Jump to content

X-Plane - RTP detection - Malware.Exploit.Agent.Generic

netguru

By netguru
in Exploit

 Share

Recommended Posts

netguru

netguru

Posted
Posted (edited)

Hello,

Been running X-Plane very successfully for months without any changes, now after a Malwarebytes update it says that X-Plane has an OS exploit.  Nothing has changed in my X-Plane setup since before the Malwarebytes update.   Running the support tool right now to upload the logs.  But since I have many drives and files it is taking a long time on the FRST scan, will upload zip files when done.  Actually you know what, there is a lot of private information in that zip file, I will not upload it.  You show every app I have ever installed, very intrusive.  I prefer at this point not to provide you with that zip file.  I will provide the json file in your advance window in detection history.

Please stop shutting down my X-Plane.  If I exit Malwarebytes, X-Plane runs successfully.  Windows 10 1909 18363.657 x64 - MalwareBytes Premium 4.1.0 - X-Plane 11.41

Terry McPeck

 

667543de-6a56-11ea-b8e5-38baf8829820.zip

Edited by AdvancedSetup
email address removed
Link to post
Share on other sites
Porthos

Porthos

Posted
Posted
5 minutes ago, netguru said:

I will provide the json file in your advance window in detection history.

If you actually export the scan log as test and not the json it could lead us in the correct direction.

As for the logs only authorized people and the OP (you) have access to those logs when attached.

Link to post
Share on other sites
netguru

netguru

Posted
  • Author
Posted

Sorry, very private person, I do not know the authorized people and I am the OP.  The export does not really reveal many more details other than what I specified above.

 

This did not happen before the update to MalwareBytes and X-Plane has not changed.  This is from my over 30 years in IT service a false positive that needs to be corrected.  In fact the TXT file uploaded itself states:

-Exploit Details-
File: 0
(No malicious items detected)

I realize we all have to stay safe, hence forth why I do not feel comfortable exposing as much data as the support tool gathers.

Thanks,

netguru

MalwareBytesExport.txt

Link to post
Share on other sites
netguru

netguru

Posted
  • Author
Posted

Heck for all I know with the amount of files that I would have to go through in the log zip file there maybe passwords and credit card info in those log files.  I do not know that and would have to take the word of an authorized person I do not know?

I know very untrusting person, that's why I have used Malwarebytes for years now.

Thanks,

netguru

Link to post
Share on other sites
Porthos

Porthos

Posted
Posted (edited)

For now, look at this section when adding item to the allow list and see if you can exclude it.

Also please post this text file and your issue in this forum so it can be treated as a FP. https://forums.malwarebytes.com/forum/192-exploit/

 

5 minutes ago, netguru said:

I do not know that and would have to take the word of an authorized person I do not know?

If you can not trust the staff of the company you use the software of I do not know what to say.

2020-03-19_22h51_58.png

Edited by Porthos
Link to post
Share on other sites
Porthos

Porthos

Posted
Posted (edited)

Also I would worry about posting your email on an open forum more that logs that can not be seen or downloaded by everyone.

I will have an admin remove it for you before all the crawlers pick it up and sell it for spam.

Edited by Porthos
Link to post
Share on other sites
netguru

netguru

Posted
  • Author
Posted
20 hours ago, Porthos said:

For now, look at this section when adding item to the allow list and see if you can exclude it.

Also please post this text file and your issue in this forum so it can be treated as a FP. https://forums.malwarebytes.com/forum/192-exploit/

 

If you can not trust the staff of the company you use the software of I do not know what to say.

2020-03-19_22h51_58.png

Hi Porthos,

I had already added the folder to the allow list hoping that would solve the issue but that did not work and your highlight area above shows this even the program keeps shutting down X-Plane automatically:

image.png.1729150eab34ce24fb845f10bf28d22f.png

And perhaps you are right I should reconsider using this software but rather than giving up I had really hoped to have informed the company to a possible error on their side as I know I am not the only user of X-Plane so the company could solve the issue.

But giving anyone including Google as much information I saw in the logs did not settle well with me.

Thanks for the response

netguru

 

Link to post
Share on other sites
netguru

netguru

Posted
  • Author
Posted
20 hours ago, Porthos said:

Also I would worry about posting your email on an open forum more that logs that can not be seen or downloaded by everyone.

I will have an admin remove it for you before all the crawlers pick it up and sell it for spam.

Thank you for that, just got overheating in the moment!

netguru

Link to post
Share on other sites
netguru

netguru

Posted
  • Author
Posted
12 hours ago, LiquidTension said:

Hi @netguru,

Thank you for the report.

Rather than providing the full zip file, please provide the following files instead:

  • C:\ProgramData\Malwarebytes\MBAMService\logs\MBAMService.log
  • C:\ProgramData\Malwarebytes\MBAMService\logs\mbae-default.log


We can continue investigating this issue once the two files above are provided.

Hello LiquidTension,

I guess I am going to have to take a leap of faith on this one.  I will give you those files for analysis on good faith.

Thanks for taking a look at this!

netguru

MBAMSERVICE.LOG mbae-default.log

Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Thank you for the files.

We've tried to reproduce this block but have so far been unsuccessful. Could you provide more information on what you are doing that triggers the block? Does it occur as soon as you launch the program or only after a specific set of actions? Does the block consistently occur each time you use the program?

Link to post
Share on other sites
netguru

netguru

Posted
  • Author
Posted

Hi LiquidTension,

Okay. so I have done some steps recorders in Windows 10 but not sure how much they are going to help.

But, first to answer your question, I have two installs of X-Plane, one release and one Beta.  This happens on both versions whereas before the last update to Malwarebytes it did not happen.  As soon as I launch the programs from the icons (I have several ways to do it, either from the desktop, from a taskbar group or from TrueLaunchBar), there is a UAC prompt, the program begins to launch by usually showing a black window with the X-System title, then basically ends the program and MalwareBytes pops-up in the right corner with an exploit notification.

Now, to dig a little deeper and trying to record over and over, sometimes X-Plane would get to the loading screen loading one of my add-ins named FSTrampXP.xpl (I have had this add-in for the whole time I have had X-Plane 11 and never once did MalwareBytes complain) not really knowing if this is the add-in prompting the MalwareBytes notification since it is generally from what I have seen the very first add-in that loads by default.  Saying all that I cannot stop but think that it might be possible that this is being triggered by one of my many (MANY) add-ins.  But, like I have said this did not trigger until after the last update to Malwarebytes.

The block occurs every single time I run either the stable version or the Beta version of X-Plane 11.  Like I said above though sometimes it gets a little bit further in the loading process but generally not anymore than about 5-10 seconds into the load.  If I quit MalwareBytes or even turn off Exploit protection I obviously can run either version of X-Plane successfully.

I have a feeling what would be coming next to try to narrow this down but that would have to wait until this weekend.

Thanks,

netguru

Steps1.zip Steps2.zip Steps3.zip

Link to post
Share on other sites
netguru

netguru

Posted
  • Author
Posted

I have also not added any add-ins for over six months as I have been doing other simulations and now the Technical Alpha and Alpha of Microsoft Flight Simulator.  Just happened to go back to X-Plane after about two months hiatus because the Alpha of MFS is well... really buggy.

Please let me know if I can provide other information.

Thanks,

netguru

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.