Jump to content

Search the Community

Showing results for tags 'minecraft'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






Found 8 results

  1. This is a repost from this thread coming from a different board as suggested. --- Hello, Malwarebytes forum! Would like to report the existence of malware, of files coming out of the following URL: https://planetlemoncraft.com/ The website Planet Lemoncraft has been known for a long time for providing alternate download links for modifications for the game popular game Minecraft, which is hosted by themselves. Unfortunately for me, I was negligent in my vigilance this time and I downloaded one of the files from their server, called "Minecraft Forge", which is supposed to be an open source API for modders. Of course, the file that gets downloaded is not the actual "Minecraft Forge" as I soon discovered that the mod I'm looking for is hosted ONLY on the developers' official website ... but alas. It directed me to a site whereupon I got a "personalized" .msi file that is supposed to install the program. By personalized, I mean that no two downloaded files are alike. For instance, the attached file is called "minecraftforge_38876.msi", while when I downloaded one, it was called "minecraftforge_xxxxx.msi", with 'x' being any random number. It is worth noting that the actual Minecraft Forge installer does not come in an .msi file, but a .jar executable. I foolishly ran the file and went ahead with the installation. Upon completion, I got a Shortcut in my downloads folder called "MinecraftForge.lnk". Opening this takes me to a website whereupon another .msi is asked to be downloaded. At this point is when I stopped (or I was foolish enough to download it as well), when I got suspicious and looked at the new .msi file's certificates, which is certified for a "GanyMobile SAS" (or something like that) which should make it clear that it was malware. I immediately returned to my Downloads folder to purge all the files, but when I opened the folder, I see that the original .msi file has deleted itself upon running. I confirmed this by downloading another file from the same link (ridiculous, I know), which provided another personalized file, and when running the installer it automatically deletes itself (of course I didn't run the installer fully this time, I only opened it once to confirm that it auto-deletes itself upon running). Most troubling of all this is that Malwarebytes did not react to anything at all. I scanned the second downloaded file multiple times, as well as this one in the attachment, and I've gotten negative results. I even ran SpyHunter (suggested by a thread that suffered from this same issue) and found 0 results as well... I've had a manual look through %AppsData%, Program Files, and Common Files, and couldn't find anything that seems out of place. Perhaps I was lucky that I didn't get one that's packed with trojans, or there's an undetected trojan/keylogger sitting in my computer that will f**k my PC up for my carelessness. Please do have a look at the file attached as well as the downloadable .msi from the first link provided at the start of my post. I am aware that I am posting have posted this thread on the Newest Malware Threats board instead of the Newest IP or URL Threats. My current concern is with the status of my PC and whether it's currently susceptible to malicious activity or not, since I ran the suspected software. If I have indeed miscategorized the thread, then I apologize and I humbly request that this thread be moved to the other board instead of being deleted. Please do let me know how to proceed. Terribly anxious about the consequences of my error. I'm still hoping that it was a shortcut launcher and nothing worse... Thank you! -CrimsonSymphony (Attachments details can be found in the next page) The files attached are: FRST.txt Addition.txt minecraftforge_38876.rar - contains an .msi file similar to the one I downloaded minecraftforge.exe.rar - A .rar file containing the .lnk shortcut that was made upon the .msi file's completion (not 38876! do recall that the .msi auto-delete upon running) Screenshots 01 to 08 - Screenshots to help illustrate the description above. I did not take screenshots of the .msi file as I did not want to run it a third time. However, screenshots uploaded by others (for similar files downloaded from the same website) can be found in the Reddit links below. --- Please find results from the online virus scanners as suggested by the stickied thread of this board: VirusTotal - https://www.virustotal.com/gui/file/3da1a0b6a681f4d61cefd8f3a4806bf46336b053d19698e5eb86668dfb9663f8/detection Jotti - https://virusscan.jotti.org/en-US/filescanjob/ntknys4e8n VirSCAN - https://r.virscan.org/language/en/report/b75fc47a3b95ccb2fe212f25d6b0f498 --- A Reddit user u/Chengers had a look into this issue for a similar program (also for Minecraft) called Optifine, which is also "downloadable" from the deceiving URL mentioned earlier. He has written two in-depth posts about this which may come in useful for you guys: A dive into the fake Optifine variant "Planet Lemon Craft" and an analysis/write-up of what it actually does. - https://www.reddit.com/r/Optifine/comments/eo1hq5/a_dive_into_the_fake_optifine_variant_planet/ Hello all, The "Lemon Optifine" fake optifine exe has changed what it installs. I have just logged it with procmon and I need community help to filter through the ~13000 lines of logs to possibly make a .bat cure. - https://www.reddit.com/r/Optifine/comments/fus7vb/hello_all_the_lemon_optifine_fake_optifine_exe/ FRST.txt Addition.txt minecraftforge_38876.rar minecraftforge.exe.rar
  2. I downloaded a minecraft modpack that someone made a few months ago then randomly it send something to all my discord friends it sent this "lol i found a clean remix crack. use noverify http://www.mediafire.com/file/dgb9legpnunk8za/Remix.zip/file" I told one person I trust and they recommended a factory reset, I would much rather not do that because backing up files is a pain and I have a lot of important files I think this may be a rat on my pc but I don't have a lot of experience with them so i'm not too sure about that I ran the file it sent to everyone and it has 0 viruses on virustotal I am currently running a malwarebytes scan and I will post the results Thanks! Scuba
  3. The Minecraft launcher and shortcut files are classified as malware by malwarebytes. I am suspicious that this is a false positive as the file has not been updated, and has not been detected in the past. See logs below: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/19/20 Scan Time: 9:30 PM Log File: 66bfd7f6-e20f-11ea-a916-6c2b5977f5e7.json -Software Information- Version: Components Version: 1.0.1003 Update Package Version: 1.0.28715 License: Premium -System Information- OS: Windows 10 (Build 18362.959) CPU: x64 File System: NTFS User: DESKTOP-DDCQ9ST\maxt8 -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 364934 Threats Detected: 3 Threats Quarantined: 0 Time Elapsed: 6 min, 37 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 3 Malware.AI.4289595226, C:\DOCUMENTS AND SETTINGS\PUBLIC\Desktop\Minecraft Launcher.lnk, No Action By User, 1000000, 0, , , , , A26E109E175AE246660A946EB03C179B, 603F2B35D6A97520727CAAD0EB390C7DE6A122A430F9B36B1A69010D117BEBCD Malware.AI.4289595226, C:\USERS\PUBLIC\Desktop\Minecraft Launcher.lnk, No Action By User, 1000000, 0, , , , , A26E109E175AE246660A946EB03C179B, 603F2B35D6A97520727CAAD0EB390C7DE6A122A430F9B36B1A69010D117BEBCD Malware.AI.4289595226, C:\PROGRAM FILES (X86)\MINECRAFT LAUNCHER\MINECRAFTLAUNCHER.EXE, No Action By User, 1000000, 0, 1.0.28715, 6FDC65347CCD00E2FFAE075A, dds, 00858853, 49DEDAE3837705AB9AE041B00914DBA5, D9CDCF6FAE6BD3DDC5C8A61B4453A75F5516B71E518EE3E410FA8DF591940E70 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  4. FRST.txtAddition.txt My daughter downloaded this Minecraft texture pack: https://www.planetminecraft.com/texture_pack/kawaii-world-3365736/ My default browser was then changed from Chrome to Microsoft Internet Explorer. I was signed out of Chrome and syncing was disabled. It also changed my default search engine to yahoo. I'm a Malwarebytes Premium subscriber and used it to remove over 140 threats but around 10 keep returning after I restart. The icon for Internet Explorer keeps getting pinned to my taskbar after every restart even though I delete it and Chrome won't restore my last pages automatically anymore. I don't know what else to do and would appreciate anyone's help on this. I have attached the Malwarebytes Threat Scan Log and the two files after running Farbar. Malwarebytes Threat Scan log.txt
  5. ***** [ Folders ] ***** PUP.Optional.AdvancedSystemCare, C:\ProgramData\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\ProgramData\Application Data\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Users\All Users\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Users\Jacki\AppData\LocalLow\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Users\Jacki\AppData\Roaming\IObit\Advanced SystemCare PUP.Optional.Legacy, C:\ProgramData\IObit\ASCDownloader PUP.Optional.Legacy, C:\ProgramData\Application Data\IObit\ASCDownloader PUP.Optional.Legacy, C:\Users\All Users\IObit\ASCDownloader PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare ***** [ Files ] ***** PUP.Optional.Legacy, C:\Users\Jacki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 10.lnk PUP.Optional.Legacy, C:\Users\Public\Desktop\Advanced SystemCare 10.lnk PUP.Optional.Legacy, C:\Users\Public\Desktop\Smart Defrag 5.lnk PUP.Adware.Heuristic, C:\Users\Jacki\AppData\forge-1.11- PUP.Adware.Heuristic, C:\Users\Jacki\AppData\forge-1.11- ***** [ Tasks ] ***** PUP.Optional.Legacy, ASC10_PerformanceMonitor PUP.Optional.Legacy, Driver Booster Scheduler PUP.Adware.Heuristic, forge-1.11- PUP.Adware.Heuristic, ASC10_SkipUac_Jacki ***** [ Registry ] ***** PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IOBIT\ASC PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
  6. Hosting a java based Minecraft server from my computer. Internal IP address works fine for accessing. Cannot use Dyndns (duckdns.org) IP, nor direct IP to connect to the server with Malwarebytes web protection turned on. It does pop up notices that it blocked a "Java malicious inbound socket detected". BUT, where this SHOULD popup in the exclusions tab for a "previously detected threat", there is nothing listed, so I can't just add an exclusion.I did do a web exclude for website (duckdns.org), and it worked for about 4-5 hours. Then, it blocked access again by itself later on. (EDIT: This now seems to be working after a modem/router reset, but still would be much easier to have a spot to add in specific ports for programs (and all programs aren't .EXE !!)). Not sure why DuckDns.org itself is considered a blocked domain - yes, I could see some subdomains (i.e.: <YourSite>.duckdns.org) being blocked b/c they are setup from infected users, but the main domain url is useful. Also, another issue - the notification popup is situated to the bottom right of my screen - BUT I cannot move the notice - and can't see half of it, or the bottom half. Being a Malwarebytes user for years, I used to remember having options available on the bottom of those notifications, but since I cannot see them, nor move them - it's about useless - why force the notifications to a specific spot and not be able to move them?! Very irritating. They don't show up on the task manager bar, nor in the alt-tab menu where I could highlight the window, right click it and select move, and move them like I can other windows that do the same.
  7. Hey, I just figured I'd do a scan since it'd been a while, an,d it really freaked me out when it detected 1187 trojans in my recycle bin, haha. I did some lurking through the recycle bin and determined that the only thing in there with so many files would be one of the Minecraft "world" folders I had in there. I deleted them from the recycle bin and ran the scan again, nothing found this time. Just to be sure I figured I'd scan a copy of the folder I had outside the recycle bin, but it got back clean. I then removed the folder(back into the recycle bin), did another scan, and it got back with 573 "Trojan.Siredef.C". I would think this is a false positive, at least I hope so. Scan log: http://pastebin.com/2aL7SeLv I would attach the world folder but it's too large(57mb), so I'll put it into my website, and give you a direct link(Hope its ok). The folder in the zip has to be in the recycle bin for it to be detected by the scanner. Link: removed for the OP's request Please tell me if you need me to upload the file somewhere else instead. Thank you.
  8. Hi there, I am in a public library with a gaming computer. We have Minecraft on the computer and allow patrons to play, but only in offline mode (no Internet access on the computer). Playing in offline mode requires me to log in to Minecraft while connected to the internet, and then disconnect from the Internet (disable wireless card in the PC). Once I do this, every time Minecraft is launched, the profile name is shown, and the player has the option to click "PLAY OFFLINE", but they also have the option to LOG OUT. If they log out, I have to go through the setup process all over again and this often happens when I am not here, so the game becomes unavailable until I return. I need a way to launch Minecraft offline automatically, without the launcher showing up, as if it's automatically logging in to offline mode. I found a potential solution on the Minecraft Forum, but I am wary of it. The member of the forum who posted this solution, a Java (?) application, seems to be brand new to the forum and has only posted about the application. Here is a link to their profile (but you must have a minecraft forum account to view): http://www.minecraftforum.net/user/3045279-mc-offline/]I have screen shots saved in a word document, but cannot upload word documents, it seems. If you click on topics on the left navigation bar, you will see they have only posted about this application, and all posts mention different versions of the application. Also, here is the link to download the application (taken from the Minecraft forum post): http://www.mediafire.com/download/3ukkyd1l7k8p4ci/mcoffline-05.zip I did download the application and scanned it with Microsoft Forefront Endpoint and found no problems. Is there anyone who can test this application to verify it's validity? Thanks, Jill
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.