Jump to content

Recommended Posts

Hey, not sure if this is the correct forum for this but not sure where else to post it.

I was using the browsing mode of ChatGPT and it attempted to display images that triggered Malwarebytes. I had assumed this was not possible, so I'm just wondering if there's actually any risk.

Log was as such:
 

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: RiskWare
Domain: attacker.com
IP Address: 45.88.202.1xx
Port: 4xx
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


I'm 100% sure it was actually ChatGPT that triggered it, I was not doing anything else at the time and it coincided exactly with ChatGPT attempting to show me some images it found in browsing mode. 

So yeah, just curious if it's known whether this can actually pose any risk.
 

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

If you are having technical issues with our Windows product, please do the following:

Malwarebytes Support Tool - Advanced Options

This feature is designed for the following reasons:

  • For use when you are on the forums and need to provide logs for assistance
  • For use when you don't need or want to create a ticket with Malwarebytes
  • For use when you want to perform local troubleshooting on your own

How to use the Advanced Options:

Spoiler
  1. Download Malwarebytes Support Tool
  2. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  3. Place a checkmark next to Accept License Agreement and click Next
  4. Navigate to the Advanced tab
  5. The Advanced menu page contains four categories:
    • Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand.
    • Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot.
    •  Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent.
    • Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program.
  6. To provide logs for review click the Gather Logs button
  7. Upon completion, click OK
  8. A file named mbst-grab-results.zip will be saved to your Desktop
  9. Please attach the file in your next reply.
  10. To uninstall all Malwarebytes Products, click the Clean button.
  11. Click the Yes button to proceed. 
  12. Save all your work and click OK when you are ready to reboot.
  13. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows.
  14. Select Yes to install Malwarebytes.
  15. Malwarebytes for Windows will open once the installation completes successfully.

Screenshots:

Spoiler
 
 
 
 
Spoiler

 

 

01.png

02.png

03.png

04.png

05.png

06.png

 

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: Find my premium license key

 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

Thank you.

Please note that you obfuscated the IP address and destination TCP Port.  Theyy are not a privacy issue necessitating redaction and limits the Forum's ability to assist you.

EDIT:

Please reference the Virus Total Report on the associated Domain...
https://www.virustotal.com/gui/url/a7def6a79d19f74cddfd760d54bf7d497e0393f7a2210ff8842c5009f3cd926f/detection

 

Edited by David H. Lipman
Link to post
Share on other sites

Hello David, thanks for your reply.

I am very aware that that domain is malicious. However, my question is regarding the ChatGPT browsing mode, and whether/how staying within the chatGPT chat it can still have a malicious effect, and how it's possible for it to do something to trigger MalwareBytes, as I did not visit the website myself.

In case it's useful, this is the report without the obfuscation:

 

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: RiskWare
Domain: attacker.com
IP Address: 45.88.202.115
Port: 443
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Link to post
Share on other sites

Thank you.

TCP Port 443 is normal Browser communication over HTTPS.  Something like TCP Port 410 would be abnormal.

I have nothing to say about ChatGPT.

The Domain is what is blocked as Riskware and the VT Report shows that there is concern associated with that Domain.

There are Fake sites and software masquerading as ChatGPT exploiting the public's interest in it.

Link to post
Share on other sites

4 minutes ago, David H. Lipman said:

There are Fake sites and software masquerading as ChatGPT exploiting the public's interest in it.

I understand, in my instance it was not a fake site, it was the official OpenAI chatGPT.

My question is purely regarding whether the browsing mode of ChatGPT is actually able to have a malicious effect and by which method it's able to do something that triggers Malwarebytes. However, since you say you have nothing to say about ChatGPT it doesn't seem like this is within your interests/expertise.

Link to post
Share on other sites

  • Root Admin

No, any site that you can browse within ChatGPT would still have the same security restrictions as if you were not browsing in it. 

If you're browsing for images it can run into a site that is housing an image and links to a known bad site. When that comes up in the browser it's blocked as it should be.

Nothing bad or wrong going on. Malwarebytes is doing it's job of blocking that specific site.

Sort of like if you were running Torrrenting software. Many sites are known to be bad but that does not mean the program or all sites are bad.

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.