MON5TERMATT Posted January 27, 2022 ID:1499511 Share Posted January 27, 2022 (edited) Hey Malwarebytes team. In the last week we registered the new medicat USB domain. It is now being flagged as malicious medicatusb.com cdn.medicatusb.com url.medicatusb.com This is seperate from the medicatusb.xyz I asked to be whitelisted. WHAT DO YOU GUYS FIND THAT IS MALICIOUS. HOW DO I GET THIS FIXED. Edited January 27, 2022 by TeMerc Disabled links Link to post Share on other sites More sharing options...
MON5TERMATT Posted January 27, 2022 Author ID:1499514 Share Posted January 27, 2022 (edited) As always thanks for your time. I'm just trying to figure out what is getting flagged as malicious. I'd love to solve this issue. It's getting flagged for phishing of all things. There is no phishing anywhere. At all. Edited January 27, 2022 by MON5TERMATT Link to post Share on other sites More sharing options...
Staff TeMerc Posted January 27, 2022 Staff ID:1499517 Share Posted January 27, 2022 21 minutes ago, MON5TERMATT said: Hey Malwarebytes team. In the last week we registered the new medicat USB domain. It is now being flagged as malicious medicatusb.com cdn.medicatusb.com url.medicatusb.com This is seperate from the medicatusb.xyz I asked to be whitelisted. WHAT DO YOU GUYS FIND THAT IS MALICIOUS. HOW DO I GET THIS FIXED. Detection path here: VirusTotal - URL - 4d77aa078064875dfe394d88f7945f95749a393b9cf05e3445dca0d20586057c File detection: VirusTotal - File - d90fd4a826eea4713b67df9a3724bc17606a024a18e305a6a1317b7bfb3d81db Link to post Share on other sites More sharing options...
MON5TERMATT Posted January 27, 2022 Author ID:1499526 Share Posted January 27, 2022 44 minutes ago, TeMerc said: Detection path here: VirusTotal - URL - 4d77aa078064875dfe394d88f7945f95749a393b9cf05e3445dca0d20586057c File detection: VirusTotal - File - d90fd4a826eea4713b67df9a3724bc17606a024a18e305a6a1317b7bfb3d81db https://GitHub.com/MON5TERMATT/medicat_installer Link to post Share on other sites More sharing options...
MON5TERMATT Posted January 27, 2022 Author ID:1499527 Share Posted January 27, 2022 I believe if you reach my previous posts here you will see that they said they would whitelist that as well. Link to post Share on other sites More sharing options...
MON5TERMATT Posted January 27, 2022 Author ID:1499530 Share Posted January 27, 2022 Also. Does anyone know a batch compiler that doesn't set off a whopping 35 antiviruses. Like Jesus Christ all it is is a batch script. Link to post Share on other sites More sharing options...
MON5TERMATT Posted January 27, 2022 Author ID:1499531 Share Posted January 27, 2022 I'm losing my *****ing mind trying to solve this *****. Link to post Share on other sites More sharing options...
MON5TERMATT Posted January 27, 2022 Author ID:1499546 Share Posted January 27, 2022 At this time I cannot remove the file completely from that website because the installer is hard coded to find the update at that url. however I have just changed the code so that it no longer pulls from that file and it should not be needed in about a month once the majority of users have updated to the newest version. I've also just quit trying to *****ing compile to a exe and we're just going to run batch scripts from now on. The batch script itself before being encoded to exe doesn't flag any antiviruses it's just the damn encoding tool. I would love for this issue to get resolved because we were never running any malware in the first place and you can see that if you just look at the damn code on my GitHub. Thanks a ton....... Matt Link to post Share on other sites More sharing options...
MON5TERMATT Posted January 27, 2022 Author ID:1499547 Share Posted January 27, 2022 NEW FILE DETECTION (actually a batch file, just renamed because i stupidly hardcoded the download because WGET. https://www.virustotal.com/gui/file-analysis/YmZiYzhhYjE2ODEwMzZkMWJjZDE2MWE1ODc1YWU2NjA6MTY0MzMyNzE5OA== AND THE (NOW CURRENT) VERSION GOING TO BE USED https://www.virustotal.com/gui/file-analysis/ZDZhNGM5ZTNkZDY5ZTdiZDhhNjlhMjY3ZTE5OWNiZTU6MTY0MzMyNzI3Ng== Link to post Share on other sites More sharing options...
MON5TERMATT Posted January 27, 2022 Author ID:1499548 Share Posted January 27, 2022 so the original URL and File Have Been changed 2 hours ago, TeMerc said: Detection path here: VirusTotal - URL - 4d77aa078064875dfe394d88f7945f95749a393b9cf05e3445dca0d20586057c File detection: VirusTotal - File - d90fd4a826eea4713b67df9a3724bc17606a024a18e305a6a1317b7bfb3d81db Link to post Share on other sites More sharing options...
Porthos Posted January 27, 2022 ID:1499549 Share Posted January 27, 2022 5 minutes ago, MON5TERMATT said: AND THE (NOW CURRENT) VERSION GOING TO BE USED https://www.virustotal.com/gui/file-analysis/ZDZhNGM5ZTNkZDY5ZTdiZDhhNjlhMjY3ZTE5OWNiZTU6MTY0MzMyNzI3Ng== A quick FYI. Malwarebytes does not detect bat files. The only thing is if it connects to a detected domain or IP it might get blocked. Link to post Share on other sites More sharing options...
MON5TERMATT Posted January 28, 2022 Author ID:1499550 Share Posted January 28, 2022 does this mean that the domain is good now because its BAT now. Because it seems that file was the issue and the file doesn't "Exist" anymore. (its still there because like I said before, my dumbass hardcoded it.) Link to post Share on other sites More sharing options...
Porthos Posted January 28, 2022 ID:1499551 Share Posted January 28, 2022 Just now, MON5TERMATT said: does this mean that the domain is good now because its BAT now Did not say that, Only that MB does not detect bat as a threat when scanned. What the bat actually does and what it connects to might still be an issue. Link to post Share on other sites More sharing options...
MON5TERMATT Posted January 28, 2022 Author ID:1499553 Share Posted January 28, 2022 (edited) Im not saying you did, im saying now that the new file is batch and not a Sussy Wussy EXE that this whole crap is over because it contacts the domain but its a catch 22 because in order to clear the domain the file needs to be gone.... however the new BAT doesnt trigger any A/V's edit: that was cringe. ignore the sus reference Edited January 28, 2022 by MON5TERMATT Link to post Share on other sites More sharing options...
MON5TERMATT Posted January 28, 2022 Author ID:1499554 Share Posted January 28, 2022 3 hours ago, TeMerc said: Detection path here: VirusTotal - URL - 4d77aa078064875dfe394d88f7945f95749a393b9cf05e3445dca0d20586057c File detection: VirusTotal - File - d90fd4a826eea4713b67df9a3724bc17606a024a18e305a6a1317b7bfb3d81db please note that if you download the file that is in the "file path" and scan it you get THIS now: https://www.virustotal.com/gui/file/64fe2f25d5dc1cee900f99efb948efffcdddff7ce13b08231ad5ba857e4bcc51 Link to post Share on other sites More sharing options...
Staff Solution BjelakovicL Posted January 28, 2022 Staff Solution ID:1499603 Share Posted January 28, 2022 (edited) Hey Matt, The block will be removed in the next database update. Sorry for the inconvenience. Edited January 28, 2022 by BjelakovicL spelling 1 Link to post Share on other sites More sharing options...
Recommended Posts