Jump to content

Website blocked due to Trojan on fnplicensingservice64.exe


Recommended Posts

  • Replies 58
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

I've sent a notification to Research via the FP escalation system and a member of the team should be along to confirm the issue soon.

Very well could be. Sorry, I've been doing security for a long time and I never trust links in anyone's email. If at all possible I always manually visit the sites. If that's not possible then review

Thank you so much! For anyone struggling with the popup, ending the task for FNPLicensingService64 under Autodesk stops the popup from appearing even if you don't delete anything.

Posted Images

2 minutes ago, Nambread said:

I'm getting the same thing, so for now I'm simply disabling the notification popup and closing the program, but not whitelisting any IP addresses.

I would say this is a good idea, don't whitelist the program as of now until further confirmation. Probably just disable the notification popup, as of right now

Link to post
Share on other sites

yes - also seeing this popup every couple of minutes starting today

https://www.quora.com/What-is-FLEXNet-Licensing-Service

Seems the licensing server is something to do with Adobe products.

I have acrobat 11, old versions of photoshop and adobe reader so could be anyone of those.

For now, since i dont want any of them to update (they are all older versions anyway), i am disabling the auto update features to see if that resolves the issue. 

Link to post
Share on other sites

Just joined to add info to this as well.

I was getting pings from FNPLicensingService.exe as well this morning and freaked me out enough where I removed it from my computer to be safe. After that AMD's AUEPMaster.exe started to do the same thing.

 

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Trojan
Domain:
IP Address: 169.254.169.254
Port: 80
Type: Outbound
File: C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe

Link to post
Share on other sites

Just to confirm, I'm getting this too. Started today. The FlexNet licensing service on my system is the 32bit process, and is used to validate licensing for Autodesk 3D Studio Max, v2013.

Looking forward to hearing feedback on this from the MWB engineers to determine if it's a false positive and how to safely disable the unnecessary popup under those circumstances.

Best,

Marc

Link to post
Share on other sites
14 minutes ago, azarashi said:

Just joined to add info to this as well.

I was getting pings from FNPLicensingService.exe as well this morning and freaked me out enough where I removed it from my computer to be safe. After that AMD's AUEPMaster.exe started to do the same thing.

 

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Trojan
Domain:
IP Address: 169.254.169.254
Port: 80
Type: Outbound
File: C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe

This is also what I am getting

Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/17/20
Protection Event Time: 10:29 AM
Log File: 95d92770-108d-11eb-af25-4ccc6ad07126.json

-Software Information-
Version: 4.2.1.89
Components Version: 1.0.1061
Update Package Version: 1.0.31512
License: Premium

-System Information-
OS: Windows 10 (Build 19041.572)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Trojan
Domain: 
IP Address: 169.254.169.254
Port: 80
Type: Outbound
File: C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe

(end)

Link to post
Share on other sites
8 minutes ago, exile360 said:

A member of Research has responded and this should be fixed in the next database update.

Thanks everyone for reporting this issue and for your patience.

Just to confirm, this means that it was in fact a false positive and there's nothing to worry about?

Thanks for all your help with this!

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.