Jump to content

rubyw.exe for Private Internet Access Detection (IP detection)


Super_Spartan
 Share

Recommended Posts

Hi there,

 

In the past I reported this and it was removed from detection now it's back again....

 

 

This process is related to Private Internet Access VPN nd it keeps popping up as a detection...

 

Virus Total Scan Link: https://www.virustotal.com/en/file/b18d0224cd7de71c0a8b7d2c63e4af60f220015288a3cc3e87d574a5b3763081/analysis/

 

Please help me report this to Malwarebytes to not detect this. Thanks

 

 

Here is the log:

<?xml version="1.0" encoding="UTF-8" ?><logs>   <record severity="debug" LoggingEventType="4" datetime="2015-10-06T02:47:56.206436+04:00" source="Protection" type="Error" username="SYSTEM" systemname="PREDATOR" code="13" last_modified_tag="db1445e4-f55f-4f38-88a1-6d14028feb03" message="IsLicensed"></record>   <record severity="debug" LoggingEventType="2" datetime="2015-10-06T02:47:56.208438+04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PREDATOR" last_modified_tag="ae8a4288-24e6-4e79-ad98-ec7bb6208a4b" result="Stopping" subtype="Malware Protection"></record>   <record severity="debug" LoggingEventType="2" datetime="2015-10-06T02:47:56.209940+04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PREDATOR" last_modified_tag="dc193289-d4e7-47db-bf61-3a17d09fb39a" result="Stopped" subtype="Malware Protection"></record>   <record severity="debug" LoggingEventType="2" datetime="2015-10-06T02:48:00.534689+04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PREDATOR" last_modified_tag="f267ff26-f38f-4a4f-bd8b-2ae4d1a56289" result="Starting" subtype="Malware Protection"></record>   <record severity="debug" LoggingEventType="2" datetime="2015-10-06T02:48:00.535689+04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PREDATOR" last_modified_tag="397dfdfa-3916-46be-9465-b51c2ad644f9" result="Started" subtype="Malware Protection"></record>   <record severity="debug" LoggingEventType="2" datetime="2015-10-06T02:48:00.924959+04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PREDATOR" last_modified_tag="2f95b4d2-8804-42f1-a43c-11bac4929d49" result="Starting" subtype="Malicious Website Protection"></record>   <record severity="debug" LoggingEventType="2" datetime="2015-10-06T02:48:01.047077+04:00" source="Protection" type="Protection" username="SYSTEM" systemname="PREDATOR" last_modified_tag="456281e1-2105-4c13-a6a9-b24df7a8fab9" result="Started" subtype="Malicious Website Protection"></record>   <record severity="debug" process="C:\Users\MATRIX~1\AppData\Local\Temp\ocr9700.tmp\bin\rubyw.exe" LoggingEventType="0" datetime="2015-10-06T02:48:09.487441+04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PREDATOR" last_modified_tag="9d1cef16-7908-44dd-aa72-f71beee815db" subtype="Malicious Website Protection" direction="Outbound" domain="" ip="93.115.84.124" malwaretype="IP" port="50729"></record>   <record severity="debug" process="C:\Users\MATRIX~1\AppData\Local\Temp\ocr9700.tmp\bin\rubyw.exe" LoggingEventType="0" datetime="2015-10-06T02:48:09.515468+04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PREDATOR" last_modified_tag="47c0d41d-1512-4a6b-a869-a49d99967d1a" subtype="Malicious Website Protection" direction="Outbound" domain="" ip="93.115.84.124" malwaretype="IP" port="50729"></record>   <record severity="debug" process="C:\Users\MATRIX~1\AppData\Local\Temp\ocr9700.tmp\bin\rubyw.exe" LoggingEventType="0" datetime="2015-10-06T02:49:12.495213+04:00" source="Protection" type="Detection" username="SYSTEM" systemname="PREDATOR" last_modified_tag="d67e479d-c9ab-4ec8-911d-0b219468b654" subtype="Malicious Website Protection" direction="Outbound" domain="" ip="93.115.84.124" malwaretype="IP" port="50919"></record></logs>

rubyw.zip

Link to post
Share on other sites

  • Staff

Hi,

 

This isn't a file detection, but a Malicious website detection.

"subtype="Malicious Website Protection" direction="Outbound" domain="" ip="93.115.84.124" malwaretype="IP" port="50729">"

The IP you are trying to access through VPN (93.115.84.124) seems to be involved into a lot of malicious activities: https://www.virustotal.com/nl/ip-address/93.115.84.124/information/

So, our detection for blocking that IP seems to be valid and not an FP.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.