Kykof Posted June 2, 2021 ID:1461029 Share Posted June 2, 2021 (edited) So, I recently wanted to play Rust again after a long time, so I launched the game and got this notification from malwarebytes: -Website Data- Category: Trojan Domain: IP Address: 82.209.17.209 Port: 28015 Type: Outbound File: D:\steam\steamapps\common\Rust\RustClient.exe Is this a false positive? Edited November 30, 2021 by AdvancedSetup Corrected font issue Link to post Share on other sites More sharing options...
Staff TeMerc Posted June 2, 2021 Staff ID:1461041 Share Posted June 2, 2021 33 minutes ago, Kykof said: So, I recently wanted to play Rust again after a long time, so I launched the game and got this notification from malwarebytes: -Website Data-Category: TrojanDomain: IP Address: 82.209.17.209Port: 28015Type: OutboundFile: D:\steam\steamapps\common\Rust\RustClient.exe Is this a false positive? Hello- No, it's not a false\positive, the range is involved with Dridex malware Link to post Share on other sites More sharing options...
Kykof Posted June 2, 2021 Author ID:1461043 Share Posted June 2, 2021 And how do I stop it from injecting into my Rust client? Link to post Share on other sites More sharing options...
Porthos Posted June 2, 2021 ID:1461049 Share Posted June 2, 2021 15 minutes ago, Kykof said: And how do I stop it from injecting into my Rust client? I assume the game still plays but the notifications get in the way? Link to post Share on other sites More sharing options...
Kykof Posted June 2, 2021 Author ID:1461051 Share Posted June 2, 2021 I reinstalled the game, and now I get a different notification from malwarebytes: -Website Data- Category: Riskware Domain: IP Address: 91.211.89.16 Port: 28015 Type: Outbound File: D:\steam\steamapps\common\Rust\RustClient.exe Link to post Share on other sites More sharing options...
Porthos Posted June 2, 2021 ID:1461052 Share Posted June 2, 2021 Just now, Kykof said: I reinstalled the game, and now I get a different notification from malwarebytes: Please answer my question above. Link to post Share on other sites More sharing options...
Kykof Posted June 2, 2021 Author ID:1461053 Share Posted June 2, 2021 Yeah, they do. Link to post Share on other sites More sharing options...
Porthos Posted June 2, 2021 ID:1461056 Share Posted June 2, 2021 Just now, Kykof said: Yeah, they do. You have 2 choices. Add the game to play mode. Or, As for why Malwarebytes blocks Steam and other games, this is because Steam is Torrent based software, are what are known as Peer-to-Peer (P2P) applications meaning it connects to many different servers/IP addresses (this is how files are downloaded through Torrent based software) and because of this, sometimes Torrent based software will connect to a server that is also known for hosting malicious content. This is because servers/IP addresses are often shared by multiple sites, so while what you are Playing/downloading through Torrent based software may be perfectly safe, some of the sites hosted on some of the IP addresses that Torrent based software connects to may be malicious. Such connections are not a threat however, and you may exclude Torrent based software from the Web Protection component in Malwarebytes to stop the blocks from happening without compromising your protection (your web browser and other critical web facing programs will still be fully protected from malicious websites and other malicious content). To do so, add the game exe to your exclusions using the method described under the Exclude an Application that Connects to the Internet section of this support article. 1 Link to post Share on other sites More sharing options...
Kykof Posted June 2, 2021 Author ID:1461060 Share Posted June 2, 2021 8 minutes ago, Porthos said: You have 2 choices. Add the game to play mode. Or, As for why Malwarebytes blocks Steam and other games, this is because Steam is Torrent based software, are what are known as Peer-to-Peer (P2P) applications meaning it connects to many different servers/IP addresses (this is how files are downloaded through Torrent based software) and because of this, sometimes Torrent based software will connect to a server that is also known for hosting malicious content. This is because servers/IP addresses are often shared by multiple sites, so while what you are Playing/downloading through Torrent based software may be perfectly safe, some of the sites hosted on some of the IP addresses that Torrent based software connects to may be malicious. Such connections are not a threat however, and you may exclude Torrent based software from the Web Protection component in Malwarebytes to stop the blocks from happening without compromising your protection (your web browser and other critical web facing programs will still be fully protected from malicious websites and other malicious content). To do so, add the game exe to your exclusions using the method described under the Exclude an Application that Connects to the Internet section of this support article. Okay, I'll try the second choice. Thanks for the help! Link to post Share on other sites More sharing options...
Kykof Posted June 2, 2021 Author ID:1461061 Share Posted June 2, 2021 Also, last thing, I have Kaspersky Security Cloud installed on my PC too, and that doesn't detect it. Link to post Share on other sites More sharing options...
Porthos Posted June 2, 2021 ID:1461064 Share Posted June 2, 2021 5 minutes ago, Kykof said: Also, last thing, I have Kaspersky Security Cloud installed on my PC too, and that doesn't detect it. Because Kaspersky does not block web issues like Malwarebytes. Please also refer to this support article which lists several known applications which conflict with the Web Protection in Malwarebytes currently, which includes Kaspersky. Link to post Share on other sites More sharing options...
Kykof Posted June 2, 2021 Author ID:1461066 Share Posted June 2, 2021 1 minute ago, Porthos said: Because Kaspersky does not block web issues like Malwarebytes. Please also refer to this support article which lists several known applications which conflict with the Web Protection in Malwarebytes currently, which includes Kaspersky. Oh, I didn't know that, but it seems to be running fine now. Link to post Share on other sites More sharing options...
Porthos Posted June 2, 2021 ID:1461067 Share Posted June 2, 2021 1 minute ago, Kykof said: Oh, I didn't know that, but it seems to be running fine now. Keep in mind if you have issues in the future. Link to post Share on other sites More sharing options...
Kykof Posted June 2, 2021 Author ID:1461069 Share Posted June 2, 2021 11 minutes ago, Porthos said: Keep in mind if you have issues in the future. Oh, okay. 1 Link to post Share on other sites More sharing options...
doc_101 Posted June 2, 2021 ID:1461070 Share Posted June 2, 2021 47 minutes ago, Porthos said: You have 2 choices. Add the game to play mode. Or, As for why Malwarebytes blocks Steam and other games, this is because Steam is Torrent based software, are what are known as Peer-to-Peer (P2P) applications meaning it connects to many different servers/IP addresses (this is how files are downloaded through Torrent based software) and because of this, sometimes Torrent based software will connect to a server that is also known for hosting malicious content. This is because servers/IP addresses are often shared by multiple sites, so while what you are Playing/downloading through Torrent based software may be perfectly safe, some of the sites hosted on some of the IP addresses that Torrent based software connects to may be malicious. Such connections are not a threat however, and you may exclude Torrent based software from the Web Protection component in Malwarebytes to stop the blocks from happening without compromising your protection (your web browser and other critical web facing programs will still be fully protected from malicious websites and other malicious content). To do so, add the game exe to your exclusions using the method described under the Exclude an Application that Connects to the Internet section of this support article. Hello, sorry to intrude, but I have a similar problem with a steam game too(Left 4 Dead 2). I published a post yesterday in this section (Website Blocking), but I didn't receive a concrete answer, can I assume that it is the same in my situation? Link to post Share on other sites More sharing options...
Porthos Posted June 2, 2021 ID:1461071 Share Posted June 2, 2021 Just now, doc_101 said: Hello, sorry to intrude, but I have a similar problem with a steam game too(Left 4 Dead 2). I published a post yesterday in this section (Website Blocking), but I didn't receive a concrete answer, can I assume that it is the same in my situation? Yes, I was just about to post the info in your topic. If you have any more questions post in your topic please. 1 Link to post Share on other sites More sharing options...
Recommended Posts