Jump to content

Private Internet Access Riskware


yummypugs
 Share

Go to solution Solved by Dashke,

Recommended Posts

Not sure where this is coming from, I'0m not connected to a server, PIA is open however. 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 2/16/21
Protection Event Time: 11:10 PM
Log File: c4c2f3f6-70a3-11eb-acbb-244bfe58cee9.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1173
Update Package Version: 1.0.37209
License: Premium

-System Information-
OS: Windows 10 (Build 19041.804)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Private Internet Access\pia-service.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: RiskWare
Domain: 
IP Address: 212.102.52.87
Port: 0
(No malicious items detected)
Type: Outbound
File: C:\Program Files\Private Internet Access\pia-service.exe

(end)

Link to post
Share on other sites

I am seeing this message too. Are you saying that Private Internet Access is malware? I don't know what "it servers as C2" means. I have the program "pia-service.exe" running but I am not connected to any VPN right now so this is a concern. Why is it connecting to a "C2" whatever that is?

Link to post
Share on other sites

  • Staff

Private Internet Access should be safe, but it seems that one of their IPs has been used by a trojan as malware command and control.

Command & control, also called C&C or C2, is a centralized server or computer that online criminals use to issue commands to control malware and bots as well as to receive reports from them.

If the notifications are too distracting for you, you can disable them in MB4 settings and continue being safe. :)

Link to post
Share on other sites

Thank you for the explanation. I've been in contact with PIA and I opened a ticket on PIA and I just sent the a follow-up email with more details. Sorry if I hijacked the thread. It looks like they were unaware of the problem but I'm spelling it out for them now. :) ipqualityscore.com for instance has this IP flagged as suspicious. What bothers me is that I had pia-service.exe running but it was not attached to anything. So, why is my PC trying to open up an Apache connection on there? This was an outbound connection. 

image.png

Link to post
Share on other sites

  • 3 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.