• Welcome to Ecoboost Performance Forum. Please log in or sign up.
collapse

Malwarebytes detecting trojan

Started by Macgyver, September 29, 2019, 04:56:34 PM

Previous topic - Next topic

Macgyver

I gave it a week or so to see if this would pass.

I trust Malwarebytes for being accurate.


-Log Details-


Protection Event Date: 9/29/19
Protection Event Time: 4:49 PM
Log File: 92b79796-e2fa-11e9-9a2e-00d86116b4be.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.627
Update Package Version: 1.0.12695
License: Premium

-System Information-
OS: Windows 10 (Build 18362.356)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-

Malicious Website: 1

, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Trojan
Domain: st.10tl.net
IP Address: 23.29.117.25
Port: [2829]
Type: Outbound
File: C:\Users\AppData\Local\Programs\Chrome\63.0.3368.94\chrome.exe

EcoPowerParts

It's finding the zip files from our package updates on the server:
Scan results for ecoboostperformanceforum.com
Scan ran 2019-09-30

Our scan found some bad things.
 Never fear, we fixed them!
Bad permissions

/home/ecoboost/ecoboostperformanceforum.com/Packages/tapatalk_smf-2a_v4.4.0.zip
/home/ecoboost/ecoboostperformanceforum.com/Packages/ezPortal3.2.zip
/home/ecoboost/ecoboostperformanceforum.com/Packages/SimplePortal_2.3.6.zip
/home/ecoboost/ecoboostperformanceforum.com/Packages/tapatalk_smf-2a_v4.5.2.zip
Mike B | info@ecopowerparts.com
www.ecopowerparts.com -
please use my website for any price quotes and to submit any orders.
Please email me via info@ecopowerparts.com if you have any questions on new or existing orders, PM's via the forum are hard to track your purchase as I can't relate user name to actual name.
https://www.facebook.com/ecopowerparts

Macgyver

Tapatalk is mobile. I am on a PC. Why would the server send a .zip mobile file to a PC ?

This happens just about every page that I load from this forum. Every day.

Still doesnt explain why etc or if it will get fixed.


ZSHO

I'm quite certain Mike will get this handled Pronto! No worries. Z


2013 Performance Package SHO| Livernois Custom Methanol Tune|3-Bar Map|Reische-170-Stat|Full Race Tial-10psi BOV in Black|PPE-Gloss Black Hot Pipes|EPP Dual Intake in Gloss Black|PPE Catted DP|Corsa Sport Cat Back Exhaust|H&R Sport-Springs|CFM Performance Billet Valve Cover Breather In Gloss Black|Llumar 20%Ceramic window Tint|MSD Ignition Coils in Black|Extreme Roof Spoiler|Redline Fluids all around|Gearhead Intercooler|First-SHO With Direct Port Alky-VP-M1-100%-Methanol Injection|LMS-Custom-Dyno-Tuned @ 415whp-465wtq| Best Trap Speed of 115.54 mph|

EcoPowerParts

Quote from: Macgyver on September 30, 2019, 09:27:00 PM
Tapatalk is mobile. I am on a PC. Why would the server send a .zip mobile file to a PC ?

This happens just about every page that I load from this forum. Every day.

Still doesnt explain why etc or if it will get fixed.


I posted the results of my malware service on the web host server.
I'm saying that your malware software may be doing a recursive search on my server.
If you continue to get the alert then use tapatalk on your mobile and don't use the website, I'm not getting any alerts on my system.
Mike B | info@ecopowerparts.com
www.ecopowerparts.com -
please use my website for any price quotes and to submit any orders.
Please email me via info@ecopowerparts.com if you have any questions on new or existing orders, PM's via the forum are hard to track your purchase as I can't relate user name to actual name.
https://www.facebook.com/ecopowerparts

ZSHO

#5
FWIW I would try to Delete http:// instead and enter https:// as an alternative and see if that works. Z


2013 Performance Package SHO| Livernois Custom Methanol Tune|3-Bar Map|Reische-170-Stat|Full Race Tial-10psi BOV in Black|PPE-Gloss Black Hot Pipes|EPP Dual Intake in Gloss Black|PPE Catted DP|Corsa Sport Cat Back Exhaust|H&R Sport-Springs|CFM Performance Billet Valve Cover Breather In Gloss Black|Llumar 20%Ceramic window Tint|MSD Ignition Coils in Black|Extreme Roof Spoiler|Redline Fluids all around|Gearhead Intercooler|First-SHO With Direct Port Alky-VP-M1-100%-Methanol Injection|LMS-Custom-Dyno-Tuned @ 415whp-465wtq| Best Trap Speed of 115.54 mph|

TopherSho

Quote from: ZSHO on October 01, 2019, 05:45:59 PM
FWIW I would try to Delete http:// instead and enter https:// as an alternative and see if that works. Z

Could be a MITM so I would also suggest HTTPS .. if your browser is only loading HTTP pages you could be suffering a downgrade exploit.
2010 non-pp, 98k miles, 3-bar,  .026 plugs, SNOW-KIT STG1, AJPTurbu tune#35, 15.5+psi
Best 0-60 public road 4.35s
Best 1/4 of 12.61 no DA correction

Macgyver

I tried Chrome and Opera. Same result. I can run an exception in Malwarebytes but if the "Server" ever gets hacked........My PC is wide open.

I post on a PC. I am not a mobile user for forums and such. So to not use my PC. Aint gonna happen. I just wont use it.


EcoPowerParts

Quote from: Macgyver on October 02, 2019, 04:09:53 PM
I tried Chrome and Opera. Same result. I can run an exception in Malwarebytes but if the "Server" ever gets hacked........My PC is wide open.

I post on a PC. I am not a mobile user for forums and such. So to not use my PC. Aint gonna happen. I just wont use it.


OK well as far as I'm aware you're getting a false positive.
Up to you, nothing to do on my end.
Mike B | info@ecopowerparts.com
www.ecopowerparts.com -
please use my website for any price quotes and to submit any orders.
Please email me via info@ecopowerparts.com if you have any questions on new or existing orders, PM's via the forum are hard to track your purchase as I can't relate user name to actual name.
https://www.facebook.com/ecopowerparts

Macgyver

I don't think it is but it is what it is.

Signing off.

Sent from my LM-G710 using Tapatalk


SHOdded

May be time to talk to Malwarebytes and see if a false +ve can be triggered and if there is a workaround?
2007 Ford Edge SEL, Powerstop F/R Brake Kit, TXT LED 6000K Lo & Hi Beams, W16W LED Reverse Bulbs, 3BSpec 2.5w Map Lights, 5W Cree rear dome lights, 5W Cree cargo light, DTBL LED Taillights

If tuned:  Take note of the strategy code as you return to stock (including 3 bar MAP to 2 bar MAP) -> take car in & get it serviced -> check strategy code when you get car back -> have tuner update your tune if the strategy code has changed -> reload tune -> ENJOY!

Macgyver

I am not being snarky here. Realistic imho. I appreciate the comment Shodded but when its clearly stated to "Not use the website" if it continues to happen. My decision was made for me.


Quote from: EcoPowerParts on October 01, 2019, 12:22:46 AM
Quote from: Macgyver on September 30, 2019, 09:27:00 PM
If you continue to get the alert then use tapatalk on your mobile and don't use the website, I'm not getting any alerts on my system.

TopherSho

Port 3899 is a invalid port for web traffic.  That is why your getting a "detection" ... Note the detection is outbound not  inbound ..

This smells like a proxy is in play relaying traffic and triggered the alert.  If you are not proxied... I'd test on another PC WITH the same install of malware bytes.  I bet the alert does NOT occur.
2010 non-pp, 98k miles, 3-bar,  .026 plugs, SNOW-KIT STG1, AJPTurbu tune#35, 15.5+psi
Best 0-60 public road 4.35s
Best 1/4 of 12.61 no DA correction

TopherSho

#13
To add, as a AV vendor employee, this is not a true detection, it is a alert based on the port used. 
2010 non-pp, 98k miles, 3-bar,  .026 plugs, SNOW-KIT STG1, AJPTurbu tune#35, 15.5+psi
Best 0-60 public road 4.35s
Best 1/4 of 12.61 no DA correction

SHOdded

I would not take it to heart if I were you.  But definitely contact Malwarebytes, they should be able to resolve it, it's their product, and the company has a good reputation.
Quote from: Macgyver on October 02, 2019, 06:55:11 PM
I am not being snarky here. Realistic imho. I appreciate the comment Shodded but when its clearly stated to "Not use the website" if it continues to happen. My decision was made for me.
2007 Ford Edge SEL, Powerstop F/R Brake Kit, TXT LED 6000K Lo & Hi Beams, W16W LED Reverse Bulbs, 3BSpec 2.5w Map Lights, 5W Cree rear dome lights, 5W Cree cargo light, DTBL LED Taillights

If tuned:  Take note of the strategy code as you return to stock (including 3 bar MAP to 2 bar MAP) -> take car in & get it serviced -> check strategy code when you get car back -> have tuner update your tune if the strategy code has changed -> reload tune -> ENJOY!