Jump to content

War Thunder Launcher flagged as Trojan


Recommended Posts

Hello,

Malwarebytes has flagged war thunder launcher as trojan when I openned the launcher. Is this a false positive or is there a problem? Scan made after that notification didn't find anything.

There is a screen (sry, it is in Polish)

war thunder.png

Link to post
Share on other sites
Posted (edited)

 

@Manaphy0220I will have your post moved to the correct section by an Admin.

In the meantime sip and attach the game file and a log with the detection to this post.

Edited by Porthos
Link to post
Share on other sites

Hello,

I was able to download the file from the virustotal site. I think it will be too big to attach here. You can zip/attach the log as requested though please.

It looks to be a false positive by the engines on Virustotal. Some antivirus flag on packers that are often used by malware creators. We'll take a closer look though to be sure.

Link to post
Share on other sites

I'm getting the same issue with War Thunder launcher. Last WT update sent Malwarebytes crazy. It was blocking IP addresses continuously during the update, the notification window for Malwarebytes wouldn't stop popping up. I've noticed it doesn't affect playing the game.

There would have to be a couple of dozen notifications as a result, because of my dodgy internet speed, it took about 6 hours to do the last WT update, & Malwarebytes was detecting "trojans" etc the whole time. I think I need to turn off "Real Time Protection" during future War Thunder updates. Seems the easiest workaround. I suspect false positives and very annoying.

Anyway other suggestions to prevent this from happening in future?

Link to post
Share on other sites

Also, is there anyway you can export a log file so that it automatically saves the file with the IP address included in the filename?

Or even a date / time stamp would be good.

Cheers.

Link to post
Share on other sites
3 hours ago, Manaphy0220 said:

I'm not sure* sorry for that 0_0

Look at post #5. I placed a red box around what you need to click to get the logs we need.

Link to post
Share on other sites

Malwarebytes doesn't get along well with some component of War Thunder. I was having horrid stuttering both in game and even after the game was closed as well as Trojan detection during updates. So I shut off web protection and voila, performance issues gone. Plus the War Thunder launcher does have a torrent download feature, it could be that causing issues as well.

Link to post
Share on other sites
34 minutes ago, seabasswg said:

Plus the War Thunder launcher does have a torrent download feature, it could be that causing issues as well.

Any program/game that has a torrent feature is likely to cause detection's with the Web Protection in Malwarebytes.

Quote

As for why Malwarebytes blocks Torrent based software, this is because Torrent based software, are what are known as Peer-to-Peer (P2P) applications meaning it connects to many different servers/IP addresses (this is how files are downloaded through Torrent based software) and because of this, sometimes Torrent based software will connect to a server that is also known for hosting malicious content.  This is because servers/IP addresses are often shared by multiple sites, so while what you are downloading through Torrent based software may be perfectly safe, some of the sites hosted on some of the IP addresses that Torrent based software connects to may be malicious.  Such connections are not a threat however, and you may exclude Torrent based software from the Web Protection component in Malwarebytes to stop the blocks from happening without compromising your protection (your web browser and other critical web facing programs will still be fully protected from malicious websites and other malicious content).  To do so, add your Torrent based software.exe to your exclusions using the method described under the Exclude an Application that Connects to the Internet section of this support article.

 

Link to post
Share on other sites
  • 3 months later...
1 minute ago, ethan06 said:

all of the reports that it gets from war thunder say that nothing was detected, yet it blocks something and I want to know if it's a problem with war thunder or malwarebytes

Are these web blocks? If so post a log and staff will see if it can be unblocked.

As to why see my post above your first post.

Link to post
Share on other sites
1 minute ago, ethan06 said:

I don't know what you mean about web blocks, but this is what it says

That is a web block, Note the block states website blocked due to trojan.

 

Link to post
Share on other sites

Here's a Blocked Website I got from War Thunder Launcher.exe a while ago.

-Log Details-
Protection Event Date: 16/08/2020
Protection Event Time: 20:20
Log File: 1a5cfde2-dfaa-11ea-8402-04d9f588dec1.json

-Software Information-
Version: 4.1.2.73
Components Version: 1.0.1003
Update Package Version: 1.0.28557
Licence: Premium

-System Information-
OS: Windows 10 (Build 19041.450)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Users\.......\AppData\Local\WarThunder\launcher.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Trojan
Domain:
IP Address: 5.187.46.152
Port: 27032
Type: Outbound
File: C:\Users\........\AppData\Local\WarThunder\launcher.exe

(end)

I've also downloaded WT CDK & got several Blocked Websites for WT LocationEditor, WT MissionEditor & WT AssetViewer.

Trojans on all of them apparently but pretty sure false positives.

I can provide more info if needed.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.