Jump to content

CnCNetYRLauncher false positive?


Gokussj

Recommended Posts

8 minutes ago, Gokussj said:

mbam starts sending alerts about a blocked website.

We need the log showing the block.

You can find Scan and Protection logs within the Malwarebytes 4 program in the following location

 

image.png

 

RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged

 

image.png

 

If you click on the View option you should get something similar to the following with other options available.

 

image.png

 

 

 

Thank you

 

Link to post
Share on other sites

3 minutes ago, Porthos said:

We need the log showing the block.

You can find Scan and Protection logs within the Malwarebytes 4 program in the following location

 

image.png

 

RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged

 

image.png

 

If you click on the View option you should get something similar to the following with other options available.

 

image.png

 

 

 

Thank you

 

Hi, thanks for asnwering. So there are 2 type of reports: one says it's a malware with no file and the other says it's a file which is a trojan. I'll send both

 

Malware

 

Quote

Malwarebytes
www.malwarebytes.com

-Detalhes do Relatório-
Data do evento de proteção: 20/10/2022
Hora do evento de proteção: 12:29
Arquivo de relatório: f4f5b2ce-508b-11ed-99ef-706979a6dd4d.json

-Informações do Software-
Versão: 4.5.14.210
Versão de componentes: 1.0.1767
Versão do pacote de definições: 1.0.61295
Licença: Somente
Premium

-Informações do Sistema-
Sistema operacional: Windows 10 (Build 19044.2130)
Processador: x64
Sistema de arquivos: NTFS
Usuário: System

-Detalhes do Site da Web Bloqueado-
Site da web malicioso: 1
, System, Bloqueado, -1, -1, 0.0.0, , 

-Dados do site da Web-
Categoria: Malware
Domínio: 
Endereço IP: 113.87.225.47
Porta: 0
(Nenhum item malicioso detectado)
Tipo: Saída
Arquivo: System

(end)

 

Trojan

 

Quote

Malwarebytes
www.malwarebytes.com

-Detalhes do Relatório-
Data do evento de proteção: 20/10/2022
Hora do evento de proteção: 12:19
Arquivo de relatório: 8f32fb5a-508a-11ed-a4ef-706979a6dd4d.json

-Informações do Software-
Versão: 4.5.14.210
Versão de componentes: 1.0.1767
Versão do pacote de definições: 1.0.61295
Licença: Somente
Premium

-Informações do Sistema-
Sistema operacional: Windows 10 (Build 19044.2130)
Processador: x64
Sistema de arquivos: NTFS
Usuário: System

-Detalhes do Site da Web Bloqueado-
Site da web malicioso: 1
, C:\Program Files (x86)\Red Alert 2 Yuri's Revenge\Resources\clientdx.exe, Bloqueado, -1, -1, 0.0.0, , 

-Dados do site da Web-
Categoria: Trojan
Domínio: 
Endereço IP: 113.87.225.47
Porta: 0
(Nenhum item malicioso detectado)
Tipo: Saída
Arquivo: C:\Program Files (x86)\Red Alert 2 Yuri's Revenge\Resources\clientdx.exe

(end)

 

Link to post
Share on other sites

While we wait for staff to review, I want to pass some info on to you, Staff will check the IP and if not bad anymore they will delist it.

It must be due to some server(s) the games are trying to connect to. Steam and many others use p2p connections to play online. As long as the games aren't at risk for connecting to malicious content (which they shouldn't be), you should be able to simply exclude the games' executables from Web Protection using the method described under the Allow an application to connect to the Internet section of this support article.

Link to post
Share on other sites

  • Staff
38 minutes ago, Gokussj said:

Hi, thanks for asnwering. So there are 2 type of reports: one says it's a malware with no file and the other says it's a file which is a trojan. I'll send both

 

Malware

 

 

Trojan

 

 

Hello- This is a valid block, related to Mozi botnet: VirusTotal - Ip address - 113.87.225.47

Link to post
Share on other sites

  • Staff
6 minutes ago, Gokussj said:

 And why this started all of a sudden? Because i have this game since a long time and i never saw these alerts. It started today. If i send that file here, can you analyze it? Thanks

The block has been in place since July, as to the file it's probably ok, but the IP is what's triggering the alert.

Link to post
Share on other sites

44 minutes ago, Gokussj said:

So if i block that ip on MB, can i keep this game?

It is already blocked and that is why you see the alerts. You could do the follow my previous advice or you could try the following.

Play Mode (Premium only)

Play Mode allows you to hide Malwarebytes notifications when certain programs are in use. We recommend turning on this feature during movies, gaming, and presentations. If you want to add an application to Play Mode, click Add. The Add an application window appears:

DOC-3562-2.png

Enter the app's full path and file name into the Select an application field, or click Browse... and navigate to the file. You can then add a name in the Application name field to help you remember what the app is. When the added app is running and Play Mode is toggled on, Malwarebytes will not display notifications on screen. If a notification occurs that requires you to take action, Malwarebytes will delay the notification until you close all apps that are configured in Play Mode. You can Edit or Remove any apps you have previously added to Play Mode.

 

Link to post
Share on other sites

28 minutes ago, Porthos said:

It is already blocked and that is why you see the alerts. You could do the follow my previous advice or you could try the following.

Play Mode (Premium only)

Play Mode allows you to hide Malwarebytes notifications when certain programs are in use. We recommend turning on this feature during movies, gaming, and presentations. If you want to add an application to Play Mode, click Add. The Add an application window appears:

DOC-3562-2.png

Enter the app's full path and file name into the Select an application field, or click Browse... and navigate to the file. You can then add a name in the Application name field to help you remember what the app is. When the added app is running and Play Mode is toggled on, Malwarebytes will not display notifications on screen. If a notification occurs that requires you to take action, Malwarebytes will delay the notification until you close all apps that are configured in Play Mode. You can Edit or Remove any apps you have previously added to Play Mode.

 

Ok, but i'm worried about this botnet. How can i know if my computer is part of it? Should i run a scan or ask for help on malware removal?

Link to post
Share on other sites

9 minutes ago, Gokussj said:

How can i know if my computer is part of it? Should i run a scan or ask for help on malware removal?

I doubt your are having an issue with the computer being infected. You are welcome to scan with Malwarebytes but I think the automatic scans were already running and would have alerted you already to an actual infected file or files.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.