Jump to content

Possible website or game-update infection?


CoolAid

Recommended Posts

Hello,

Ik tried updating Renegade X today and my Malwarebytes Premium showed me a message and blocked an outbound connection for the reason "Trojan". It could be possible there is an infection in the website. Maybe even de game update (i doubt this, but it's not impossible for some developer having an infected/hacked computer)?

It didnt give this message on all previous updates that where downloaded. I have Malwarebytes Premium running for years.

I stopped the download of the update as a precausion.

Please investigate this matter.

2021-03-18_17-06-19.jpg

Edited by CoolAid
Link to comment
Share on other sites

  • CoolAid changed the title to Possible website or game-update infection?
  • Totem Arts Staff
17 minutes ago, CoolAid said:

Hello,

Ik tried updating Renegade X today and my Malwarebytes Premium showed me a message and blocked an outbound connection for the reason "Trojan". It could be possible there is an infection in the website. Maybe even de game update (i doubt this, but it's not impossible for some developer having an infected/hacked computer)?

It didnt give this message on all previous updates that where downloaded. I have Malwarebytes Premium running for years.

I stopped the download of the update as a precausion.

Please investigate this matter.

2021-03-18_17-06-19.jpg

The website and patch mirrors are completely separate, and it's highly unlikely that it would even be able to detect that there was a virus in the patch data, considering it's all in a delta format. The launcher doesn't even download any "regular" files. Unless your antivirus is actively unpacking all the delta files (what the launcher does in the apply phase, partially), I would say it's a false positive.

We will look anyway, but that one is actually one of the newest patch servers, so I highly doubt anything could be wrong with it.

Link to comment
Share on other sites

I think it's the "Web protection" feature of Malwarebytes. This one sometimes blocks websites/IPs that host infected files (or have been hosting in the past).

When I visit the website https://multiplayerforums.com/ the "Web protection" feature of Malwarebytes also warns about a trojan. Probably because one of the downloads there might be infected or it has links to infected downloadable files.

Ofcourse it could be false positives. But for me there is no way to know for sure.

2021-03-18_17-49-07.jpg

Edited by CoolAid
Link to comment
Share on other sites

  • Totem Arts Staff

Complete false positives.  Malwarebytes has a database of IP Addresses that were probably bad at one point.  They could also have marked an IP bad and it was not.

We verify very file you download so they have not been tampered with.

 

Same with our site MPF (I'm an admin at MPF)  Thats just gs4u.net what we use to show some ingame stats on our website.

  • Thanks 1
  • Sad 1
Link to comment
Share on other sites

Interesting that it detects it as a Trojan. Probably due an outgoing connection hence it detect it as a backdoor attempt what Trojans tend to do.

Threw the 2 domains in a couple of malware DB websites (URLVOID, VirusTotal and Google transparencyreport) but they didn't find anything. Probably false positives.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...