Jump to content

GTA5.EXE detected by MB as a trojan??


PablitoJimmenez

Recommended Posts

As the title says MalwareBytes detected GTA5.EXE as a trojan.Im confused by this because i validated the game files and it says its a legtimate game on steam AND i ran a full scan and no threats were found.one thing that confused me was that the action was classified as "Blocked website" when its clearly the application files thats the potential problem here.What scares me the most about this is that after the "website" was blocked i got a bsod after called Kernel security check error,Now i dont know much about computers but im sure that Malwarebytes probably didnt cause it.To anyone who sees this thread please help as i dont know wether it actually blocked a dangerous website or not.


P.S:the "Website" had no domain either and it seems it was connected somewhere in new york/new jersey where i live.

Link to post
Share on other sites

Could you post the detection log from Malwarebytes so the researchers can check if the particular block is still valid.

Also,

As for why Malwarebytes blocks Steam and other games, this is because Steam is Torrent based software, are what are known as Peer-to-Peer (P2P) applications meaning it connects to many different servers/IP addresses (this is how files are downloaded through Torrent based software) and because of this, sometimes Torrent based software will connect to a server that is also known for hosting malicious content.  This is because servers/IP addresses are often shared by multiple sites, so while what you are Playing/downloading through Torrent based software may be perfectly safe, some of the sites hosted on some of the IP addresses that Torrent based software connects to may be malicious.  Such connections are not a threat however, and you may exclude Torrent based software from the Web Protection component in Malwarebytes to stop the blocks from happening without compromising your protection (your web browser and other critical web facing programs will still be fully protected from malicious websites and other malicious content).  To do so, add the game exe to your exclusions using the method described under the Exclude an Application that Connects to the Internet section of this support article.

Link to post
Share on other sites

Thanks for the response,Also could it be possible that tthe detection could of caused the BSOD? Thanks in advance :)

-Log Details-
Protection Event Date: 9/15/20
Protection Event Time: 12:03 PM
Log File: 197b782e-f786-11ea-b1c1-b418d1ea0644.json

-Software Information-
Version: 4.2.0.82
Components Version: 1.0.1036
Update Package Version: 1.0.29877
License: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTA5.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Trojan
Domain: 
IP Address: 207.246.82.87
Port: 6672
Type: Outbound
File: C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTA5.exe

 

Link to post
Share on other sites

57 minutes ago, PablitoJimmenez said:

License: Trial

Are you planning to purchase the paid version? If not when it reverts to free you wont see the alerts because you will not have protection anymore.

58 minutes ago, PablitoJimmenez said:

Also could it be possible that tthe detection could of caused the BSOD?

That would something for another section of the forum to diagnose.

Link to post
Share on other sites

  • 6 months later...

Hey, i see you didnt help that guy for not having licence.

 

now i have licence please fix the problem i cant play GTA5 online because GTA5.exe in steam or outside steam, Epic Games or Rockstar Launcher they are get blocked by Malwarebytes.

 

This happens because i m sometimes injecting some Mod files in to game. in single player 

Link to post
Share on other sites

7 minutes ago, hamitcagdas said:

Hey, i see you didnt help that guy for not having licence.

There was no help needed for that user. The free version does not block anything.

8 minutes ago, hamitcagdas said:

now i have licence please fix the problem i cant play GTA5 online because GTA5.exe in steam or outside steam, Epic Games or Rockstar Launcher they are get blocked by Malwarebytes.

As for why Malwarebytes blocks Steam and other games, this is because Steam is Torrent based software, are what are known as Peer-to-Peer (P2P) applications meaning it connects to many different servers/IP addresses (this is how files are downloaded through Torrent based software) and because of this, sometimes Torrent based software will connect to a server that is also known for hosting malicious content.  This is because servers/IP addresses are often shared by multiple sites, so while what you are Playing/downloading through Torrent based software may be perfectly safe, some of the sites hosted on some of the IP addresses that Torrent based software connects to may be malicious.  Such connections are not a threat however, and you may exclude Torrent based software from the Web Protection component in Malwarebytes to stop the blocks from happening without compromising your protection (your web browser and other critical web facing programs will still be fully protected from malicious websites and other malicious content).  To do so, add the game exe to your exclusions using the method described under the Exclude an Application that Connects to the Internet section of this support article.

Link to post
Share on other sites

  • 8 months later...
2 hours ago, hamitcagdas said:

i just saw that :D where can i find log files ?

To get the log from Malwarebytes do the following:

Single click on the Clock icon above Detection History.

image.png.1f244e16967a45c43721d26ff340412b.png

In the new window

Double click on the  log which shows the Date and time of the detection.

Click Export > From export you have two options:
Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
Export toTxt - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

Please use " Copy to Clipboard " then paste the contents here in your next reply

Please double-click on one of the block entries shown in the image you posted to view the report, then click the Export link on the bottom left of the report and select Copy to clipboard, then paste the contents here in your next reply so that we may take a look and advise you based on what it shows.

Thanks

  • Thanks 1
Link to post
Share on other sites

  • 11 months later...

Sry for late reply

here is my log filembamtray_E1fDWdk22X.png.c47626aa0147943229ee9103c59859be.png

 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 11/12/22
Protection Event Time: 1:19 PM
Log File: 706af560-6273-11ed-a2a2-f02f7421b9d6.json

-Software Information-
Version: 4.5.16.217
Components Version: 1.0.1792
Update Package Version: 1.0.62186
License: Premium

-System Information-
OS: Windows 11 (Build 22621.819)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTA5.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Trojan
Domain: well.*****.it
IP Address: 46.252.31.30
Port: 80
Type: Outbound
File: C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTA5.exe

 

(end)

 

 

mbam_bZH3V6gOGz.thumb.png.54e9588ddc4561f0c3f0a1c2e3962d02.png

Link to post
Share on other sites

4 hours ago, hamitcagdas said:

Sry for late reply

The answer to your issue is been in this thread for a year.

On 3/21/2021 at 4:30 AM, hamitcagdas said:

i add them in to Allowed Programs list, its still doing the block

This is the wrong exclusion method.

 

This is the correct way.

Allow an application to connect to the Internet

To prevent Malwarebytes for Windows from blocking an application you trust, add the application executable.

  1. Click Allow an application to connect to the Internet.
  2. To find the application, click Browse.
  3. Select the application executable you want to add, then click Open.
  4. Click Done to confirm your changes.

That domain does not exist either. https://www.virustotal.com/gui/url/e5e92214fbfc7e197c9566734c79467f7fdf1caadd3da9ca20f69ac71d936ae2?nocache=1

Edited by Porthos
  • Thanks 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.