ast Posted May 3, 2020 ID:1378303 Share Posted May 3, 2020 Website blocked because Trojan?? activity I think this is false positive, can you please show and deblock it Many peoples used portal.exe from UVI https://www.uvi.net/en/uvi-portal messages from your malwarebyte: -Protokolldetails- Datum des Schutzereignisses: 03.05.20 Uhrzeit des Schutzereignisses: 08:51 Protokolldatei: 7e6ddcd6-8d0a-11ea-b1e8-0a0027000006.json -Softwaredaten- Version: 4.1.0.56 Komponentenversion: 1.0.875 Version des Aktualisierungspakets: 1.0.23348 Lizenz: Premium -Systemdaten- Betriebssystem: Windows 10 (Build 18362.628) CPU: x64 Dateisystem: NTFS Benutzer: System -Einzelheiten zu blockierten Websites- Bösartige Website: 1 , C:\Program Files (x86)\UVI Portal\UVI Portal.exe, Blockiert, -1, -1, 0.0.0 -Website-Daten- Kategorie: Trojaner Domäne: IP-Adresse: 200.83.209.144Port: 34463 Typ: Ausgehend Datei: C:\Program Files (x86)\UVI Portal\UVI Portal.exe (end) Link to post Share on other sites More sharing options...
Staff Solution Dashke Posted May 3, 2020 Staff Solution ID:1378329 Share Posted May 3, 2020 The IP is connected to the Emotet trojan, this is not a fp. Link to post Share on other sites More sharing options...
ast Posted May 3, 2020 Author ID:1378375 Share Posted May 3, 2020 Thank you very much for the quick answer, I am very glad I asked here first. This is very worrying for me. Therefore I will inform the support of UVI and ask them why their program "Portal.exe" calls an Emotet Trojan page. I will be happy to publish the answer here when it comes. Link to post Share on other sites More sharing options...
Staff Dashke Posted May 4, 2020 Staff ID:1378506 Share Posted May 4, 2020 Thanks a lot for your help, hopefully they will clean it up soon. Link to post Share on other sites More sharing options...
ast Posted May 4, 2020 Author ID:1378573 Share Posted May 4, 2020 Until now I have only received a standard answer. I should release the program Portal.exe in the Virus Scanner. 🤧 Quote "Some antivirus softwares flag our applications and installers as threats by mistake because of the PACE drivers included in the files, sorry for the inconvenience. I suggest you whitelist UVI Portal in your antivirus' preferences to avoid this issue." Currently I am waiting for the answer from the support, I have written that the problem is not Malwarebytes. Link to post Share on other sites More sharing options...
Staff Dashke Posted May 5, 2020 Staff ID:1378850 Share Posted May 5, 2020 Thanks for the information. Unfortunately, the IP is the problem and not the executable file. Link to post Share on other sites More sharing options...
ast Posted May 5, 2020 Author ID:1378866 Share Posted May 5, 2020 @Dashke, IP and Port was called from Portal.exe twice before i has stopped. No other exe on my computer is calling Emotet Addresses. Portal.exe is my problem. malwarebytes-uvi-Portal-website-block.txt malwarebytes-uvi-Portal-website-blocked-secondtime.txt Link to post Share on other sites More sharing options...
ast Posted May 7, 2020 Author ID:1379454 Share Posted May 7, 2020 On 5/4/2020 at 10:11 AM, Dashke said: Thanks a lot for your help, hopefully they will clean it up soon. Stefan, there is Interesting News about Portal.exe from UVI. The option force "direct download" in Portal.exe is the temporary solution of the problem for myself. But I only got the solution because I was warned by Malwarebytes in time. This shows once again how important it is to have the right tools installed to protect your computer, in this case Malwarebytes 😘 There is quoted unmodified statement from my UVI Support (Email). Quote After verification with our team, I can confirm that this report is caused by the torrent protocol used by default in UVI Portal. Basically another Key Suite Bundle Edition owner must have been downloading an infected file from another torrent client while seeding Key Suite Bundle Edition from UVI Portal on his computer, at the same time you were downloading the bundle. The report only applies to a specific IP address used by UVI Portal's torrent protocol and there is no need to worry since there is a torrent integrity check for our files once the download is complete, so the installation files can not be infected by a trojan or any other malware in any way. Hope this clarifies. FYI if you prefer to avoid using UVI Portal's default torrent protocol, you can enable the option Force Direct Download in the application's preferences. Link to post Share on other sites More sharing options...
Staff Dashke Posted May 8, 2020 Staff ID:1379723 Share Posted May 8, 2020 Glad that you are safe! Thanks a lot for the info, hopefully they will not use an infected IP in the future. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now