I gave it a week or so to see if this would pass.
I trust Malwarebytes for being accurate.
-Log Details-
Protection Event Date: 9/29/19
Protection Event Time: 4:49 PM
Log File: 92b79796-e2fa-11e9-9a2e-00d86116b4be.json
-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.627
Update Package Version: 1.0.12695
License: Premium
-System Information-
OS: Windows 10 (Build 18362.356)
CPU: x64
File System: NTFS
User: System
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
-Website Data-
Category: Trojan
Domain: st.10tl.net
IP Address: 23.29.117.25
Port: [2829]
Type: Outbound
File: C:\Users\AppData\Local\Programs\Chrome\63.0.3368.94\chrome.exe
It's finding the zip files from our package updates on the server:
Scan results for ecoboostperformanceforum.com
Scan ran 2019-09-30
Our scan found some bad things.
Never fear, we fixed them!
Bad permissions
/home/ecoboost/ecoboostperformanceforum.com/Packages/tapatalk_smf-2a_v4.4.0.zip
/home/ecoboost/ecoboostperformanceforum.com/Packages/ezPortal3.2.zip
/home/ecoboost/ecoboostperformanceforum.com/Packages/SimplePortal_2.3.6.zip
/home/ecoboost/ecoboostperformanceforum.com/Packages/tapatalk_smf-2a_v4.5.2.zip
Tapatalk is mobile. I am on a PC. Why would the server send a .zip mobile file to a PC ?
This happens just about every page that I load from this forum. Every day.
Still doesnt explain why etc or if it will get fixed.
I'm quite certain Mike will get this handled Pronto! No worries. Z
Quote from: Macgyver on September 30, 2019, 09:27:00 PM
Tapatalk is mobile. I am on a PC. Why would the server send a .zip mobile file to a PC ?
This happens just about every page that I load from this forum. Every day.
Still doesnt explain why etc or if it will get fixed.
I posted the results of my malware service on the web host server.
I'm saying that your malware software may be doing a recursive search on my server.
If you continue to get the alert then use tapatalk on your mobile and don't use the website, I'm not getting any alerts on my system.
FWIW I would try to Delete http:// instead and enter https:// as an alternative and see if that works. Z
Quote from: ZSHO on October 01, 2019, 05:45:59 PM
FWIW I would try to Delete http:// instead and enter https:// as an alternative and see if that works. Z
Could be a MITM so I would also suggest HTTPS .. if your browser is only loading HTTP pages you could be suffering a downgrade exploit.
I tried Chrome and Opera. Same result. I can run an exception in Malwarebytes but if the "Server" ever gets hacked........My PC is wide open.
I post on a PC. I am not a mobile user for forums and such. So to not use my PC. Aint gonna happen. I just wont use it.
Quote from: Macgyver on October 02, 2019, 04:09:53 PM
I tried Chrome and Opera. Same result. I can run an exception in Malwarebytes but if the "Server" ever gets hacked........My PC is wide open.
I post on a PC. I am not a mobile user for forums and such. So to not use my PC. Aint gonna happen. I just wont use it.
OK well as far as I'm aware you're getting a false positive.
Up to you, nothing to do on my end.
I don't think it is but it is what it is.
Signing off.(https://uploads.tapatalk-cdn.com/20191002/b494088307df503f96572b2f712448de.jpg)
Sent from my LM-G710 using Tapatalk
May be time to talk to Malwarebytes and see if a false +ve can be triggered and if there is a workaround?
I am not being snarky here. Realistic imho. I appreciate the comment Shodded but when its clearly stated to "Not use the website" if it continues to happen. My decision was made for me.
Quote from: EcoPowerParts on October 01, 2019, 12:22:46 AM
Quote from: Macgyver on September 30, 2019, 09:27:00 PM
If you continue to get the alert then use tapatalk on your mobile and don't use the website, I'm not getting any alerts on my system.
Port 3899 is a invalid port for web traffic. That is why your getting a "detection" ... Note the detection is outbound not inbound ..
This smells like a proxy is in play relaying traffic and triggered the alert. If you are not proxied... I'd test on another PC WITH the same install of malware bytes. I bet the alert does NOT occur.
To add, as a AV vendor employee, this is not a true detection, it is a alert based on the port used.
I would not take it to heart if I were you. But definitely contact Malwarebytes, they should be able to resolve it, it's their product, and the company has a good reputation.
Quote from: Macgyver on October 02, 2019, 06:55:11 PM
I am not being snarky here. Realistic imho. I appreciate the comment Shodded but when its clearly stated to "Not use the website" if it continues to happen. My decision was made for me.
Don't stress it! It's unfortunately the time and era we live in that causes us to think twice. Z
hmmm the address and website ''name'' did not sit right with me either... sooo i did this :
http://whois.domaintools.com/23.29.117.25 (http://whois.domaintools.com/23.29.117.25)
http://whois.domaintools.com/10tl.net (http://whois.domaintools.com/10tl.net)
note the IP and named server records do not match for the 'alerted' site when i enter them by hand from your screenshot, they should match given the domain lease is up in 2020
then if i do the same for the ECO site, they match.
http://whois.domaintools.com/ecoboostperformanceforum.com (http://whois.domaintools.com/ecoboostperformanceforum.com)
http://whois.domaintools.com/64.111.117.150 (http://whois.domaintools.com/64.111.117.150)
There is definitely something off on your install and or your traffic is being proxy/routed very poorly.