Spido Posted March 22, 2016 ID:1027784 Share Posted March 22, 2016 When I go to the Steam store page, within the application, Malwarebytes gives me a notification that the domain "m77.dnsqa.me" has been blocked. I spoke with Kevin, and we came to the conclusion that the block is a false positive. I will post the protection log where the block is shown at the bottom, and the VirusTotal scan which shows that the file calling for the domain is valid. I am posting this as a website block FP and not a file FP because Malwarebytes didn't actually detect the file as being malicious. Malwarebytes Anti-Malware www.malwarebytes.org Update, 3/22/2016 9:43 AM, SYSTEM, SPUDBOX2000, Scheduler, Failed, Unable to access update server, Update, 3/22/2016 10:15 AM, SYSTEM, SPUDBOX2000, Scheduler, Failed, Unable to access update server, Scan, 3/22/2016 10:18 AM, SYSTEM, SPUDBOX2000, Context, Start:3/22/2016 9:43 AM, Duration:34 min 40 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Update, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Scheduler, Domain Database, 2016.3.21.11, 2016.3.22.4, Update, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Scheduler, Malware Database, 2016.3.21.6, 2016.3.22.7, Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Refresh, Starting, Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopping, Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopped, Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Refresh, Success, Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Starting, Protection, 3/22/2016 10:45 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Started, Update, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Scheduler, Domain Database, 2016.3.22.4, 2016.3.22.5, Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Refresh, Starting, Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopping, Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Stopped, Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Refresh, Success, Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Starting, Protection, 3/22/2016 10:48 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Started, Protection, 3/22/2016 11:01 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Starting, Protection, 3/22/2016 11:01 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Started, Protection, 3/22/2016 11:01 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Starting, Protection, 3/22/2016 11:01 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Started, Scan, 3/22/2016 11:12 AM, SYSTEM, SPUDBOX2000, Manual, Start:3/22/2016 11:05 AM, Duration:7 min 50 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Protection, 3/22/2016 11:19 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Stopping, Protection, 3/22/2016 11:19 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Stopped, Protection, 3/22/2016 11:25 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Starting, Protection, 3/22/2016 11:25 AM, SYSTEM, SPUDBOX2000, Protection, Malware Protection, Started, Detection, 3/22/2016 11:32 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49514, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 11:32 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49514, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 11:32 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49515, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 11:39 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49576, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, Detection, 3/22/2016 11:40 AM, SYSTEM, SPUDBOX2000, Protection, Malicious Website Protection, Domain, 82.163.143.39, m77.dnsqa.me, 49611, Outbound, C:\Program Files (x86)\Steam\bin\steamwebhelper.exe, (end) SHA256: 9beef4212db81701212c2398e88403dec3f63a1173bf9b617388e5c6a918e7df File name: steamwebhelper.exe Detection ratio: 0 / 56 Analysis date: 2016-03-22 20:21:32 UTC ( 0 minutes ago ) 0 0 Probably harmless! There are strong indicators suggesting that this file is safe to use. Analysis File detail Relationships Additional information Comments Votes Antivirus Result Update ALYac 20160322 AVG 20160322 AVware 20160322 Ad-Aware 20160322 AegisLab 20160322 Agnitum 20160316 AhnLab-V3 20160322 Alibaba 20160322 Antiy-AVL 20160322 Arcabit 20160322 Avast 20160322 Avira (no cloud) 20160322 Baidu 20160322 Baidu-International 20160322 BitDefender 20160322 Bkav 20160322 ByteHero 20160322 CAT-QuickHeal 20160322 CMC 20160322 ClamAV 20160319 Comodo 20160322 Cyren 20160322 DrWeb 20160322 ESET-NOD32 20160322 Emsisoft 20160322 F-Prot 20160322 F-Secure 20160322 Fortinet 20160322 GData 20160322 Ikarus 20160322 Jiangmin 20160322 K7AntiVirus 20160322 K7GW 20160322 Kaspersky 20160322 Malwarebytes 20160322 McAfee 20160322 McAfee-GW-Edition 20160322 eScan 20160322 Microsoft 20160322 NANO-Antivirus 20160322 Panda 20160322 Qihoo-360 20160322 Rising 20160322 SUPERAntiSpyware 20160322 Sophos 20160322 Symantec 20160322 Tencent 20160322 TheHacker 20160321 TrendMicro 20160322 TrendMicro-HouseCall 20160322 VBA32 20160322 VIPRE 20160322 ViRobot 20160322 Zillya 20160322 Zoner 20160322 nProtect 20160322 There were green check marks filling in the middle column that just don't copy over. Link to post Share on other sites More sharing options...
Spido Posted March 22, 2016 Author ID:1027788 Share Posted March 22, 2016 Actually, my original issue may not be completely resolved it looks like, so I could be wrong about this post. Link to post Share on other sites More sharing options...
MysteryFCM Posted March 23, 2016 ID:1027792 Share Posted March 23, 2016 This is not an F/P (dnsqa.me is operated by CloudGuard (aka DNSGuard, amongst other names) and is part of a DNS hijack). Link to post Share on other sites More sharing options...
Recommended Posts