Jump to content
AyanamiRei0

ANSWERED Programs being flagged as Malvertising

Recommended Posts

Hello there, since earlier today some weird things have been happening with MBAM Premium like when I open a program it tells me website blocked due to malvertising so I'm like huh that doesn't seem right so I checked the notifications and it was for smartscreen.exe and just before I started writing this it popped up for RCT3Plus.exe as well here's some logs of the events.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 9/9/18
Protection Event Time: 1:13 AM
Log File: 20636ae0-b3c5-11e8-971a-b01041fa501a.json

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.441
Update Package Version: 1.0.6721
License: Premium

-System Information-
OS: Windows 10 (Build 17134.228)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Malvertising
Domain: canonicalizer.ucsuri.tcs
IP Address: 92.242.132.24
Port: [63783]
Type: Outbound
File: C:\WINDOWS\System32\smartscreen.exe

(end)

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 9/9/18
Protection Event Time: 1:37 AM
Log File: 85a067ac-b3c8-11e8-9fce-b01041fa501a.json

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.441
Update Package Version: 1.0.6721
License: Premium

-System Information-
OS: Windows 10 (Build 17134.228)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Malvertising
Domain: locate.madserver.net
IP Address: 92.242.132.24
Port: [64002]
Type: Outbound
File: G:\Steam\steamapps\common\Rollercoaster Tycoon 3 Gold\RCT3plus.exe

I do apologize if this is in the wrong place.

 

Thanks.

Share this post


Link to post
Share on other sites

I'm having the exact same problem and I'm not sure what changes have triggered this. I've run various scans and nothing is being picked up as a threat.

Hopefully somebody will have an answer as it is slightly annoying after a while.

Share this post


Link to post
Share on other sites

I'm glad to see this topic's come up, I thought I was going mad!

I've done a minor amount of digging on this, and found that the following things trigger it (at least on my end, could be different for others):

* Opening Cortana and trying to use the Search function.

* Opening my browser, which in this case is Firefox.

* Opening and searching via the File Browser. This has only happened once or twice

* I restarted the laptop having this issue, and the first thing I was greeted with before anything even had chance to launch was the warning. I haven't yet fired it up this morning but I suspect it will do the same.

It could have other triggers that I'm yet to find, but they seem to be the main ones for me at least.

These things don't trigger the alert every time the respective programs are opened, which I find a bit strange - it just seems to be the odd time they are opened. I'm also only getting the Canonicalizer 'website' link, not the other one that the original poster has also got. I fired up an older laptop this morning (the one I'm currently using to post this from) and attempted to connect to this Canonicalizer 'website', to get hit by a 'webpage does not exist' webpage from my internet provider. I decided to do the same for the original poster's 'locate.madserver.net' link, and was again hit by a 'webpage does not exist.'

What I also find a bit strange about this (although could just be me...) is that sometimes, when opening the malvertising alert there is no file associated with it, and on the others it is always 'SmartScreen.exe.' I'm wondering if anyone else has had the 'no file' issue?

I hope the above helps in trying to identify what's causing this issue. I suspect (and hope!) it's a false positive, as I ran AdwCleaner scans alongside multiple threat scans last night - none of which detected anything. I'll run them again this morning but I'm doubtful it'll pick anything up.

Share this post


Link to post
Share on other sites

I'm running into the same issue too, though mine only state the caconicalizer website. It only started this morning and it's happened 2-3 times already. I've run a scan but there's no issues coming up at all.

Share this post


Link to post
Share on other sites

I have the same issue since yesterday and it affects all browsers that I open and some games now. It says malvertising for everything and it's getting too often now. Don't know if it's a genuine threat or just the software being hectic.

Share this post


Link to post
Share on other sites

Update from my post before (I'm not seeing an edit button unless I'm dense, I haven't been awake long...might need my morning drink...):

* The issue first came up for me at 10:55PM UK Time last night, which would place that approximately 10 hours before my post. Just in case that helps a staff member identify where something may have happened? (Assuming it's false positive, I mean.) Has anyone had an instance of this happening before approx. 10 hours ago?

* Two warnings when switching on my main laptop. Just for the simple act of logging in. Same website, Canonicalizer. And once again, no file at the end of the website blocked notification.

Share this post


Link to post
Share on other sites

I started to get the issues at 8am this morning, they've mostly included the file but a couple have had the file part be completely blank.

I restarted my PC and also got the warning as soon as I'd logged in, and the only program I have at start-up is Twitch. I've never had an issue with it and I doubt it's got anything to do with the issue but including it just in case.

Share this post


Link to post
Share on other sites

Having the same issue myself on two of my machines which use premium, extensive Scan's detect nothing, both machines show malvertising relating to the website canonicalizer.ucsuri.tcs - outbound connection and smartscreen.exe 

Share this post


Link to post
Share on other sites
4 minutes ago, AyanamiRei0 said:

Good to know I wasn't the only one with this weird problem doing scans finds nothing. Same as everyone else.

Just a heads up guys, they seem to be on it - a staff member's replied to the topic linked below. Judging from the response, I would guess it's a false positive.

 

Share this post


Link to post
Share on other sites
27 minutes ago, ALilDashofConfused said:

Just a heads up guys, they seem to be on it - a staff member's replied to the topic linked below. Judging from the response, I would guess it's a false positive.

 

Good spot!  Thanks for the info :)

Share this post


Link to post
Share on other sites

Thanks everyone! The update is out -

MBAM2 Version: v2018.09.09.04
MBAM3 Version: 1.0.6729

Please try to update and let us know if that helps. :)

Share this post


Link to post
Share on other sites
8 minutes ago, Dashke said:

Thanks everyone! The update is out -

MBAM2 Version: v2018.09.09.04
MBAM3 Version: 1.0.6729

Please try to update and let us know if that helps. :)

Hi,

My version is 1.0.6729, restarted my system and no warning. Spam opened Cortana and all of my usual triggers, and no warnings so far! Looks like it's fixed up!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.