Jump to content

Web protection freak out?

LonelyHitman
 Share

Recommended Posts

LonelyHitman

LonelyHitman

Posted
Posted (edited)

Hi so last night i was playing some games I tab out and all of a sudden i am bombarded with alerts for the web protection saying website blocked due to malware or trojan, happened about six times.

checked the alert to see what exactly was causing it and in the advanced tab the file was blank. and only three of the alerts are showing but i know for a fact way more than three alerts happened.

I only had chrome open and these sites up at the time: 

 https://myanimelist.net/  https://vrv.co/  https://www.funimation.com/  https://www.youtube.com/

 

is there any reason why it freaked out like it did? or was it just a glitch?

Thanks - Logan Sampey

Edited by AdvancedSetup
Removed live hyperlinks
Link to post
Share on other sites
  • Staff
Malwarebytes

Malwarebytes

Posted
  • Staff
Posted

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column
    0. UI.png
  7. Click the Gather Logs button
    17. Advanced.png
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    19. System Repair Progress.png
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

Link to post
Share on other sites
exile360

exile360

Posted
Posted (edited)

Greetings,

Was one of the games you were playing Arma 2: DayZ Mod by any chance?  I only ask because one of the references I found to one of the blocked IPs from your logs indicates that someone set up a custom server for that game/mod there a while back.  If that's the case then it's likely that the blocks just came from one or more of the games you were playing when doing their usual thing of looking up open game servers to play on (and it's still pretty likely even if you were playing a different game).  By their nature a lot of online multiplayer games tend to generate web blocks from Malwarebytes on occasion because they will often use peer-to-peer and connect to a multitude of different servers across many hosts/hosting providers, and like any P2P app this makes them prone to sometimes connecting to servers which are used for perfectly benign activities, like hosting a game server for an online multiplayer video game, as well as playing host to someone who operates in the nefarious field of malware development and/or distribution, and since Malwarebytes will often block entire IPs (especially for cases where the bad guys constantly change/rotate the domain names/URLs they use to try and evade detection) and even entire IP blocks/IP ranges (especially for certain hosting providers known to be rather unscrupulous about dealing with abuse reports and having reputations for being 'malware friendly') so Malwarebytes has a tendency of sometimes blocking some of the connections a peer-to-peer application tries to make.

It's generally nothing to worry about, and as long as you're not still seeing the blocks when not doing anything online with your PC and you aren't seeing the same blocks constantly (in this case, the only two I saw were 58.218.66.186 at port 57585 and 188.165.255.150 at port 65430) then you should be fine.  Just keep an eye on things, and if the blocks return, particularly when playing one of the specific games you were playing when the blocks originally occurred, then you can bet that's the likely source of the blocked connections.  As long as it isn't disrupting your gameplay there's no issue, however if it causes a problem then you can exclude your game's executable from the Web Protection in Malwarebytes using the procedure described under the Exclude an Application that Connects to the Internet of this support article and it should no longer block any connections for that application.

As for the reason you saw multiple (i.e. 6) notifications is because of the way that networking in modern Windows version works.  It will generally 'retry' an unsuccessful connection (including one that was unsuccessful because it was blocked by Malwarebytes) twice before giving up, which results in not just 1, but a total of 3 blocked connection attempts for most web blocks that occur, and while they are hidden (like when playing a fullscreen game), the notifications 'stack up' so that they are all displayed immediately, in sequence as they occurred, one after the other as soon as Malwarebytes is able to display them once you've returned to your desktop which is why they showed up when they did as soon as you tabbed out of your game.

I hope this helps, and if you suspect you may be infected or if you just want to make sure for your own peace of mind then please read and follow the instructions in this topic and then create a new topic in our malware removal area by clicking here and one of our malware removal specialists will assist you in checking and clearing your system of any threats as soon as one becomes available.

Please let us know if there is anything else we might assist you with.

Thanks

Edited by exile360
Link to post
Share on other sites
LonelyHitman

LonelyHitman

Posted
  • Author
Posted
5 minutes ago, exile360 said:

Greetings,

Was one of the games you were playing Arma 2: DayZ Mod by any chance?  I only ask because one of the references I found to one of the blocked IPs from your logs indicates that someone set up a custom server for that game/mod there a while back.  If that's the case then it's likely that the blocks just came from one or more of the games you were playing when doing their usual thing of looking up open game servers to play on (and it's still pretty likely even if you were playing a different game).  By their nature a lot of online multiplayer games tend to generate web blocks from Malwarebytes on occasion because they will often use peer-to-peer and connect to a multitude of different servers across many hosts/hosting providers, and like any P2P app this makes them prone to sometimes connecting to servers which are used for perfectly benign activities, like hosting a game server for an online multiplayer video game, as well as playing host to someone who operates in the nefarious field of malware development and/or distribution, and since Malwarebytes will often block entire IPs (especially for cases where the bad guys constantly change/rotate the domain names/URLs they use to try and evade detection) and even entire IP blocks/IP ranges (especially for certain hosting providers known to be rather unscrupulous about dealing with abuse reports and having reputations for being 'malware friendly') so Malwarebytes has a tendency of sometimes blocking some of the connections a peer-to-peer application tries to make.

It's generally nothing to worry about, and as long as you're not still seeing the blocks when not doing anything online with your PC and you aren't seeing the same blocks constantly (in this case, the only two I saw were 58.218.66.186 at port 57585 and 188.165.255.150 at port 65430) then you should be fine.  Just keep an eye on things, and if the blocks return, particularly when playing one of the specific games you were playing when the blocks originally occurred, then you can bet that's the likely source of the blocked connections.  As long as it isn't disrupting your gameplay there's no issue, however if it causes a problem then you can exclude your game's executable from the Web Protection in Malwarebytes using the procedure described under the Exclude an Application that Connects to the Internet of this support article and it should no longer block any connections for that application.

As for the reason you saw multiple (i.e. 6) notifications is because of the way that networking in modern Windows version works.  It will generally 'retry' an unsuccessful connection (including one that was unsuccessful because it was blocked by Malwarebytes) twice before giving up, which results in not just 1, but a total of 3 blocked connection attempts for most web blocks that occur, and while they are hidden (like when playing a fullscreen game), the notifications 'stack up' so that they are all displayed immediately, in sequence as they occurred, one after the other as soon as Malwarebytes is able to display them once you've returned to your desktop which is why they showed up when they did as soon as you tabbed out of your game.

I hope this helps, and if you suspect you may be infected or if you just want to make sure for your own peace of mind then please read and follow the instructions in this topic and then create a new topic in our malware removal area by clicking here and one of our malware removal specialists will assist you in checking and clearing your system of any threats as soon as one becomes available.

Please let us know if there is anything else we might assist you with.

Thanks

Hiya, Thanks for the info! let me give you a run down of what usually causes those blocks that you saw in the log from a while ago, I play on a game called Arma 3 and I play with mods and there's a launcher that I have that's not developed from the arma developers but it is used to catalog servers and mods for others to play on, everytime I open it I get at least two website blocks upon letting it load up. but I had it closed that night not even opened it earlier in the day, could it still be from that?

Link to post
Share on other sites
exile360

exile360

Posted
Posted

It definitely seems likely; the fact that I found one of those exact servers pretty quickly in an online search indicating it was being used for an Arma 2 mod seems like way more than coincidence (I bet the same mod dev created an Arma 3 mod server on the same IP; the post I found on Steam's forums was from way back in 2014 so they've probably moved on to developing for Arma 3 by now).  As for why they happened when you weren't running the game, I can only speculate, but if perhaps Steam or some other launcher app that you use for one of your games is also used for Arma 3, then it's quite possible that it was doing a sort of 'preemptive' lookup to cache likely server lists that you might want to connect to.

I'd say just keep an eye on it, and as long as you see those exact same IPs being blocked each time you play your game, then it's a safe bet that this is the reason for the blocks you saw and it shouldn't be anything to worry about.  Other than that, if the blocks don't occur when playing your game(s), then it might have simply been a case of one or more rotating ads on one of the webpages you had open in the background being blocked because they too will often use shared servers (not to mention the fact that some ads actually are malicious, often containing exploits or other drive-by malware which is something referred to in the cyber-security industry as 'malvertising'; a term you've probably heard before elsewhere on the web).

Link to post
Share on other sites
LonelyHitman

LonelyHitman

Posted
  • Author
Posted

I think it is at least for one of them. on the official launcher for arma i went to the server tabs and got 188.165.255.150 at port 65430 blocked just not the other one but I think it was the backlog you were talking about, my friend wanted me to join by using the official launcher and i had to go into the server listing to join but i guess i joined too quickly for the pop up to occur. so i am going to assume it was indeed arma and not something being opened in the background that i had not noticed, in fact as i am typing i just got another pop up pretty late from having the server list open. thank you so much in calming my anxiety over this!

Link to post
Share on other sites
exile360

exile360

Posted
Posted

Yep, it definitely sounds like it's just coming from the game/launcher doing server lookups (I'm sure they retry/refresh the list periodically as well to keep up to date ping and player stats and server listings so it's likely to happen frequently when the game's loaded, especially when viewing the server list).

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.