Vip Posted July 14, 2020 ID:1394475 Share Posted July 14, 2020 Hi Everyone, An online steam game I play called "Conan Exiles" has been blocked by malwarebytes from making an outbound connection to a different IP address from the game server I connect to. I am however able to connect to the online server and play the game all OK. I am running both Malwarebytes and McAfee Total Protection together. I ran a full Malwarebytes scan yesterday on both hard drives with scan for rootkits enabled = nothing found. Malwarebytes Version: 4.1.2.73 Update package version: 1.0.26759 Component package version: 1.0.979 Last updated: 13/07/2020 09:36 Malwarebytes has updated since then but the above is the versions it reported just before I scanned yesterday. The server I connect to, to play the game is 176.57.178.33:28000 Below are the 3 reports of outbound blocked. *****************************************REPORT 1*********************************************** Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 27/06/2020 Protection Event Time: 17:53 Log File: befddd34-b896-11ea-aea0-10bf48e37924.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.955 Update Package Version: 1.0.26081 Licence: Premium -System Information- OS: Windows 10 (Build 18362.900) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , D:\Games\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Trojan Domain: IP Address: 185.137.233.239 Port: 8889 Type: Outbound File: D:\Games\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe (end) *****************************************REPORT 1 END****************************************** *****************************************REPORT 2*********************************************** Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 01/07/2020 Protection Event Time: 20:04 Log File: a7a90520-bbcd-11ea-a8f7-10bf48e37924.json -Software Information- Version: 4.1.2.73 Components Version: 1.0.972 Update Package Version: 1.0.26253 Licence: Premium -System Information- OS: Windows 10 (Build 18362.900) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , D:\Games\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Trojan Domain: IP Address: 185.137.233.239 Port: 7778 Type: Outbound File: D:\Games\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe (end) ****************************************REPORT 2 END******************************************* *****************************************REPORT 3*********************************************** Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 14/07/2020 Protection Event Time: 16:00 Log File: be1120bc-c5e2-11ea-a173-10bf48e37924.json -Software Information- Version: 4.1.2.73 Components Version: 1.0.979 Update Package Version: 1.0.26817 Licence: Premium -System Information- OS: Windows 10 (Build 18362.900) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , D:\Games\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Trojan Domain: IP Address: 185.137.233.239 Port: 8889 Type: Outbound File: D:\Games\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe (end) ***************************************REPORT 3 END******************************************** NOTE: I played the game yesterday too but there is no report for an outbound connection being blocked yesterday. I have no idea what IP address 185.137.233.239 is or why the game would be trying to connect there. I have this evening performed a scan with both Malwarebytes(rootkit scan not enabled) and McAfee on just the following location D:\Games\Steam\steamapps\common\Conan Exiles\ and neither detected anything. I'll run a full scan with McAfee overnight. Is my PC likely infected? Please can anyone advise what other steps I can take and if I should be worried about this? Thanks. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 14, 2020 Root Admin ID:1394515 Share Posted July 14, 2020 Hello @Vip I'm checking to see if this is possibly a False Positive - I'll be back a bit later once I hear back from the team Thanks Link to post Share on other sites More sharing options...
Staff Solution Dashke Posted July 15, 2020 Staff Solution ID:1394602 Share Posted July 15, 2020 Since the IP looks clean now, the block has been removed. Link to post Share on other sites More sharing options...
Recommended Posts