Jump to content

Malwarebytes Premium detects gmod.exe as a Trojan/Spyware/Compromised

beesechurger

By beesechurger
in Website Blocking

 Share
Go to solution Solved by BjelakovicL,

Recommended Posts

beesechurger

beesechurger

Posted
Posted

Every time I launch Garry's Mod I get multiple warnings about gmod.exe being Compromised, A Trojan, or Spyware. It's kinda freaking me out a bit every time it happens. I even tried putting it in my Exclusion List but it keeps happening. These Notifications only popup when I tab out or when I quit Garry's Mod, it never pops up while i'm playing the game. Need some insight on this so I stop getting worried about the Notifications. I can provide the reports if you need them.

Link to post
Share on other sites
beesechurger

beesechurger

Posted
  • Author
Posted

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 8/29/2024
Protection Event Time: 4:06 AM
Log File: 0517a7b8-65e6-11ef-8d6f-7a79190a026d.json

-Software Information-
Version: 5.1.8.123
Components Version: 1.0.5007
Update Package Version: 1.0.88479
License: Trial

-System Information-
OS: Windows 10 (Build 19045.4780)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\bin\win64\gmod.exe, Blocked, -1, -1, 0.0.0, 26916E491F370DBF9DBFD3BB1A442CA0, FAE96CE1A9B3050E90773B2FCE4E1503319FBBF001CB97318099749309AC61B3

-Website Data-
Category: Compromised
Domain: 
IP Address: 185.38.148.134
Port: 27025
Type: Outbound
File: C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\bin\win64\gmod.exe


 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 8/29/2024
Protection Event Time: 4:06 AM
Log File: fdb3c6f0-65e5-11ef-a54d-7a79190a026d.json

-Software Information-
Version: 5.1.8.123
Components Version: 1.0.5007
Update Package Version: 1.0.88479
License: Trial

-System Information-
OS: Windows 10 (Build 19045.4780)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\bin\win64\gmod.exe, Blocked, -1, -1, 0.0.0, 26916E491F370DBF9DBFD3BB1A442CA0, FAE96CE1A9B3050E90773B2FCE4E1503319FBBF001CB97318099749309AC61B3

-Website Data-
Category: Trojan
Domain: 
IP Address: 5.196.214.1
Port: 29050
Type: Outbound
File: C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\bin\win64\gmod.exe

Link to post
Share on other sites
  • Staff
  • Solution
BjelakovicL

BjelakovicL

Posted
  • Staff
  • Solution
Posted

Hi,

Thanks for reporting. The IP blocks will be removed.

The IPs are getting blocked due to some server(s) the games are trying to connect to. Many games connect to many different IPs to play online.

Some of those IPs get blocked for one reason or another.

The game itself is not a virus.

Link to post
Share on other sites
beesechurger

beesechurger

Posted
  • Author
Posted

I forgot to mention but I have another IP that might need to be removed from the block list. 

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 8/29/2024
Protection Event Time: 7:08 PM
Log File: f5f40460-6663-11ef-ad36-7a79190a026d.json

-Software Information-
Version: 5.1.8.123
Components Version: 1.0.5007
Update Package Version: 1.0.88503
License: Trial

-System Information-
OS: Windows 10 (Build 19045.4780)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\bin\win64\gmod.exe, Blocked, -1, -1, 0.0.0, 26916E491F370DBF9DBFD3BB1A442CA0, FAE96CE1A9B3050E90773B2FCE4E1503319FBBF001CB97318099749309AC61B3

-Website Data-
Category: Trojan
Domain: 
IP Address: 216.52.143.121
Port: 27015
Type: Outbound
File: C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\bin\win64\gmod.exe
 

Link to post
Share on other sites
Kenway103

Kenway103

Posted
Posted

Hi, I am also experiencing this issue as well everytime I launch garry's mod, no matter if it's excluded or not I get the alert for a Trojan, but the IP addresses in my logs are different than OP's post:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 2024-08-30
Protection Event Time: 01:19 PM
Log File: 612b61fe-66fc-11ef-940c-309c23a888c9.json

-Software Information-
Version: 5.1.8.123
Components Version: 1.0.5007
Update Package Version: 1.0.88539
License: Premium

-System Information-
OS: Windows 10 (Build 19045.4780)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, D:\SteamLibrary\steamapps\common\GarrysMod\bin\win64\gmod.exe, Blocked, -1, -1, 0.0.0, 26916E491F370DBF9DBFD3BB1A442CA0, FAE96CE1A9B3050E90773B2FCE4E1503319FBBF001CB97318099749309AC61B3

-Website Data-
Category: Trojan
Domain:
IP Address: 74.91.123.148
Port: 27015
Type: Outbound
File: D:\SteamLibrary\steamapps\common\GarrysMod\bin\win64\gmod.exe

 

(end)

Link to post
Share on other sites
Kenway103

Kenway103

Posted
Posted
11 hours ago, BjelakovicL said:

Thanks! It will be fixed in the next database update.

The 74.91.123.148 address is the most common IP address it blocks, but here are some other ones from different dates:



Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 2024-08-07
Protection Event Time: 08:27 AM
Log File: c69ede88-54c0-11ef-bc16-309c23a888c9.json

-Software Information-
Version: 5.1.6.117
Components Version: 1.0.1280
Update Package Version: 1.0.87592
License: Premium

-System Information-
OS: Windows 10 (Build 19045.4651)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, D:\SteamLibrary\steamapps\common\GarrysMod\bin\win64\gmod.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: RiskWare
Domain:
IP Address: 162.0.238.10
Port: 27015
Type: Outbound
File: D:\SteamLibrary\steamapps\common\GarrysMod\bin\win64\gmod.exe

 

(end)
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 2024-06-06
Protection Event Time: 12:01 PM
Log File: 5d0f111a-2426-11ef-b086-309c23a888c9.json

-Software Information-
Version: 5.1.4.112
Components Version: 1.0.1244
Update Package Version: 1.0.85533
License: Premium

-System Information-
OS: Windows 10 (Build 19045.4412)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, D:\SteamLibrary\steamapps\common\GarrysMod\bin\win64\gmod.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Trojan
Domain:
IP Address: 95.154.68.79
Port: 27015
Type: Outbound
File: D:\SteamLibrary\steamapps\common\GarrysMod\bin\win64\gmod.exe

 

(end)


 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.