Jump to content

Newer Malwarebytes user blocked trojan questions


TechnoWolf
Go to solution Solved by Porthos,

Recommended Posts

Hello, I've been using Malwarebytes since late February of this year, and previously used Kaspersky for many years. I'm an enthusiast of an open source game called Minetest, and just yesterday when going to download mod updates from notabug.org, specifically this location: https://notabug.org/TenPlus1/ the Malwarebytes Browser Guard fired off with a warning that the page was blocked due to a trojan. In further experimentation, it seems the entire notabug.org domain is listed as malware / trojan by browser guard. Is this false positive? I've used this site for years, even with browser guard, and this is the first time this is happening.

Another question. In my Malwarebytes detection history, there are 0 quarantined items. In the history, there is one "Trojan" event which lists the location as, "notabug.org". In the summary, is says it was an outbound connection, category trojan, port 443, file C:\Program Files\Google\Chrome\Application\chrome.exe. I'm confused by a few things about this. First of all, I attempted to visit notabug.org several times to test different url's there. I never proceeded in, I always went back after the warning. Why is there only one event logged about this in my history? I assume the log "outbound connection" to mean that I was indeed willingly making an outbound connection through chrome to notabug.org and the request was blocked because Malwarebytes suspects the site has trojans? Am I right in that interpretation, or does it actually mean that a trojan is on my system acting like chrome.exe and attempting to communicate with notabug.org? There is obviously a very big difference between the two.

So, before I freak out and reformat my hard drive, let me know if you think based on the above if I have a lurking trojan local on my system or not. Thanks.

 

Link to post

Thanks for the reply. Not to question, but please advise where the file scanned by VirusTotal that you've linked is located on notabug.org? Is it distributed via iframe or something upon visiting any page there? The link is a scan from a specific file, not a url scan it would seem.

As far as a domain scan here are a few:

https://www.virustotal.com/gui/url/6b5322ae10243b9df2c720182490a76afe508b591fabc5b16e136bfe9fddb12b?nocache=1

https://sitecheck.sucuri.net/results/notabug.org

Help me understand. If I understood what is going on and where your linked file is lurking, I could spread the word to the Minetest community, etc. Thanks.

Link to post
  • Solution
On 9/30/2022 at 8:21 AM, TechnoWolf said:

let me know if you think based on the above if I have a lurking trojan local on my system or not. Thanks.

Please follow the instructions in this topic then create a new topic in our malware removal area by clicking here and a malware removal specialist will guide you in checking and cleaning your system of any threats. 

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.