Jump to content

ejie.me / Clover Program


Recommended Posts

We have computers running a program called Clover, which turns File Explorer into a tab environment rather than having multiple windows. Malwarebytes has recently added Clover to it's malware list, can we get it removed? I have never seen an ad using Clover and I don't know why it is considered a PUA. It has become a headache because we install it on every machine and we have end-users calling up to ask if they have an infection.

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 6/12/2016 5:08 a.m., SYSTEM, MACH14, Protection, Malware Protection, Starting, 
Protection, 6/12/2016 5:08 a.m., SYSTEM, MACH14, Protection, Malware Protection, Started, 
Protection, 6/12/2016 5:08 a.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Starting, 
Protection, 6/12/2016 5:08 a.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Started, 
Update, 6/12/2016 9:09 a.m., SYSTEM, MACH14, Scheduler, IP Database, 2016.12.4.1, 2016.12.5.1, 
Update, 6/12/2016 9:09 a.m., SYSTEM, MACH14, Scheduler, Domain Database, 2016.12.4.3, 2016.12.5.7, 
Update, 6/12/2016 9:09 a.m., SYSTEM, MACH14, Scheduler, Malware Database, 2016.12.5.1, 2016.12.5.14, 
Protection, 6/12/2016 9:09 a.m., SYSTEM, MACH14, Protection, Refresh, Starting, 
Protection, 6/12/2016 9:09 a.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Stopping, 
Protection, 6/12/2016 9:09 a.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Stopped, 
Protection, 6/12/2016 9:10 a.m., SYSTEM, MACH14, Protection, Refresh, Success, 
Protection, 6/12/2016 9:10 a.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Starting, 
Protection, 6/12/2016 9:10 a.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Started, 
Detection, 6/12/2016 10:00 a.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 61755, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Detection, 6/12/2016 10:00 a.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 61755, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Detection, 6/12/2016 10:20 a.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 61932, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Detection, 6/12/2016 10:48 a.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 62419, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Detection, 6/12/2016 11:08 a.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 62566, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Detection, 6/12/2016 11:28 a.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 63230, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Detection, 6/12/2016 11:48 a.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 63344, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Detection, 6/12/2016 12:08 p.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 63576, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Detection, 6/12/2016 12:28 p.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 63739, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Detection, 6/12/2016 12:48 p.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 64315, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Update, 6/12/2016 1:00 p.m., SYSTEM, MACH14, Scheduler, Malware Database, 2016.12.5.14, 2016.12.5.15, 
Protection, 6/12/2016 1:00 p.m., SYSTEM, MACH14, Protection, Refresh, Starting, 
Protection, 6/12/2016 1:00 p.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Stopping, 
Protection, 6/12/2016 1:00 p.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Stopped, 
Protection, 6/12/2016 1:00 p.m., SYSTEM, MACH14, Protection, Refresh, Success, 
Protection, 6/12/2016 1:00 p.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Starting, 
Protection, 6/12/2016 1:00 p.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Started, 
Detection, 6/12/2016 1:28 p.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 64900, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Detection, 6/12/2016 1:28 p.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 64900, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Detection, 6/12/2016 1:48 p.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 65365, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Detection, 6/12/2016 2:08 p.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 50168, Outbound, C:\Program Files (x86)\Clover\clover.exe, 
Detection, 6/12/2016 2:28 p.m., SYSTEM, MACH14, Protection, Malicious Website Protection, Domain, 103.245.222.133, ejie.me, 50478, Outbound, C:\Program Files (x86)\Clover\clover.exe, 

(end)

Link to post
Share on other sites

Jacob at Malwarebytes just sent me this:

Quote

Currently, the IP address is being flagged as malicious by multiple security vendors including Malwarebytes and is the reason why it is being blocked. You can add the IP address to the ignore list. However, we cannot recommend that as it opens you up for a potential attack. Clover will need to have the malicious flag removed before it is removed from our list.

Is there a website I can go to to see which vendors have done this?

Link to post
Share on other sites

Jacob from Malwarebytes said this:

Quote

Here is the the URL for reference https://www.virustotal.com/en/file/b2ce48c126c5c445f19b42302faa27392fa85c6e5d629471d4a4acad3a71a123/analysis/

As of the 3rd Malwarebytes shows it didn't have it flagged but since then there has been multiple database updates and during the updates that IP was blocked because of malicious activity. Just because a vendor shows green doesn't mean that a database hasn't found the issue it just means the last time Virus Total checked it wasn't showing up in a vendors database. Virus Total is a site that researches upload files, websites, etc to see if the upload has been flagged by security vendors as a possible piece of malware. You can put the IP address for the URL you gave me to find other possible issues. 

Looks like the issue has been resolved. There are probably a few machines that are using the old database and just need an update.

Edited by AlexLeadingEdge
Link to post
Share on other sites
  • 1 month later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.