Jump to content

Malwarebytes Browser Guard blocked an extension


AlfaVitaY2K2

Recommended Posts

Malwarebytes Browser Guard blocked an extension called VeePN. It's a free VPN for Chrome. MB said it contains a trojan. I've checked on Google Play store and this extension has many users. It's quite popular. No other browser security extensions blocked it. Is it possible to check if this extension VeePN really contains a trojan, or if it's a false positive?

Link to post
2 minutes ago, BjelakovicL said:

Unfortunately, I'm not able to replicate this issue.

Well, you have to activate the extension's VPN to be blocked. MB blocked the extension only when I clicked on the button to activate the VPN. MB did not block the extension when it's not working. There is a big green button when you click on extension icon, you need to click on that button to activate the VPN working.

Link to post
17 hours ago, AlfaVitaY2K2 said:

This is weird. Installed it again and switched on, but your extension is not blocking anymore. What does it mean?

You had an old version of MB extension. Or for some reason your MB extension was broken and needed a factory reset

Reinstall it did both, a fresh install and last version

Edited by leo3487
Link to post
3 hours ago, BjelakovicL said:

Please post a screenshot of the block. I'm not able to replicate the issue again.

Sorry, but the block message is very fast and disappears automatically. Can't do a screenshot. The only way to replicate is to switch to the Russian address of St. Petersburg and see it blocked by MB eextension.

Here is the address from my MB log: credibility-ru.tlsext.com

This is all I've got from the MB logs of blocked addresses.

Link to post

 

@AlfaVitaY2K2

You keep saying Browser Guard. That address is blocked by Malwarebytes Premium.

@BjelakovicL

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 9/2/23
Protection Event Time: 11:15 AM
Log File: fec7103a-49ab-11ee-97a3-4439c43a4aa3.json

-Software Information-
Version: 4.6.2.281
Components Version: 1.0.2131
Update Package Version: 1.0.74769
License: Premium

-System Information-
OS: Windows 10 (Build 19045.3324)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Malware
Domain:
IP Address: 50.87.110.165
Port: 80
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

 

(end)

  • Thanks 1
Link to post
36 minutes ago, Porthos said:

 

@AlfaVitaY2K2

You keep saying Browser Guard. That address is blocked by Malwarebytes Premium.

@BjelakovicL

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 9/2/23
Protection Event Time: 11:15 AM
Log File: fec7103a-49ab-11ee-97a3-4439c43a4aa3.json

-Software Information-
Version: 4.6.2.281
Components Version: 1.0.2131
Update Package Version: 1.0.74769
License: Premium

-System Information-
OS: Windows 10 (Build 19045.3324)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Malware
Domain:
IP Address: 50.87.110.165
Port: 80
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

 

(end)

So it's not a false positive? It's a real trojan?

Link to post
  • Staff
On 9/2/2023 at 7:06 PM, AlfaVitaY2K2 said:

Here is the address from my MB log: credibility-ru.tlsext.com

This is a valid IP block. https://www.virustotal.com/gui/ip-address/77.73.69.59/detection

On 9/2/2023 at 7:21 PM, Porthos said:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 9/2/23
Protection Event Time: 11:15 AM
Log File: fec7103a-49ab-11ee-97a3-4439c43a4aa3.json

-Software Information-
Version: 4.6.2.281
Components Version: 1.0.2131
Update Package Version: 1.0.74769
License: Premium

-System Information-
OS: Windows 10 (Build 19045.3324)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Malware
Domain:
IP Address: 50.87.110.165
Port: 80
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

 

(end)

This IP is not in the database.

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.