Prochedary Posted October 8, 2020 ID:1412818 Share Posted October 8, 2020 Hi, out website https://basicland.cz/ shows that we have trojan. Could you tell us, what can we do? I do not know about anything bad at our website. There are logs. Malwarebytes www.malwarebytes.com -Podrobnosti logovacího souboru- Datum události ochrany: 08.10.20 Čas události ochrany: 21:41 Logovací soubor: 3e685d08-099e-11eb-bc50-5404a63b9d82.json -Informace o softwaru- Verze: 4.2.1.89 Verze komponentů: 1.0.1061 Aktualizovat verzi balíku komponent: 1.0.30996 Licence: Zkušební -Systémová informace- OS: Windows 10 (Build 19041.508) CPU: x64 Systém souborů: NTFS Uživatel: System -Podrobnosti o zablokovaném webu- Škodlivý web: 1 , C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Zablokováno, -1, -1, 0.0.0, , -Údaje o webu- Kategorie: Trojský kůň Doména: basicland.cz IP Adresa: 104.28.22.29 Port: 443 Typ: Odchozí Soubor: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end) 10/08/20 " 21:41:22.033" 1513515 15e8 07ac INFO MwacLib MwacLibImpl::InvokeBlockCallback "mwaclibimpl.cpp" 1097 "Connection blocked! ProcessId=10288 ProcessPath=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Domain=basicland.cz Address=104.28.22.29 Port=443 Category=Trojan Direction=Outbound ReportOnly=0 ListName=domainblocklist" 10/08/20 " 21:41:22.034" 1513515 15e8 07ac INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallback "mwaccontrollerimplhelper.cpp" 2181 "Block notification callback 'basicland.cz' '104.28.22.29' 'C:\Program Files (x86)\Google\Chrome\Application\chrome.exe'" 10/08/20 " 21:41:22.034" 1513515 15e8 07ac INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallback "mwaccontrollerimplhelper.cpp" 2182 "AppDetectionNotification=F, BlockNotification=T" 10/08/20 " 21:41:22.158" 1513640 15e8 07ac INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "mwaccontroller.cpp" 1574 "Malicious Website Protection, domainblocklist, 104.28.22.29, basicland.cz, 443, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 10/08/20 " 21:41:22.158" 1513640 15e8 22cc INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallbackImpl "mwaccontrollerimplhelper.cpp" 2284 "Block notification callback impl 'basicland.cz' '104.28.22.29' 'C:\Program Files (x86)\Google\Chrome\Application\chrome.exe'" 10/08/20 " 21:41:22.163" 1513640 15e8 22cc INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::GetDetectedFileDetails "mwaccontrollerimplhelper.cpp" 2268 "White list disposition (0) for 'C:\Program Files (x86)\Google\Chrome\Application\chrome.exe'" 10/08/20 " 21:41:22.417" 1513890 15e8 22c8 INFO MWACControllerCOM CMWACController::TelemetryDataCallbackV3 "mwaccontroller.cpp" 2013 "Successfully sent the block event data to telemetry server." 10/08/20 " 21:41:27.848" 1519328 15e8 20bc WARNING HttpConnection mb::common::net::HttpConnection::SendRequest "httpconnection.cpp" 409 "HTTP POST - SSL error" 10/08/20 " 21:41:27.848" 1519328 15e8 20bc WARNING HttpConnection mb::common::net::HttpConnection::LogExceptionDetails "httpconnection.cpp" 1768 "Exception details: text=SSL connection unexpectedly closed" 10/08/20 " 21:41:27.849" 1519328 15e8 20bc WARNING TelemCtrlImpl TelemetryControllerImpl::SendTelemetryRecord "telemetrycontrollerimplhelper.cpp" 2088 "Problem sending JSON data to DSE stream [mwac] - server returned: -8" Link to post Share on other sites More sharing options...
Staff Zynthesist Posted October 8, 2020 Staff ID:1412819 Share Posted October 8, 2020 Hello, Looks like there was a reported file here: https://www.virustotal.com/gui/file/b15d0b7b98555f350eb03071c91080bebb5c4addcd74e0ec7766883bb8b8edfc/detection hxxps://basicland.cz/.files/basic_cheat_detection.jar Link to post Share on other sites More sharing options...
Prochedary Posted October 9, 2020 Author ID:1412886 Share Posted October 9, 2020 Oh, ok. I removed it. It will be ok now? Link to post Share on other sites More sharing options...
Solution thisisu Posted October 9, 2020 Solution ID:1412894 Share Posted October 9, 2020 1 hour ago, Prochedary said: Oh, ok. I removed it. It will be ok now? Thank you. Yes it's being unblocked now. Link to post Share on other sites More sharing options...
Recommended Posts