1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: MBAM does it find Virus or just spyware?

Discussion in 'General Security' started by WW2, Jan 2, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. WW2

    WW2 Thread Starter

    Joined:
    Jun 11, 2010
    Messages:
    19
    Malwarebytes Anti-Malware does it find viruses and rootkits or just spyware?
    Also are quick scans enough or are full scans needed, in any AV-AS tool?
     
  2. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,264
    it will find viruses as well. If you think that you are compromised, you may want to start a thread in the malware section, follow the instructions here and start a new thread in that forum.

    But yes, it will find viruses. That said, in this day and age if you have been compromised it generally will require a trained person to get it totally clean.
     
  3. WW2

    WW2 Thread Starter

    Joined:
    Jun 11, 2010
    Messages:
    19
    Thanks, so far, knock wood, I think the computer is OK I was just wondering about MBAM now I know, thanks.
     
  4. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,264
    de nada. Glad to help.
     
  5. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    If there is a serious infection, like those a rootkit can bring you, we suggest quick scans while working in forums here but at home you can do a full scan at some point. Personally I have not seen a full scan find further malware than a Quick scan....but you have more options doing a full or custom scan, such as checking other drives and things like CDs or USBs.

    MBAM finds ad and spyware and Trojans, it does find and is effective against a lot of the rootkits but of course not all.... much like any antimalware app. Things are getting difficult with the latest infections, and there can be times it is more reliable to wipe a computer and redo it entirely. You have to remember, malware removal is all done after the fact- the infections exist in the wild, and then scanners are updated to detect and deal with the latest.........there is a time lag where users are at the mercy of the infections if they get infected.

    Viruses- MBAM does not scan System Restore points, so you may find "infections" there which have been removed by other apps....and not seen by MBAM. It's not meant to be an all in one tool.

    You absolutely need a separate antivirus application.
     
  6. Snagglegaster

    Snagglegaster Banned

    Joined:
    Sep 12, 2006
    Messages:
    1,906
    Today, traditional "viruses" aren't the major threat. "Malware" is a much better term to cover the current spectrum of threats. I never run a "Quick Scan" on any of my office or home computers because it won't catch everything that a full scan will. A full scan can certainly find issues that a "Quick Scan" can miss. I see it often on infected systems. If Malwarebytes.org had determined that a "Quick Scan" was always sufficient, there wouldn't be a "Full Scan" option. And, yes, I've found lots of nasties on client computers that were overlooked by a "Quick Scan".

    Yes, the scans may be slow, but you should do them when the computer isn't being actively used. You definitely need both a good AV program and an antimalware program or two because they are complementary.
     
  7. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    With respect to only the Malwarebytes Antimalware program, and this question:

    I would like to try to clear something up- I was replying and meant what I posted, in regard to MBAM only.

    In any OTHER antimalware or antivirus program, perhaps a full scan finds further infections.....

    But, for MBAM, we are using the directions that are in line with the people that make MBAM, and here is why:

    http://forums.malwarebytes.org/lofiversion/index.php?t48541.html


    On the main scan window of Malwarebytes appears this message:

    A Full scan will scan all files. A Quick Scan is reccommended in most cases.
     
  8. Snagglegaster

    Snagglegaster Banned

    Joined:
    Sep 12, 2006
    Messages:
    1,906
    No matter what delusions of omniscience the folks at Malwarebytes.org may have, I don't share them. No matter how many times Bruce Harrison may make claims like "MBAM almost never needs to be run in full scan , we designed it that way . Quick will catch 100% of malware that can enter memory 100% of the time ." (from http://forums.malwarebytes.org/index.php?showtopic=8914&st=20&p=43831&#entry43831) that simply isn't true. That wasn't true back in 2008 when Harrison posted this and most similar posts, and it isn't true today.

    On this thread: http://forums.malwarebytes.org/lofiversion/index.php?t48541.html mountaintree16 admits that he isn't on staff with Malwarebtes, and is just repeating the company line. Byteman, do you believe that Malwarebytes Antimalware will catch 100% of malware that can enter memorty 100% of the time? Would you rate Malwarebytes as 100% effective against rootkits?
     
  9. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,264
    no scanner is 100% effective, snaggle......that's been proven time and again. The best advice is not use torrents, don't d/l stuff you can't verify, and basically use common sense.

    I've said it a zillion times; I've been all OVER the internet, and I've yet to be infected. All I use are standard free-ware a/v apps, no malware scanner, and a firewall. Just flat out user common sense will solve 95% of the malware issues out there today.
     
  10. Snagglegaster

    Snagglegaster Banned

    Joined:
    Sep 12, 2006
    Messages:
    1,906
    I agree. However, I wasn't the one who posted links stating that Malwarebytes Antimalware running a Quick Scan was 100% effective, and that there was no reason to run a full scan. I believe that would have been Byteman. So what if he also recommends SuperAntiSpyware in addition to Malwarebytes on another thread.

    First off, there is malware that can detect a removal tool starting (so far as I know, the detection process only checks the name and/or file extension of the removal tool) and can remove itself from active memory while the malware removal tool is running. That's why many removal tools need to be renamed before they are run, or downloaded with a randomly generated name like Gmer's rootkit removal tool, and require an in-depth scan to find all the infected files.

    Consider one of my favorite antimalware tools, the venerable Spybot Search and Destroy. There isn't an option for the scan. No Quick Scan, no Full Scan, just a single option to "Scan for Problems."

    Valis, I remain confused by your position. Do you think a Quickscan with Malwarebytes Antimalware is as effective as a full scan?

    Yes or No?
     
  11. hewee

    hewee

    Joined:
    Oct 26, 2001
    Messages:
    57,791
    Avast found something today that is a first that anything like this has every happen to me or I even heard anything like this.
    At Myway email I login and it starts to load the page and gets to 14% and Avast pops up. You only see the bar at 14% and a blank page. Avast log shows the same link as in the address bar but with .gzip at the end and I had "Treat: JS:Downloader-AKJ [Trj]"
    I think they gzip up your account and it gets unzipped when the page loads. I had one spam that I deleted that cleared this. But had to stop Avast from scanning the web page of stop scanning packers so I could get to my email to delete the spam. The spam did not show it had a attachment so do not know how it was effected but it was.

    So this was all the Avast, Web Shield that did this so I think that is great and it it was any other site I would of said OK stay away but I knew that was not right for the email at myway unless it somehow found something but did not seem right how it found something when I never got ti even get to the site till I seen the log and I know what a .gzip file is so knew it scan the email unpacking.
    ????????? I think is my account number so not posting it. The bold part is not the same so has to be where the page loads or unpacks the .gzip from.
    Link in address bar...
    h??p://webmail.myway.com/?????????/gds/[/url]index_rich.php
    Link Avast log shows...
    h??p://webmail.myway.com/?????????/gds/[/url]btCore.js|>{gzip} -- Severity (High) -- Treat: JS:Downloader-AKJ [Trj]
     
  12. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,264
    Nope. close, but not the same.
     
  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    You have to understand the way MBAM works, which is distinctly different to a "traditional" Antivirus or anti-spyware.
    Mbam on a quick scan basically looks at memory & loading points. If something is detected in either location then it backtracks to the file folder in question & deals with it from there

    In full scan mode, it is more like a traditional AV/AS which scans every file on the computer & might find dormant or inactive malware

    There will be no difference betwen a full scan or quick scan for malware that is currently live & active on the computer
    Any Active malware MUST be either in memory or have an automatic loading point to be able to run ( except for the few that rely on you manually running them by double clicking a file etc)

    MBAM isn't designed to detect & deal with modern rootkits like TDL4 but will sometimes deal with it
    The only tool so far that will detect & fix TDL4 in the majority of cases is Kaspersky TDSSkiller
    Even specific rootkit detectors & MBRcheck tools are being fooled by the current TDL versions out there

    Mbam is woefully inadequate for the traditional file infector type virus and that is where an Anti-virus comes into play. Luckily enough we don't frequently see that type of malware very commonly nowadays. About 95% of all malware & some will say 99% is designed and intened to make money for its creator somehow and they don't want to intentionally damage the computer, just steal your info or credit card or get you to buy something so they get your money somehow

    But because a malware author isn't as scrupulous or worried about damge he won't care if the computer is damaged fixing it or after he has got your money
     
  14. Snagglegaster

    Snagglegaster Banned

    Joined:
    Sep 12, 2006
    Messages:
    1,906
    That may well be the best overview of the current malware situation I've read. Particularly the comments on TDL4, which, as you say, is very hard to kill. About a month ago, I had to do a malware removal for a client who had downloaded the Whitesmoke Translator Toolbar. Now, you can do a search on this product and find all sorts of glowing recommendations, but the most recent reviews on Cnet's download.com site say it's malware.

    Running ComboFix on the infected system detected many nasties, and found rootkit activity which it flagged as TDL3, and requested a reboot to finish the removal. To make a long story short, the rootkit wasn't removed, and running both quick and full scans with MBM and Spybot S&D failed to report any infections. Re-running ComboFix produced the same results; TDL3 was detected, etc.

    Kaspersky's TDSSKiller was able to detect and remove TDSS4, and when I did a followup scan with MBM in full scan mode, it flagged 3 Whitesmoke related issues for removal, but a full 3 pages of changes to network settings, etc. were listed, but not marked for automatic removal. I removed all of the the reported items, then ran Spybot which killed a few more bugs.

    So, while I truly admire MalwarebytesAntimalware, I don't think the product lives up to the hype. You just have to have more stings to your bow.
     
  15. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742

    No, and I never said I did...... and no, MBAM could not possibly be 100% effective against rootkits....look through the rootkit threads in our forums, and you will see that plainly obivious that we check with several tools.

    There is also the problem of those pesky recurring malwares.....fix and fix again. The results of scans by two different apps can be mistaken as finding "new" or non-detected items.

    I also included information about the difference between MBAM's Full and Quick Scans so I don't follow why you posted this....

    I posted this>

    What I said was more in line with what I read about the program's creators and I myself have found to be true...


    What I said, was that a Quick Scan will find the malware that is the problem currently "active" , and MBAM does not bother with the minor leftovers....... We use Quick Scan in forum help but sometimes, do post to do a Full scan, and we certainly do post for people to run Full scans with their antivirus programs, or the online antimalware scanners...my first reply at the end, has that in black and white- so I am at a loss why you took what I posted as my "approach" to fixing malware.

    Snagglegaster, you are twisting my posts to suit yourself- I posted a clearer description of what I knew would be misinterpreted....

    Now, is that or is it not, in line with what we all know and accept as more or less, the correct approach to malware fixing?


    That broadens the information WW2 asked for- after re-reading and actually seeing it for what it was, I felt the need to post that I was replying about MBAM only..... I posted, that here in forums we have infected users run the Quick Scan- and it was meant about MBAM only. You seem to feel I meant it about ALL antimalware scans.....

    In no way, do I consider MBAM the only scanner one needs to run, against a rootkit or any other malware....and I cannot believe you Snagglegaster, would even begin to suggest that. Each thread is handled as what it is or appears to be- if we run ComboFix first, and it finds rootkit activity, well you can;t go back and run another specialized rootkit tool first, can you....

    And, what is this about-
    ? I have for sure, been using many more tools than that.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/972267

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice