Jump to content

ast

Members
  • Posts

    14
  • Joined

  • Last visited

Posts posted by ast

  1. Website blocked due to trojan , Website blocked: warmplace.ru

    i want download music programm "Virtual Ans" from this site. Malwarbytes  blocking this old and often used  music site hosted by Mr. Anton Zolotov 

    Can you please check if there a true trojan on this site, false positive?

     

    thank you

  2. Hello,

    "Malwarebytes" has reported the program "Parkcontrol.exe" and "Uninstall.exe" during a scan and requires a reaction from me. 

    The virus scanner "Malwarebytes" asks if this program should be moved to quarantine or not.

    Program Source https://bitsum.com/parkcontrol/

    I assume that this detection via artificial intelligence is false positive, but can you please check this. 

     

    I am awaiting your instructions on whether or not to instruct Malwarebytes to ignore "Parkcontrol.exe". 

    You never really know, it could be that the AI has actually detected something that shouldn't be.

    Note: I have translated the message of Malwarebytes below from German to English.

    Many thanks in advance for a quick answer

    Best regards from Switzerland: Andres

    ---------------------MB----------- protocol message ---------from-----Malware.AI-------------

    -protocol details-
    Scan date: 03.08.20
    Scan time: 02:39
    Log file: d4481e0a-d521-11ea-87a2-f4939ff855ed.json

    -Software data-
    version: 4.1.2.73
    component version: 1.0.990
    Version of the update package: 1.0.27841
    License: Premium

    -System data-
    Operating system: Windows 10 (Build 19041.388)
    CPU: x64
    File system: NTFS
    User: System

    -Scan Overview-
    Scan type: Threat scan
    Scan started by: Scheduler
    Result: Closed
    Scanned objects: 377804
    Threats detected: 2
    Threats moved to quarantine: 0
    Elapsed time: 3 min, 18 sec

    -Scan Options-
    Memory: Activated
    Start: Activated
    File System: Enabled
    Archives: Activated
    Rootkits: Disabled
    Heuristics: Activated
    PUP: Recognition
    PUM: Recognition

    -Scan-Details-
    Process: 0
    (no malicious elements detected)

    Module: 0
    (no malicious elements detected)

    Registry key: 1
    Malware.AI.1838945012, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ParkControl, No action by user, 1000000, 0, , , , 

    registry value: 0
    (no malicious elements detected)

    Registration data: 0
    (no malicious elements detected)

    Data stream: 0
    (no malicious elements detected)

    Folder: 0
    (no malicious items detected)

    File: 1
    Malware.AI.1838945012, C:\PROGRAM FILES\PARKCONTROL\UNINSTALL.EXE, No action by user, 1000000, 0, 1.0.27841, C438FB7B728DACD46D9C12F4, dds, 00835138

    Physical sector: 0
    (no malicious elements detected)

    WMI: 0
    (no malicious elements detected)


    (end)

     

    Program Folder of ParkControl and Uninstall.jpg

    Bitsum-Parkcontrol-and-Uninstall-False-Positive.txt

  3.  I have repeated messages because the program Portal.exe from UVI contacts Trojan sites by itself. 
    https://www.uvi.net/de/uvi-portal

    The company UVI claims that this contact search of Portal.exe has to do with my PC because other users would not deliver messages. My question now is, could it be my PC that Portal.exe contacts Trojan sites, so it is my own fault? 

    Note: My PC is protected by Malwarebytes and ESET Antivirus. Portal.exe is the only installed program where Malwarebytes alarms. Portal.exe is often open for hours while downloading UVI because the downloaded files are often very large.  The alarm often appears only after a long time and sometimes not at all.

    -------------- New Trojan Message

    -protocol details-
    Date of the protection event: 19.07.20
    Time of the protection event: 11:46
    Log file: c955e960-c9a4-11ea-beba-0a0027000007.json

    -Software data-
    version: 4.1.0.56
    component version: 1.0.979
    Version of the update package: 1.0.27031
    License: Premium

    -System data-
    Operating system: Windows 10 (Build 19041.329)
    CPU: x64
    File system: NTFS
    User: System

    -details of blocked websites-
    Malicious website: 1
    C:\Program Files (x86)\UVI Portal\UVI Portal.exe, Blocked, -1, -1, 0.0.0

    -Website Data-
    Category: Trojans
    Domain: 
    IP address: 200.119.1.19
    port: 53832
    Type: Outgoing
    File: C:\Program Files (x86)\UVI Portal\UVI Portal.exe


    -------------- Last UVI Support Response

    A. S. (UVI Support) 
    Jun 11, 2020, 11:45 AM GMT+2 
    Hi Andres,

    Our team is still investigating the issue but we are unable to reproduce the problem at the moment, 

    Since we have not received any other tickets reporting a similar problem, my guess is that we are facing an isolated case related somehow to your system.

    We do not know what could have triggered these alerts in your antivirus but as mentioned we will continue to investigate and keep you posted as soon as we have new information regarding this problem.

    Have a nice day and feel free to ask if you have any questions.
    All the best from Paris,
    Support Team

    2020-07-19 12_25_20-Malwarebytes-Trojaner-Message.jpg

    2020-07-19 12_40_37-uvi-portal.jpg

    malwarebytes-Trojaner-Message-19-07-2020.txt

  4. On 5/4/2020 at 10:11 AM, Dashke said:

    Thanks a lot for your help, hopefully they will clean it up soon. :)

    Stefan, there is Interesting News about Portal.exe from UVI. 

    The option force "direct download" in Portal.exe is the temporary solution of the problem for myself. But I only got the solution because I was warned by Malwarebytes in time.  This shows once again how important it is to have the right tools installed to protect your computer, in this case Malwarebytes 😘

    There is quoted unmodified statement from my UVI Support (Email).

    Quote

    After verification with our team, I can confirm that this report is caused by the torrent protocol used by default in UVI Portal.

    Basically another Key Suite Bundle Edition owner must have been downloading an infected file from another torrent client while seeding Key Suite Bundle Edition from UVI Portal on his computer, at the same time you were downloading the bundle.

    The report only applies to a specific IP address used by UVI Portal's torrent protocol and there is no need to worry since there is a torrent integrity check for our files once the download is complete, so the installation files can not be infected by a trojan or any other malware in any way.

    Hope this clarifies.

    FYI if you prefer to avoid using UVI Portal's default torrent protocol, you can enable the option Force Direct Download in the application's preferences.

     

  5. Until now I have only received a standard answer. I should release the program Portal.exe in the Virus Scanner. 🤧

    Quote

    "Some antivirus softwares flag our applications and installers as threats by mistake because of the PACE drivers included in the files, sorry for the inconvenience.
    I suggest you whitelist UVI Portal in your antivirus' preferences to avoid this issue."

     
    Currently I am waiting for the answer from the support, I have written that the problem is not Malwarebytes.

  6. Website blocked because Trojan?? activity

    I think this is false positive, can you please show and deblock it

    Many peoples used portal.exe from UVI

    https://www.uvi.net/en/uvi-portal

    messages from your malwarebyte:

    -Protokolldetails-
    Datum des Schutzereignisses: 03.05.20
    Uhrzeit des Schutzereignisses: 08:51
    Protokolldatei: 7e6ddcd6-8d0a-11ea-b1e8-0a0027000006.json

    -Softwaredaten-
    Version: 4.1.0.56
    Komponentenversion: 1.0.875
    Version des Aktualisierungspakets: 1.0.23348
    Lizenz: Premium

    -Systemdaten-
    Betriebssystem: Windows 10 (Build 18362.628)
    CPU: x64
    Dateisystem: NTFS
    Benutzer: System

    -Einzelheiten zu blockierten Websites-
    Bösartige Website: 1
    , C:\Program Files (x86)\UVI Portal\UVI Portal.exe, Blockiert, -1, -1, 0.0.0

    -Website-Daten-
    Kategorie: Trojaner
    Domäne: 
    IP-Adresse: 200.83.209.144
    Port: 34463
    Typ: Ausgehend
    Datei: C:\Program Files (x86)\UVI Portal\UVI Portal.exe

    (end)

  7. after firefox session on a big music plugin page midnight server want not response futher ( Rob Papen Synthesizers )  

    Then i going sleep but leave firefox runing open. Then in the morning malwarebytes wanted restarting my Windows 10 Pro 64bit

    after restart i found this reported:

    Malwarebytes
    www.malwarebytes.com

    -Protokolldetails-
    Datum des Schutzereignisses: 01.04.20
    Uhrzeit des Schutzereignisses: 10:47
    Protokolldatei: 6f0dd51c-73f5-11ea-9042-0a0027000006.json

    -Softwaredaten-
    Version: 4.1.0.56
    Komponentenversion: 1.0.859
    Version des Aktualisierungspakets: 1.0.21722
    Lizenz: Premium

    -Systemdaten-
    Betriebssystem: Windows 10 (Build 18362.628)
    CPU: x64
    Dateisystem: NTFS
    Benutzer: System

    -Einzelheiten zu Ransomware-
    Datei: 1
    Malware.Ransom.Agent.Generic, N:\vonW7-Data-H\Programme\Portable\PortableApps\FirefoxPortable\App\Firefox64\firefox.exe, In Quarantäne, 0, 392685, 0.0.0


    (end)

    What should i do now? 

  8. Just an important remark, since I was able to solve the problem myself:
    
    The automatic installation of the last update (3.3.1) did not work.
    "Unable to start service"
    
    I first had to manually uninstall the program and then reactivate it with my license. 
    Unfortunately, all settings had to be reset.
    
    That's not good behavior.
    I have windows 10 64bit (german settings) pro with latest "fall creators update".
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.