Bitmessage

[Friedrich]

Hi guys, I'm new to the forums but have been using Malwarebytes for about 3 years now, been a pro user now for two. Love the software, has helped me a lot in the past.

I have an issue with a program I have been using called, Bitmessage. Here is a link to the wiki program page to anyone that might be unfamiliar: https://bitmessage.org/wiki/Main_Page

Basically Bitmessage is a P2P communication program. However, instead of sharing files, you just share messages, almost exactly like email, but it uses a client rather than a browser.

Bitmessage is very handy as it encrypts all communication, so that if I needed to email someone my credit card number, or passwords, or any personal info., that I did not trust sending over basic unencrypted channels like gmail or yahoo, I could send it in a way that only the recipient can view. It's very simple.

However, since it uses P2P technology, and lets in a lot of incoming and outgoing connections, I regularly get the pop-up from my real-time protection that malwarebytes has blocked a malicious website (either incoming or outgoing) from bitmessage.exe along with the IP address of that site. Now keep in mind, this only happens while I'm running BM. It often happens right after I open the program, and then I will get a pop-up again every once in awhile. Sometimes hours go by without one, sometimes I do not see them again, but usually they will randomly show up over the course of time running.

When I turn off real time protection this stops of course. I assume that mbam is just noting all the strange IP addresses trying to communicate with your computer and marking them as suspicious, as you are communicating on a worldwide network of mass encrypted P2P messaging. Which is now all P2P programs work to my knowledge (although this is the first I am really using myself), but instead of sending files to your peers, your just sending them basic email messages.

Anyway, my question is: Should I be worried about receiving the malicious website blocks from my real-time protection? It only happens every once in a while, and sometimes it's the same IP. Is this something I can just ignore and assume that mbam is just blocking them out of confusion (being safe rather than sorry), or do you think there is a real problem here where I should be really worried about using this software?

I run Windows 7 OS, 64 bit. I use Avast, as well as mbam, and all scans always show up clean. I have never had problems with viruses before, and usually only use software with good reps.

[1PW]

Hello Friedrich and

Before answers can be intelligently provided, please reply with the following:

• Please read the topic Diagnostic Logs and then individually ATTACH the 3 requested logs in your next reply to this thread only.
• The 3 files, from Step 1, to be individually ATTACHED from your desktop are: CheckResults.txt, FRST.txt and Addition.txt. Please do not Zip or Copy and Paste them into a reply. Please do not alter, any FRST categories as they are pre-configured for this forum.

Also please post the MBAM2 Daily Protection Log showing the Malicious Website Blocks you're reporting:

Reference: Malwarebytes Anti-Malware Users Guide - Daily Protection Log

• Please open the Malwarebytes Anti-Malware 2.x (MBAM2) Graphical User Interface (GUI).
• Single left-click History.
• Single left-click Application Logs.
• Left double-click the Protection Log pertaining to the date when the Malicious Website Protection notice(s) were last seen.
• Single left-click Export button, and single left-click the Text file (*.txt) choice from the pull-down menu.
• Type Malicious in the File name: box, then single left-click Desktop, and single left-click the Save button.
• The MBAM2 GUI may now be closed.
• Please Attach the Malicious.txt file, from the Desktop, also to your next reply in this thread.

Thank You.

[exile360]

This issue occurs because Bitmessage is a P2P (Peer-to-Peer) application and applications like these will frequently connect to a wide range of IP addresses which can often include some which might be blocked by Malwarebytes for hosting malicious websites, though of course connecting to these IPs via your peer-to-peer application is perfectly safe.

More information about this can be found here as well as here. Note that excluding the process may not work with the most recent version of Malwarebytes Anti-Malware as there is a known bug which we are currently working on which prevents Web Exclusions from being honored correctly. Hopefully this will be fixed in our next release.

[Friedrich]

This issue occurs because Bitmessage is a P2P (Peer-to-Peer) application and applications like these will frequently connect to a wide range of IP addresses which can often include some which might be blocked by Malwarebytes for hosting malicious websites, though of course connecting to these IPs via your peer-to-peer application is perfectly safe.

More information about this can be found here as well as here. Note that excluding the process may not work with the most recent version of Malwarebytes Anti-Malware as there is a known bug which we are currently working on which prevents Web Exclusions from being honored correctly. Hopefully this will be fixed in our next release.

 

 

Thank you so much Exile360. This is exactly the response I was looking for, to the simple question. Thank you for not asking me to download software and post pages of pointless logs. What a relief! I figured this was the case, but I could not say for sure, and was hoping someone more knowledgeable than myself to come out an impart their wisdom. Excellent!!!!!!

 

Good look, really appreciate it. Cheers.