Jump to content
You need to play a total of 20 battles to post in this section.
mykil

WOW Trojans, wth?

15 comments in this topic

Recommended Posts

33
[-TXT-]
Alpha Tester
67 posts
23,487 battles

picture of my ping plotter when I fire up World of Warships, as well, Malwarebytes blocks trojans from this app as well. every time I open it, does anyone else get these? what the fuk is going on with the these guys that they need to hack our systems? yoUntitled-1.thumb.jpg.4b005e7dda2b7181ae9315301c9e0caa.jpgu can see it the moment I open it, there is no download scheduled, so that is not a reason, you can see when I close it, then open it a second time, plane as day, WFT.

  • Confused 1

Share this post


Link to post
Share on other sites
SuperTest Coordinator, Beta Testers
6,423 posts
11,483 battles

I can’t see the IPs it’s connecting to, but assuming it’s logging in to your account, it also has to fetch all your account information, like ships in port, equipped modifications, preferences, cosmetics, selected dock, currencies, captains, and daily missions.

I can audit all the IPs but I’m going to need to see more than the first two digits.

Share this post


Link to post
Share on other sites
Members
3,784 posts
13,715 battles
16 minutes ago, mykil said:

picture of my ping plotter when I fire up World of Warships, as well, Malwarebytes blocks trojans from this app as well. every time I open it, does anyone else get these? what the fuk is going on with the these guys that they need to hack our systems? yoUntitled-1.thumb.jpg.4b005e7dda2b7181ae9315301c9e0caa.jpgu can see it the moment I open it, there is no download scheduled, so that is not a reason, you can see when I close it, then open it a second time, plane as day, WFT.

 

8 minutes ago, Compassghost said:

I can’t see the IPs it’s connecting to, but assuming it’s logging in to your account, it also has to fetch all your account information, like ships in port, equipped modifications, preferences, cosmetics, selected dock, currencies, captains, and daily missions.

I can audit all the IPs but I’m going to need to see more than the first two digits.

giphy.gif

Share this post


Link to post
Share on other sites
33
[-TXT-]
Alpha Tester
67 posts
23,487 battles

This is not when I log into the game, this is when I log into war gaming  game center

Share this post


Link to post
Share on other sites
SuperTest Coordinator, Beta Testers
6,423 posts
11,483 battles
6 minutes ago, mykil said:

This is not when I log into the game, this is when I log into war gaming  game center


Have you turned off the auto update? Try turning that and the automatic seeding off and see if those go away.

Share this post


Link to post
Share on other sites
Members
985 posts
4,090 battles

Ok, I am confused. Pingplotter works by IP address, so how is that info in the pic from the game center??? You can't ping the WGC. Plus it says you're pinging google.com.

Edited by DeathLord1969

Share this post


Link to post
Share on other sites
Members
3,784 posts
13,715 battles
40 minutes ago, DeathLord1969 said:

Ok, I am confused. Pingplotter works by IP address, so how is that info in the pic from the game center??? You can't ping the WGC. Plus it says you're pinging google.com.

Yah. Couldnt figure out what OP wanted us or support to do with a picture of a traceroute to google. lol

Share this post


Link to post
Share on other sites
Members
985 posts
4,090 battles
14 minutes ago, Rollingonit said:

Yah. Couldnt figure out what OP wanted us or support to do with a picture of a traceroute to google. lol

IKR? Pingplotter doesn't do anything until an IP or url is entered. Opening apps does nothing.
UNLESS, he had google open and being traced and when he opened the WGC, that happened? But it looks like a bad node at #5.

Edited by DeathLord1969

Share this post


Link to post
Share on other sites
33
[-TXT-]
Alpha Tester
67 posts
23,487 battles

there is a new download, I did not see, WOT's, still does not explain why my virus scan picks up a virus every time I open it?

Share this post


Link to post
Share on other sites
153
[PVE]
Members
563 posts
10,581 battles
1 hour ago, mykil said:

there is a new download, I did not see, WOT's, still does not explain why my virus scan picks up a virus every time I open it?

Virus scanners have both false positives and false negatives.

Share this post


Link to post
Share on other sites
33
[-TXT-]
Alpha Tester
67 posts
23,487 battles

is this a false wg.jpg.e46ada0243f05f40afa91fde6b15615e.jpgwg.jpg.3ad389d8636e3ddabd5fabd8ebc5354f.jpg, each and every time I open gaming center? 

Share this post


Link to post
Share on other sites
33
[-TXT-]
Alpha Tester
67 posts
23,487 battles

another day, another IP address, seriously wth, every time it blocks a different IP address, WHY?

Untitled-1.jpg

Share this post


Link to post
Share on other sites
10
[TWWB]
Members
102 posts

In Game Center look under update options.. You will notice the "No Uploading" toggle.... Chances are once you enable this you should see less of that second one you posted.

 

You also maybe misreading the information given by Malwarebytes. It isn't saying that game center is a virus, it is blocking a connection to an IP address that (per what ever viral definitions created by Malwarebytes) has labeled it a virus (or viral like activity, it looks like a "generic" detection in your case which typically is a false positive). A similar (though not exact) example is like running my own mail server on my residential IP address. It gets blacklisted on spamhaus and etc, so all of a sudden all the email I send gets flagged as spam by everyone. In reality the only reason why it is blacklisted is I am using a dynamic IP address and not a static one, so it's a false positive.
 

It's a high probability that it's a false positive and only Malwarebytes can tell you why that is (as well as issue a correction to the detection databases they use). You could also configure Malwarebytes to allow/ignore Game Center in it's scans so you don't see this anymore. 

 

As an FYI for those interested

  • First IP address of 218.23.109.66 is allocated to China.
  • Second IP address 59.23.24.187 is allocated to Korea.

 

Edited by scoots76

Share this post


Link to post
Share on other sites
6,233
[WORX]
Members
11,357 posts
19,064 battles
On 10/19/2020 at 7:58 PM, mykil said:

is this a false wg.jpg.e46ada0243f05f40afa91fde6b15615e.jpgwg.jpg.3ad389d8636e3ddabd5fabd8ebc5354f.jpg, each and every time I open gaming center? 

That malware company is known to create false positive attacks... In fact, the whole malware/anti virus industry are known for creating files to trigger false positives. 

 

 

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×