Jump to content

False positive in GOG Galaxy


Go to solution Solved by JPopovic,

Recommended Posts

When using GOG Galaxy, I get the following block:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 11/22/20
Protection Event Time: 10:33 AM
Log File: 2fb35558-2cf1-11eb-a851-14dae9096cfb.json

-Software Information-
Version: 4.2.3.96
Components Version: 1.0.1112
Update Package Version: 1.0.33268
License: Premium

-System Information-
OS: Windows 10 (Build 19041.630)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Trojan
Domain: cdn-edge-dynamic-4-bhs-ca-ovh.gogcdn.net
IP Address: 54.39.176.27
Port: 443
Type: Outbound
File: C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe

(end)

Link to post
Share on other sites
  • 2 weeks later...

@JPopovic i also get an block message from GOG Galaxy. My CDN domein is different then the topic starten.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 12/7/20
Protection Event Time: 4:14 PM
Log File: d6f2b59e-389e-11eb-9aa2-4ccc6ab930e8.json

-Software Information-
Version: 4.2.3.96
Components Version: 1.0.1122
Update Package Version: 1.0.34021
License: Premium

-System Information-
OS: Windows 10 (Build 19041.630)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Trojan
Domain: cdn-edge-dynamic-95-fra-de-ovh.gogcdn.net
IP Address: 51.75.91.14
Port: 443
Type: Outbound
File: C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe

 

(end)

Link to post
Share on other sites
  • 2 weeks later...

Hi @JPopovic

Another CDN from gog galaxy, hopefully still nothing to worry about. I was downloading a game at the time.

 

-Logoplysninger-
Dato for beskyttelseshændelse: 20.12.2020
Tidspunkt for beskyttelseshændelse: 06.08
Logfil: 5d2fbd82-4281-11eb-bc31-704d7b2dae49.json

-Softwareoplysninger-
Version: 4.3.0.98
Komponentversion: 1.0.1130
Opdatér pakkeversion: 1.0.34537
Licens: Premium

-Systemoplysninger-
OS: Windows 10 (Build 19041.685)
CPU: x64
Filsystem: NTFS
Bruger: System

-Oplysninger om blokeret websted-
Skadeligt websted: 1
, F:\GOG Galaxy install\GOG Galaxy\GalaxyClient.exe, Blokeret, -1, -1, 0.0.0, ,

-Webstedsdata-
Kategori: Trojanske heste
Domæne: cdn-edge-dynamic-40-waw-pl-ovh.gogcdn.net
IP-adresse: 145.239.28.222
Port: 443
Type: Udgående
Fil: F:\GOG Galaxy install\GOG Galaxy\GalaxyClient.exe

 

(end)

 

Hopefully the language isnt an issue either.

Link to post
Share on other sites

Indeed, the issue seems to be back. Same thing here:
 

-Log Details-
Protection Event Date: 20/12/2020
Protection Event Time: 08:18
Log File: 253210ce-428b-11eb-b3fb-1c1b0debb926.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1130
Update Package Version: 1.0.34537
Licence: Trial

-System Information-
OS: Windows 10 (Build 19041.685)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Trojan
Domain: cdn-edge-dynamic-40-waw-pl-ovh.gogcdn.net
IP Address: 145.239.28.222
Port: 443
Type: Outbound
File: C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe

 

Link to post
Share on other sites
  • 4 weeks later...

Hi,

Also got the same issue with a different domain:

Malwarebytes
www.malwarebytes.com

-Détails du journal-
Date de l'événement de protection: 13/01/2021
Heure de l'événement de protection: 21:43
Fichier journal: ef01fcd6-55df-11eb-a803-00ff942cb8f3.json

-Informations du logiciel-
Version: 4.3.0.98
Version de composants: 1.0.1130
Version de pack de mise à jour: 1.0.35687
Licence: Premium

-Informations système-
Système d'exploitation: Windows 10 (Build 19041.685)
Processeur: x64
Système de fichiers: NTFS
Utilisateur: System

-Détails du site Web bloqué-
Site Web malveillant: 1
, C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe, Bloqué, -1, -1, 0.0.0, , 

-Données du site Web-
Catégorie: Cheval de Troie
Domaine: cdn-edge-dynamic-12-waw-pl-ovh.gogcdn.net
Adresse IP: 51.83.252.182
Port: 443
Type: En sortie
Fichier: C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe

(end)

Regards.

Link to post
Share on other sites

Confirmed. GalaxyClient.exe gets blocked again:

Quote

 

Malwarebytes
www.malwarebytes.com

-Dettagli log-
Data evento di protezione: 13/01/21
Ora evento di protezione: 22:14
File di log: 5d1dbefe-55e4-11eb-bb18-0c9d92a56fd0.json

-Informazioni software-
Versione: 4.3.0.98
Versione componenti: 1.0.1130
Aggiorna versione pacchetto: 1.0.35687
Licenza: Premium

-Informazioni sistema-
SO: Windows 10 (Build 19041.685)
CPU: x64
File system: NTFS
Utente: System

-Dettagli siti web bloccati-
Sito web nocivo: 1
, C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe, Bloccato, -1, -1, 0.0.0, , 

-Dati sito web-
Categoria: Trojan
Dominio: cdn-edge-dynamic-4-lon-uk-ovh.gogcdn.net
Indirizzo IP: 51.77.108.93
Porta: 443
Tipo: In uscita
File: C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe

(end)

 

 

Link to post
Share on other sites
  • Staff
2 minutes ago, hexaae said:

Confirmed. GalaxyClient.exe gets blocked again:

 

Hello, thanks for bringing this to our attention. We've reviewed the IP(was not a domain block) again and have determined it no longer warrants being blocked so we've removed it from our database. 

Removal should be reflected in the next database update going out in a few hours or so

Link to post
Share on other sites
  • TeMerc locked this topic
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.