically because it uses its own databases and targets some items that Malwarebytes does not currently.  If all of the detections in ADWCleaner are integrated into Malwarebytes 3 then it is likely that ADWCleaner will be retired at that time just as JRT was when all of its detections were integrated into Malwarebytes 3 and ADWCleaner.

I see. Would be nice if those features were part of MB3 Premium at least, since you, I pay for Premium, while ADWCleaner is free...

Share this post


Link to post
Share on other sites

Sure, that's understandable, however at least as far as installers go, Malwarebytes should detect most of the items that ADWCleaner does, which is where Premium comes in (since the real-time protection in Malwarebytes 3 does not monitor the registry or files created on disk that aren't attempting to load into memory; the reason being that it's designed not to conflict with antivirus software and other security tools if users have them installed alongside it).

They do plan to integrate it eventually, but the process will most likely be a gradual one as there are still a lot of users who like having ADWCleaner as a standalone portable scan tool (since even the free version of Malwarebytes requires installation, so some users prefer it).

Share this post


Link to post
Share on other sites

You have to have a certain number of posts before it allows editing.  It's part of the anti-spam functionality set up on the forums.  I'm not sure what that number is but one of the admins would know.

No worries though; I knew what you meant to say :) 

Edited by exile360

Share this post


Link to post
Share on other sites
2 hours ago, exile360 said:

You have to have a certain number of posts before it allows editing.  It's part of the anti-spam functionality set up on the forums.  I'm not sure what that number is but one of the admins would know.

No worries though; I knew what you meant to say :) 

Oh I see. 88 posts is not enough apparantly... bit weird. Anyways, thanks.

Share this post


Link to post
Share on other sites

Yeah, unfortunately it's probably set pretty high due to the spam bots that attempt to flood the forums with numerous duplicate posts that they create in a very short amount of time (likely to attempt to counteract efforts to delete them, but thankfully we have a "flag" function to disable/ban such accounts that deletes all their posts at once, however the admins have been making great strides to attempt to block the spammers in more proactive ways which has actually helped a LOT as we don't see nearly as many succeed in getting in and posting their junk on the forums as we used to and these restrictions on editing are a part of those efforts).

Edited by exile360

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.