Jump to content

Questions about Malwarebytes Web protection


Recommended Posts

So some background information, ive been using MSE for aslong as ive had this system. Never had a malware/virus problem, I am always concerned about security, so im always careful. I get my games from steam, a reputable and very popular drm platform.

I usually installed mbam in the past for the occasional manual scan but after id remove it. In the last week, ive kept it installed. Ive never attempted to play games when mbam has been installed in the past.

So, firstly, malwarebytes detected a malicious outbound connection with the game mount and blade, it was a f/p and was resolved by the mbam team.

Next, for those not familiar with steam, its developed by Valve. Valve publishes their own games on steam. There is a built in multiplayer game server browser accesible from the steam client. It lists game servers from at least 20 games, not just Valves.

Valves own games use the same server browser within their games. So we have 3 different executables related with the server browser.

1. Steam itsself

2 the games

3 the steam game overlay (it seems to be related with the game process

It appears to me, that when you start either the game, or steam, it will ping/refresh the last opened server browser tab. Remember both the game and client use the same browser system.

Internet

Favourites

History

Lan

Friends

Spectate

In the history tab, there were servers I played years/months ago. When I accessed this tab, mbam gave warnings, of outbound ip connections. If I quit the game it would give warnings straight away, since the it seems to ping the last opened server browser tab. Same for when starting steam.

So if I switched it show lan it stopped. The games I have which use this browser aswell as steam were

Garrys mod

Counter strike source

When I deleted the server history by right clicking and selecting the list, it had stopped altogether. I did this with all the related games.

There were 5 ips, and were confirmed malicious.

Now here come my questions.

1. Do these blocks indicate any malware on my PC? I wouldn't think so my self since ive seen others with this issue:https://forums.malwarebytes.org/index.php?/topic/143679-multiple-issues/

2. I understand the game servers themselves may not be malicious, however other domains on that address may be.

If I didnt have mbam installed and pinged/refreshed these servers, would I be open to infection? Or as people ive asked said it qould require you to connect with the ip in a traditional method e.g a browser google chrome? Rather than a video game client?

Link to post
Share on other sites

  • Root Admin

And you were answered.

 

 

I updated to the latest patch of mbam and cleared the server history.

Is there anyway my pc got infected by pinging bad servers?

And can MysteryFCM explain what was the reason to block those IPs? When I looked up those ips they seemed to be normal game servers.

 

 

 

The IPs in question were blocked due to the presence of everything from fraud to malware. As Steam was just pinging them, you weren't open to any of the malicious content residing on them and can safely ignore them.

 

 

If you're still concerned then I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

Thank you.

Link to post
Share on other sites

Its all fine now, you see steam uses a cloud system for some settings, config and save files, and I was able to remove with a bit of tricky editing of a .vdf file the server history.

Im 99.9% sure theres no infections involved as this ip block happened on another system.(the server history file was downloaded onto the other systems since its saved on the cloud.)

Instead of deleting I was able to edit the history file, and enable cloud, and then the blank file is on the cloud instead of the old one with the all the history).

When I reinstalled steam on my system, it wasnt the the 27kb history file that downloaded but the new 0kb file, and now the warnings have stopped.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.