Jump to content
You need to play a total of 20 battles to post in this section.
JCuss

gaming center hitting a trojan site/IP

16 comments in this topic

Recommended Posts

40
[HANK3]
Members
40 posts
1,986 battles

Anyone out there run Malwarebytes?  I got this alert today:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/1/21
Protection Event Time: 1:46 PM
Log File: 9065ce6e-22df-11ec-a071-b42e99a5b6fb.json

-Blocked Website Details-

Malicious Website: 1
, C:\ProgramData\Wargaming.net\GameCenter\wgc.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Trojan
Domain:
IP Address: 178.175.73.40
Port: 6881
Type: Outbound
File: C:\ProgramData\Wargaming.net\GameCenter\wgc.exe

 

Basically, Malwarebytes is saying that the Wargames Gaming Center executable attempted to hit a site that was identified (having) a trojan, and did this on port 6881.  Apparently the site has been blacklisted by others, including Barracuda.  I guess I should be asking Wargaming about this...

Share this post


Link to post
Share on other sites
769
[WG]
[WG]
Administrator
423 posts
6,021 battles

Thank you for providing the detailed information. This is very helpful to our investigation. We will investigate it on our side and possibly reach out to them to whitelist that port for us. Sometimes false positives like this can be triggered by bigger patches and things like that. In any case, we will investigate it on our side, for now if it blocks your connection you might need to whitelist on your side. Is anyone else using this same protection and having the same error?

Share this post


Link to post
Share on other sites
1,622
[UNHLY]
Wiki Editor
5,735 posts
15,649 battles
26 minutes ago, Maredraco said:

Thank you for providing the detailed information. This is very helpful to our investigation. We will investigate it on our side and possibly reach out to them to whitelist that port for us. Sometimes false positives like this can be triggered by bigger patches and things like that. In any case, we will investigate it on our side, for now if it blocks your connection you might need to whitelist on your side. Is anyone else using this same protection and having the same error?

I haven't had it with this patch, but it was happening to me a few patches ago with the PTS update and once for the live server pre-download.

Share this post


Link to post
Share on other sites
11,532
[SALVO]
Members
27,147 posts
34,417 battles
34 minutes ago, Maredraco said:

Thank you for providing the detailed information. This is very helpful to our investigation. We will investigate it on our side and possibly reach out to them to whitelist that port for us. Sometimes false positives like this can be triggered by bigger patches and things like that. In any case, we will investigate it on our side, for now if it blocks your connection you might need to whitelist on your side. Is anyone else using this same protection and having the same error?

"Whitelist"?  What is whitelisting?

Share this post


Link to post
Share on other sites
769
[WG]
[WG]
Administrator
423 posts
6,021 battles
5 minutes ago, Crucis said:

"Whitelist"?  What is whitelisting?

Whitelisting a port is opening the port to receive data as "trusted" you can read more about it in pages like this: https://www.tomshardware.com/news/how-to-open-firewall-ports-in-windows-10,36451.html

13 minutes ago, MidnightPhoenix07 said:

I haven't had it with this patch, but it was happening to me a few patches ago with the PTS update and once for the live server pre-download.

Oh yes, because of the communication overseas for the PTS authentication service I can see that definitely being flagged. Do you use the same protections as the OP?

Share this post


Link to post
Share on other sites
1,622
[UNHLY]
Wiki Editor
5,735 posts
15,649 battles
Just now, Maredraco said:

Oh yes, because of the communication overseas for the PTS authentication service I can see that definitely being flagged. Do you use the same protections as the OP?

Yes, Malwarebytes same as the OP.

And for both the IP was listed as being in South America (not even Russia for the PTS server). But a day or two later for the live client, it downloaded fine without any flag.

Share this post


Link to post
Share on other sites
40
[HANK3]
Members
40 posts
1,986 battles

Well, Malwarebytes is still flagging the IP as having a trojan.  Even when I plug the IP into my web browser it gets flagged, so it whitelisting a port wouldn't change it.  Besides, until I know exactly what 178.175.73.40  is, why would I whitelist it?  Is this a wargaming server or is it something else?

Does Wargaming use bittorrent to download patches?

Edited by JCuss

Share this post


Link to post
Share on other sites
114
[BEARS]
[BEARS]
Beta Testers
360 posts
10,359 battles

I've always had this issue with Malwarebytes...but I'm not about to remove it.  

image.png.08789e02bfa16a1f38859a9e957c0d29.png

  • Cool 1

Share this post


Link to post
Share on other sites
2,859
[S0L0]
Alpha Tester, In AlfaTesters
5,420 posts
8,963 battles

Honestly not hard to see why Malware bytes picks up in it.  Essentially you have a piece of software downloading installations at it's own command..  It's the definition of a trojan.    I don't use it, but would certainly feel more comfortable that its looking hard at this behavior.      

Share this post


Link to post
Share on other sites
997
[WOLF4]
[WOLF4]
Beta Testers, In AlfaTesters
1,583 posts
17,572 battles

Looks like the built in bittorrent is still as poorly coded as ever. As mentioned above likely nothing more than Malwarebytes being over zealous and a false positive.

 

They ever fix that other lovely little bit with it where if you don't limit the download speed in WGC that when it decides to download anything that it will cripple your internet connection to the exclusion of anything else until the download is done?

Share this post


Link to post
Share on other sites
25
[KSC]
Members
51 posts
11,515 battles

I had a similar issue with Malwarebytes flagging everything when I had a download/update from WGC. I’m pretty sure it’s all false positives.

Share this post


Link to post
Share on other sites
0
[CIAO]
Members
3 posts
1,617 battles
On 10/1/2021 at 1:05 PM, Maredraco said:

Thank you for providing the detailed information. This is very helpful to our investigation. We will investigate it on our side and possibly reach out to them to whitelist that port for us. Sometimes false positives like this can be triggered by bigger patches and things like that. In any case, we will investigate it on our side, for now if it blocks your connection you might need to whitelist on your side. Is anyone else using this same protection and having the same error?

I have mcafee and have seen where it blocked a couple risky connections in the past couple of weeks.

Share this post


Link to post
Share on other sites
Beta Testers, In AlfaTesters
537 posts
5,719 battles

 well this is odd today it seems the launcher is causing Malwarebytes today to  go nope thats not a normal launcher and now it seems to think its both compromised & is a trojan as seen here:

bestbattle.jpg.f0ba832c2b9a05e670a29b73d782d479.jpg

bestbattle2.jpg.0fee3a55bfa1146971986f25156e5e4c.jpg

 

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×