FrankWright Posted November 1, 2021 ID:1486452 Share Posted November 1, 2021 I am concerned I contracted a virus while using a software launcher for a game I play called Tauri WoW. Upon running the launcher, Malwarebytes blocked an IP address managed by BSNL which is a telecomm company in India. The blocked IP was 117.251.56.13. I did a threat search for it online and it game back as malicious from abuseipdb.com for port scanning and hacking. My PC hasn't shown any unusual behavior and my MalwareBytes scan came back negative but I am concerned there's an issue and wanted to find out if there's anything more I should do. Since my scan came back clean I have attached the specific alert for the possible trojan. Thanks in advance for your help.Addition.txtFRST.txt MalwareBytes Threat Scan log.txt Link to post Share on other sites More sharing options...
kevinf80 Posted November 1, 2021 ID:1486543 Share Posted November 1, 2021 Hiya FrankWright and welcome to Malwarebytes, Upload a File to Virustotal Go to http://www.virustotal.com/ Click the Choose file button Navigate to the file C:\Users\E Pluribus Unum\AppData\Local\Programs\Tauri Launcher\Tauri Launcher.exe Click the Scan it tab If you get a message saying File has already been analyzed: click Reanalyze file now Copy and paste the URL address back here please. Thank you, Kevin... Link to post Share on other sites More sharing options...
FrankWright Posted November 1, 2021 Author ID:1486550 Share Posted November 1, 2021 kevinf80, thanks again for taking a look at my issue. The URL is below: https://www.virustotal.com/gui/file/5f9f275a01cdd4a897ecd721c729b469cf2dfae0a0e74d29b0d17ea3f3d0e4df Link to post Share on other sites More sharing options...
kevinf80 Posted November 1, 2021 ID:1486553 Share Posted November 1, 2021 Hello FrankWright, The file being blocked is returned clean by VirusTotal as can be seen in the URL you posted. The IP however is flagged as malicious, also listed to India..? https://www.virustotal.com/gui/ip-address/117.251.56.13/detection Did you install Tauri Launcher, do you trust that software... Thanks, Kevin... Link to post Share on other sites More sharing options...
FrankWright Posted November 1, 2021 Author ID:1486559 Share Posted November 1, 2021 kevinf80, Yes, I installed the file myself and haven't been able to find any information to not trust it. The game has a small community of about 2000 people but has been online for several years so I'm assuming if there were an issue with them it would have come out by now. They did mention on their site they had seen increased DDoS attacks since June of 2021 but feel they've properly protected against them. Link to post Share on other sites More sharing options...
kevinf80 Posted November 1, 2021 ID:1486573 Share Posted November 1, 2021 Hiya FrankWright, I`ll move your thread over to the "False Positive" forum, file detection sub section. See what the guys over there think... @shadowwar @miekiemoes Thank you, Kevin Link to post Share on other sites More sharing options...
Staff Solution TeMerc Posted November 2, 2021 Staff Solution ID:1486678 Share Posted November 2, 2021 19 hours ago, FrankWright said: kevinf80, Yes, I installed the file myself and haven't been able to find any information to not trust it. The game has a small community of about 2000 people but has been online for several years so I'm assuming if there were an issue with them it would have come out by now. They did mention on their site they had seen increased DDoS attacks since June of 2021 but feel they've properly protected against them. Hello- That IP is Mozi related: VirusTotal - Ip address - 117.251.56.13 And here: 117.251.56.13 | Bharat Sanchar Nigam Limited | AbuseIPDB No chance of us disabling that block at this time. I would be very suspect of any files emanating from that range and advise against it if at all possible Link to post Share on other sites More sharing options...
FrankWright Posted November 2, 2021 Author ID:1486697 Share Posted November 2, 2021 TeMerc, Thanks for looking into it. Since the connection was blocked by my Malwarebytes software can I assume I wasn't infected or should I take steps to ensure my PC is clean? Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now