Jump to content

Programs being flagged as Malvertising


AyanamiRei0
Go to solution Solved by Dashke,

Recommended Posts

Hello there, since earlier today some weird things have been happening with MBAM Premium like when I open a program it tells me website blocked due to malvertising so I'm like huh that doesn't seem right so I checked the notifications and it was for smartscreen.exe and just before I started writing this it popped up for RCT3Plus.exe as well here's some logs of the events.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 9/9/18
Protection Event Time: 1:13 AM
Log File: 20636ae0-b3c5-11e8-971a-b01041fa501a.json

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.441
Update Package Version: 1.0.6721
License: Premium

-System Information-
OS: Windows 10 (Build 17134.228)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Malvertising
Domain: canonicalizer.ucsuri.tcs
IP Address: 92.242.132.24
Port: [63783]
Type: Outbound
File: C:\WINDOWS\System32\smartscreen.exe

(end)

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 9/9/18
Protection Event Time: 1:37 AM
Log File: 85a067ac-b3c8-11e8-9fce-b01041fa501a.json

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.441
Update Package Version: 1.0.6721
License: Premium

-System Information-
OS: Windows 10 (Build 17134.228)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Malvertising
Domain: locate.madserver.net
IP Address: 92.242.132.24
Port: [64002]
Type: Outbound
File: G:\Steam\steamapps\common\Rollercoaster Tycoon 3 Gold\RCT3plus.exe

I do apologize if this is in the wrong place.

 

Thanks.

Link to post
Share on other sites

I'm glad to see this topic's come up, I thought I was going mad!

I've done a minor amount of digging on this, and found that the following things trigger it (at least on my end, could be different for others):

* Opening Cortana and trying to use the Search function.

* Opening my browser, which in this case is Firefox.

* Opening and searching via the File Browser. This has only happened once or twice

* I restarted the laptop having this issue, and the first thing I was greeted with before anything even had chance to launch was the warning. I haven't yet fired it up this morning but I suspect it will do the same.

It could have other triggers that I'm yet to find, but they seem to be the main ones for me at least.

These things don't trigger the alert every time the respective programs are opened, which I find a bit strange - it just seems to be the odd time they are opened. I'm also only getting the Canonicalizer 'website' link, not the other one that the original poster has also got. I fired up an older laptop this morning (the one I'm currently using to post this from) and attempted to connect to this Canonicalizer 'website', to get hit by a 'webpage does not exist' webpage from my internet provider. I decided to do the same for the original poster's 'locate.madserver.net' link, and was again hit by a 'webpage does not exist.'

What I also find a bit strange about this (although could just be me...) is that sometimes, when opening the malvertising alert there is no file associated with it, and on the others it is always 'SmartScreen.exe.' I'm wondering if anyone else has had the 'no file' issue?

I hope the above helps in trying to identify what's causing this issue. I suspect (and hope!) it's a false positive, as I ran AdwCleaner scans alongside multiple threat scans last night - none of which detected anything. I'll run them again this morning but I'm doubtful it'll pick anything up.

Link to post
Share on other sites

Update from my post before (I'm not seeing an edit button unless I'm dense, I haven't been awake long...might need my morning drink...):

* The issue first came up for me at 10:55PM UK Time last night, which would place that approximately 10 hours before my post. Just in case that helps a staff member identify where something may have happened? (Assuming it's false positive, I mean.) Has anyone had an instance of this happening before approx. 10 hours ago?

* Two warnings when switching on my main laptop. Just for the simple act of logging in. Same website, Canonicalizer. And once again, no file at the end of the website blocked notification.

Link to post
Share on other sites

I started to get the issues at 8am this morning, they've mostly included the file but a couple have had the file part be completely blank.

I restarted my PC and also got the warning as soon as I'd logged in, and the only program I have at start-up is Twitch. I've never had an issue with it and I doubt it's got anything to do with the issue but including it just in case.

Link to post
Share on other sites

8 minutes ago, Dashke said:

Thanks everyone! The update is out -

MBAM2 Version: v2018.09.09.04
MBAM3 Version: 1.0.6729

Please try to update and let us know if that helps. :)

Hi,

My version is 1.0.6729, restarted my system and no warning. Spam opened Cortana and all of my usual triggers, and no warnings so far! Looks like it's fixed up!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.