One of the functions of an ad blocker is to block JavaScript from blacklisted domains. If malware is being spread by malicious JavaScript from one of these domains, then the ad blocker will be protecting you.
E.g., my bank's website brings in JavaScript from several domains. One of these is the main domain of the bank itself and the others are from domains that the bank has, in effect, hired as subcontractors. These "subcontractors" are more likely to be compromised than the bank's domain; but since these subcontractors tend to serve ads, trackers and other forms of crapware, they tend to be on blacklists and will get blocked by ad blockers. Indeed, if I go to my bank's website with NoScript (my primary crap blocker) set to temporarily "allow all," then my secondary security extension (uBlock Origin, which is sort of an ad blocker) will block four of the bank's "subcontractors" because they are known, blacklisted sources of ads, web trackers and crapware.
In summary, ad blockers tend to protect you from notoriously dodgy subcontractors, but probably not from any malicious JavaScript that gets injected into the main domain of the web site.
Ben using http://winhelp2002.mvps.org/hosts.htm (which i slightly edit) for years, thank God. Also Nuke Anything FF ext.