Jump to content

Steam, Monster Hunter World: Website blocked while playing, Trojan


DonnieKarlsen

Recommended Posts

Hi,

Monster Hunter World lets you search for specific sessions in online sessions and connect with others for multiplayer. It all works directly in the game. You can virtually join different lobbies there. When connecting to the lobby of a certain player (I don't know the player himself), my real-time protection from Malwarebytes reported smth. Right when the game is connecting to that lobby. The connection to a website was allegedly blocked - due to a Trojan. Steam.exe was output as a program or file. A specific IP address can be seen in the Malwarebytes logs and the connection type is "outgoing". In addition the specification of a port. In the notification bell the case is flagged as 'possible thread'. Blocked IP is 185.214.144.240. Port 58830,on second test with same player port was different.

The problem did not occur when connecting to other lobbies. I've also been playing this for over a year without it ever happening. Can you explain that to yourself technically? Unfortunately, I am very sensitive and would like to set everything up again. But I don't see how I could avoid this in future games. Is there any peer to peer connection and the IP address was saved as suspicious by Malwarebytes? Unfortunately, I don't know anything about it technically. I always keep my system very clean.

Link to post
Share on other sites

20 minutes ago, DonnieKarlsen said:

Is there any peer to peer connection and the IP address was saved as suspicious by Malwarebytes? Unfortunately, I don't know anything about it technically. I always keep my system very clean.

As for why Malwarebytes blocks Steam and other games, this is because Steam is Torrent based software, are what are known as Peer-to-Peer (P2P) applications meaning it connects to many different servers/IP addresses (this is how files are downloaded through Torrent based software) and because of this, sometimes Torrent based software will connect to a server that is also known for hosting malicious content.  This is because servers/IP addresses are often shared by multiple sites, so while what you are Playing/downloading through Torrent based software may be perfectly safe, some of the sites hosted on some of the IP addresses that Torrent based software connects to may be malicious.  Such connections are not a threat however, and you may exclude Torrent based software from the Web Protection component in Malwarebytes to stop the blocks from happening without compromising your protection (your web browser and other critical web facing programs will still be fully protected from malicious websites and other malicious content).  To do so, add the game exe to your exclusions using the method described under the Exclude an Application that Connects to the Internet section of this support article.

Link to post
Share on other sites

So its 99,9999999% false-positive? Got anything to say to the mentioned IP adress?

You specifically said to exclude the game Exe. Malwarebytes reported Steam.exe, not the game itself. I guess steam manages the connections for multiplayer and thus malwarebytes reported steam.exe. But that goes far beyond my knowledge. Does this sound plausible to you?

 

Link to post
Share on other sites

53 minutes ago, DonnieKarlsen said:

Got anything to say to the mentioned IP adress?

Post a detection log and research will look into it.

54 minutes ago, DonnieKarlsen said:

Malwarebytes reported Steam.exe, not the game itself. I guess steam manages the connections for multiplayer and thus malwarebytes reported steam.exe. But that goes far beyond my knowledge. Does this sound plausible to you?

What ever the detected exe is whether it be steam or a steam game.

Link to post
Share on other sites

Hello,

I've unblocked the IP you mentioned in the OP.

It's an older block because of a file that no longer exists: https://www.virustotal.com/gui/url/58557f6555824d3f70827854c488e24e252112befb4e18d79533e4ba6aeecad6/details

A database update within an hour or so should fix this for you. Let us know if there are other IP addresses you suspect are false positives.

Thank you for reporting

Link to post
Share on other sites

5 hours ago, DonnieKarlsen said:

Thx for the intel and quick response.

Just to be clear: u can confirm it was a flase positive at the time it occured? (See date first post -2hours).

I can't be 100% because I only rechecked that IP when you asked about it on Friday but usually websites won't remain infected for such a long period of time. In this case, it had been blocked for about a year. Thanks for bringing it to our attention :)

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.