Jump to content

MBAM Doesn't Detect Malware within a ZIP?


Recommended Posts

I recently ran MBAM v1.46 (database 6110) on a ZIP file containing a slew of utilities from well known freeware programmer Nir Softer (NirSoft.net). Several of his utils are designed to recover lost passwords, and as such are frequently flagged as malware (these are definitely false positives). Anyway, when I ran MBAM on the ZIP file containing these utils, nothing was discovered. However, when I ran it on the extracted files, all sorts of malware warnings appeared.

This discrepancy between the ZIP file and the extracted files surprised me. Shouldn't MBAM be able to detect what it thinks is malware regardless of whether the files are compressed or not? FYI, the ZIP file was not password protected.

If someone wants to test this out on their own, I can post direct links to the files which exhibit this behavior, but I wasn't sure if that was allowed (or even necessary).

Thanks in advance for explaining this strange (to me) behavior.

Link to post
Share on other sites

:welcome:

MBAM doesn't scan inside of archives as they are harmless. That is mostly the job of your antivirus. Nirsoft makes tools in good intension, but within the wrong hands they can do a lot of harm. And such they are listed in the database.:)

Edit: Read this for an explanation on why they are detected.:)

http://forums.malwarebytes.org/index.php?showtopic=75841

Link to post
Share on other sites

0) Thanks for the welcome banner. I've been a longtime user and promoter of MBAM, just haven't had a need to post here before.

1) Also thanks for the link your NirSoft post, it seems we are of like mind on this.

2) In case you didn't know, NirSoft has a "program" called NirLauncher, that combines about 100 of his utils in a single interface, very convenient! See his site for more info.

3) How do you edit an existing post (which I see you did to your post)? I looked for an edit button to correct my spelling of Nir's last name on my initial post, but didn't see a way to do that (hence the follow-up post).

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.