Jump to content
Manaphy0220

War Thunder Launcher flagged as Trojan

Recommended Posts

Hello,

Malwarebytes has flagged war thunder launcher as trojan when I openned the launcher. Is this a false positive or is there a problem? Scan made after that notification didn't find anything.

There is a screen (sry, it is in Polish)

war thunder.png

Share this post


Link to post
Share on other sites
Posted (edited)

 

@Manaphy0220I will have your post moved to the correct section by an Admin.

In the meantime sip and attach the game file and a log with the detection to this post.

Edited by Porthos

Share this post


Link to post
Share on other sites

Hello,

I was able to download the file from the virustotal site. I think it will be too big to attach here. You can zip/attach the log as requested though please.

It looks to be a false positive by the engines on Virustotal. Some antivirus flag on packers that are often used by malware creators. We'll take a closer look though to be sure.

Share this post


Link to post
Share on other sites
1 hour ago, Manaphy0220 said:

How can I find that log file?

 

2020-05-26_08h08_01.png

Share this post


Link to post
Share on other sites

I'm getting the same issue with War Thunder launcher. Last WT update sent Malwarebytes crazy. It was blocking IP addresses continuously during the update, the notification window for Malwarebytes wouldn't stop popping up. I've noticed it doesn't affect playing the game.

There would have to be a couple of dozen notifications as a result, because of my dodgy internet speed, it took about 6 hours to do the last WT update, & Malwarebytes was detecting "trojans" etc the whole time. I think I need to turn off "Real Time Protection" during future War Thunder updates. Seems the easiest workaround. I suspect false positives and very annoying.

Anyway other suggestions to prevent this from happening in future?

Share this post


Link to post
Share on other sites

Also, is there anyway you can export a log file so that it automatically saves the file with the IP address included in the filename?

Or even a date / time stamp would be good.

Cheers.

Share this post


Link to post
Share on other sites
3 hours ago, Manaphy0220 said:

I'm not sure* sorry for that 0_0

Look at post #5. I placed a red box around what you need to click to get the logs we need.

Share this post


Link to post
Share on other sites
Posted (edited)
On 5/26/2020 at 11:10 AM, Manaphy0220 said:

@blender @Porthos

Ok, thanks there it is.

Btw. after MalwareBytes blocking that file I can still run the game. Is this normal?

mb.txt 787 B · 4 downloads

Unblocking this one. Not seeing any relevant threats on it anymore.

Thank you for reporting.

Edited by thisisu

Share this post


Link to post
Share on other sites

Malwarebytes doesn't get along well with some component of War Thunder. I was having horrid stuttering both in game and even after the game was closed as well as Trojan detection during updates. So I shut off web protection and voila, performance issues gone. Plus the War Thunder launcher does have a torrent download feature, it could be that causing issues as well.

Share this post


Link to post
Share on other sites
34 minutes ago, seabasswg said:

Plus the War Thunder launcher does have a torrent download feature, it could be that causing issues as well.

Any program/game that has a torrent feature is likely to cause detection's with the Web Protection in Malwarebytes.

Quote

As for why Malwarebytes blocks Torrent based software, this is because Torrent based software, are what are known as Peer-to-Peer (P2P) applications meaning it connects to many different servers/IP addresses (this is how files are downloaded through Torrent based software) and because of this, sometimes Torrent based software will connect to a server that is also known for hosting malicious content.  This is because servers/IP addresses are often shared by multiple sites, so while what you are downloading through Torrent based software may be perfectly safe, some of the sites hosted on some of the IP addresses that Torrent based software connects to may be malicious.  Such connections are not a threat however, and you may exclude Torrent based software from the Web Protection component in Malwarebytes to stop the blocks from happening without compromising your protection (your web browser and other critical web facing programs will still be fully protected from malicious websites and other malicious content).  To do so, add your Torrent based software.exe to your exclusions using the method described under the Exclude an Application that Connects to the Internet section of this support article.

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.