Jump to content

War Thunder Launcher flagged as Trojan


Recommended Posts

Just now, Yeet_Yap1 said:

For me war thunder was flagged as a Trojan at first but immediately after I got another notification saying that it is compromised, I downloaded the game from Steam here is the file :

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 11/17/20
Protection Event Time: 4:37 PM
Log File: 2f1fd160-28b0-11eb-8929-dc4a3e5fe4c4.json

-Software Information-
Version: 4.2.3.96
Components Version: 1.0.1104
Update Package Version: 1.0.33014
License: Trial

-System Information-
OS: Windows 10 (Build 18362.959)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Compromised
Domain: 
IP Address: 112.30.110.36
Port: 34186
Type: Outbound
File: C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe

(end)

and here was the Trojan file (I actually got two Trojans, both sent at the same time but here is one of them):

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 11/17/20
Protection Event Time: 4:37 PM
Log File: 2f139e2c-28b0-11eb-8296-dc4a3e5fe4c4.json

-Software Information-
Version: 4.2.3.96
Components Version: 1.0.1104
Update Package Version: 1.0.33014
License: Trial

-System Information-
OS: Windows 10 (Build 18362.959)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Trojan
Domain: 
IP Address: 120.63.157.52
Port: 20668
Type: Outbound
File: C:\Program Files (x86)\Steam\steamapps\common\War Thunder\launcher.exe

(end)

 

(PS: Ever since I got War Thunder, all my games have been glitching out  either by having visual bugs or other stuff but its gone now) Its probably bc I broke my PC screen on the same day I got War Thunder but I just wantedto point that out)

Link to post
Share on other sites
  • Staff

Hello,

VirusTotal detects some potentially malicious files for 112.30.110.36 IP address.

Here is the link to one of those files:

 http://112.30.110.36:54831/Mozi.a 

And here is the VT detection of that file:

https://www.virustotal.com/gui/file/12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef/detection

This file also:

http://112.30.110.36:54831/Mozi.m/

Due to that we wouldn't be able to remove the block from 112.30.110.36.

The other IP address (120.63.157.52) looks clean now and the block will be removed.

Thank you!

 

Link to post
Share on other sites

I got eight (8) potential threats blocked for WT Launcher on Tuesday after the latest update. I seem to get them constantly but the game still works fine, so don't worry about them.

Malwarebytes even quarantined two (2) items "bpreport.exe" & "latest.zip" on 29/10/20 and the game still worked fine.

Seems weird how they include all dodgy files in the updates, but they don't seem to affect the game at all if blocked or quarantined.

Anyway, new WT update looks good with DLSS now. Just a shame all my tanks are made of paper mache....apparently...😁.

Link to post
Share on other sites

@Yeet_Yap1yeah, I used to play on a laptop & it used to struggle with WT, esp. when I found out the HD Drive was damaged. I replace it with a SSD & that helped heaps.

Maybe check to see if your HD is damaged at all (you mentioned you may have damaged it)?

I splurged on a new desktop with RTX 2070S (although now I wish I'd waited for the 3000 series..doh) & it makes the world of difference having a decent graphics card & memory etc.

Hopefully see you on the battlefield.

Cheers.

Link to post
Share on other sites
  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.