Jump to content

Possible Trojan


Go to solution Solved by TeMerc,

Recommended Posts

I am concerned I contracted a virus while using a software launcher for a game I play called Tauri WoW. Upon running the launcher, Malwarebytes blocked an IP address managed by BSNL which is a telecomm company in India. The blocked IP was 117.251.56.13. I did a threat search for it online and it game back as malicious from abuseipdb.com for port scanning and hacking. My PC hasn't shown any unusual behavior and my MalwareBytes scan came back negative but I am concerned there's an issue and wanted to find out if there's anything more I should do. Since my scan came back clean I have attached the specific alert for the possible trojan. Thanks in advance for your help.Addition.txtFRST.txt

MalwareBytes Threat Scan log.txt

Link to post
Share on other sites

Hiya FrankWright and welcome to Malwarebytes,

Upload a File to Virustotal

Go to http://www.virustotal.com/
 
  • Click the Choose file button
  • Navigate to the file C:\Users\E Pluribus Unum\AppData\Local\Programs\Tauri Launcher\Tauri Launcher.exe
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the URL address back here please.

Thank you,

Kevin...

Link to post
Share on other sites

Hello FrankWright,

The file being blocked is returned clean by VirusTotal as can be seen in the URL you posted. The IP however is flagged as malicious, also listed to India..?

https://www.virustotal.com/gui/ip-address/117.251.56.13/detection

Did you install Tauri Launcher, do you trust that software...

Thanks,

Kevin...

 

Link to post
Share on other sites

kevinf80,

Yes, I installed the file myself and haven't been able to find any information to not trust it. The game has a small community of about 2000 people but has been online for several years so I'm assuming if there were an issue with them it would have come out by now. They did mention on their site they had seen increased DDoS attacks since June of 2021 but feel they've properly protected against them.

Link to post
Share on other sites

  • Staff
  • Solution
19 hours ago, FrankWright said:

kevinf80,

Yes, I installed the file myself and haven't been able to find any information to not trust it. The game has a small community of about 2000 people but has been online for several years so I'm assuming if there were an issue with them it would have come out by now. They did mention on their site they had seen increased DDoS attacks since June of 2021 but feel they've properly protected against them.

Hello-

That IP is Mozi related: VirusTotal - Ip address - 117.251.56.13

And here: 117.251.56.13 | Bharat Sanchar Nigam Limited | AbuseIPDB

No chance of us disabling that block at this time. I would be very suspect of any files emanating from that range and advise against it if at all possible

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.