Jump to content
AlexLeadingEdge

ejie.me / Clover Program

Recommended Posts

We have computers running a program called Clover, which turns File Explorer into a tab environment rather than having multiple windows. Malwarebytes has recently added Clover to it's malware list, can we get it removed? I have never seen an ad using Clover and I don't know why it is considered a PUA. It has become a headache because we install it on every machine and we have end-users calling up to ask if they have an infection.

Share this post


Link to post
Share on other sites

IP: 103.245.222.133

Exerpt: "Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 50461, Outbound, C:\Program Files (x86)\Clover\clover.exe"

Hostname: hxxp://ejie.me

 

Website is host to Clover updates, a program that adds tabs to Windows Explorer.

Share this post


Link to post
Share on other sites

Hello,

Thank you for reporting this.

Can you post the log of the file detection as well please?Howto if needed:

Also can you post the link to download source of the Clover program you are referring to?

Thanks! 

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 6/12/2016 5:08 a.m., SYSTEM, MACH14, Protection, Malware Protection, Starting, 
Protection, 6/12/2016 5:08 a.m., SYSTEM, MACH14, Protection, Malware Protection, Started, 
Protection, 6/12/2016 5:08 a.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Starting, 
Protection, 6/12/2016 5:08 a.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Started, 
Update, 6/12/2016 9:09 a.m., SYSTEM, MACH14, Scheduler, IP Database, 2016.12.4.1, 2016.12.5.1, 
Update, 6/12/2016 9:09 a.m., SYSTEM, MACH14, Scheduler, Domain Database, 2016.12.4.3, 2016.12.5.7, 
Update, 6/12/2016 9:09 a.m., SYSTEM, MACH14, Scheduler, Malware Database, 2016.12.5.1, 2016.12.5.14, 
Protection, 6/12/2016 9:09 a.m., SYSTEM, MACH14, Protection, Refresh, Starting, 
Protection, 6/12/2016 9:09 a.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Stopping, 
Protection, 6/12/2016 9:09 a.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Stopped, 
Protection, 6/12/2016 9:10 a.m., SYSTEM, MACH14, Protection, Refresh, Success, 
Protection, 6/12/2016 9:10 a.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Starting, 
Protection, 6/12/2016 9:10 a.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Started, 
Detection, 6/12/2016 10:00 a.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 61755, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Detection, 6/12/2016 10:00 a.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 61755, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Detection, 6/12/2016 10:20 a.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 61932, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Detection, 6/12/2016 10:48 a.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 62419, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Detection, 6/12/2016 11:08 a.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 62566, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Detection, 6/12/2016 11:28 a.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 63230, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Detection, 6/12/2016 11:48 a.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 63344, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Detection, 6/12/2016 12:08 p.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 63576, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Detection, 6/12/2016 12:28 p.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 63739, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Detection, 6/12/2016 12:48 p.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 64315, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Update, 6/12/2016 1:00 p.m., SYSTEM, MACH14, Scheduler, Malware Database, 2016.12.5.14, 2016.12.5.15, 
Protection, 6/12/2016 1:00 p.m., SYSTEM, MACH14, Protection, Refresh, Starting, 
Protection, 6/12/2016 1:00 p.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Stopping, 
Protection, 6/12/2016 1:00 p.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Stopped, 
Protection, 6/12/2016 1:00 p.m., SYSTEM, MACH14, Protection, Refresh, Success, 
Protection, 6/12/2016 1:00 p.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Starting, 
Protection, 6/12/2016 1:00 p.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Started, 
Detection, 6/12/2016 1:28 p.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 64900, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Detection, 6/12/2016 1:28 p.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 64900, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Detection, 6/12/2016 1:48 p.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 65365, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Detection, 6/12/2016 2:08 p.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 50168, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Detection, 6/12/2016 2:28 p.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 50478, Outbound, C:\Program Files (x86)\Clover\clover.exe, 

(end)

Share this post


Link to post
Share on other sites

Hi, 

Malwarebytes is flagging connection to ejie.me as well as clover's (windows tab manager program) request to access hxxp://ejie.me. Is this a false positive? Thanks in advance.

 

Best,

unphazed

Share this post


Link to post
Share on other sites
8 hours ago, Dashke said:

The block is due to PUP.Optional.Softcnapp.

Softcnapp involves ads, yet Clover doesn't have any ads that I know of. I have never seen one at least.

Share this post


Link to post
Share on other sites

Jacob at Malwarebytes just sent me this:

Quote

Currently, the IP address is being flagged as malicious by multiple security vendors including Malwarebytes and is the reason why it is being blocked. You can add the IP address to the ignore list. However, we cannot recommend that as it opens you up for a potential attack. Clover will need to have the malicious flag removed before it is removed from our list.

Is there a website I can go to to see which vendors have done this?

Share this post


Link to post
Share on other sites

Jacob from Malwarebytes said this:

Quote

Here is the the URL for reference https://www.virustotal.com/en/file/b2ce48c126c5c445f19b42302faa27392fa85c6e5d629471d4a4acad3a71a123/analysis/

As of the 3rd Malwarebytes shows it didn't have it flagged but since then there has been multiple database updates and during the updates that IP was blocked because of malicious activity. Just because a vendor shows green doesn't mean that a database hasn't found the issue it just means the last time Virus Total checked it wasn't showing up in a vendors database. Virus Total is a site that researches upload files, websites, etc to see if the upload has been flagged by security vendors as a possible piece of malware. You can put the IP address for the URL you gave me to find other possible issues. 

Looks like the issue has been resolved. There are probably a few machines that are using the old database and just need an update.

Edited by AlexLeadingEdge

Share this post


Link to post
Share on other sites

Sorry for missing this, the block on the site is being removed on the next update.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.