Dismiss Notice
This Section is READ ONLY - All Posts Are Archived

Malwarebytes reports Trojan in launcher/patcher

Discussion in 'User Interface (Including Launcher)' started by tioga trailrunner, Dec 11, 2019.

Thread Status:
Not open for further replies.
  1. tioga trailrunner

    tioga trailrunner Avatar

    Messages:
    38
    Likes Received:
    21
    Trophy Points:
    8
    Location:
    California, Central Valley
    12/11/2019 08:58
    Title: Malwarebytes is reporting a trojan in two of the launcher internal(?) urls
    Reproduction Rate: 100%
    Blocker? N
    Details: While the launcher/patcher is downloading/installing the latest patch, Malwarebytes reports a trojan present.

    Malwarebytes
    www.malwarebytes.com
    -Log Details-
    Protection Event Date: 12/11/19
    Protection Event Time: 7:01 AM
    Log File: 160bb4aa-1c27-11ea-9b1c-704d7b2d7b47.json
    -Software Information-
    Version: 4.0.4.49
    Components Version: 1.0.770
    Update Package Version: 1.0.16004
    License: Premium
    -System Information-
    OS: Windows 10 (Build 18362.535)
    CPU: x64
    File System: NTFS
    User: System
    -Blocked Website Details-
    Malicious Website: 1
    , D:\Program Files\Portalarium\Shroud of the Avatar(QA)\Shroud of the Avatar - Launcher.exe, Blocked, -1, -1, 0.0.0
    -Website Data-
    Category: Trojan
    Domain:
    IP Address: 51.77.133.217
    Port: 55721
    Type: Outbound
    File: D:\Program Files\Portalarium\Shroud of the Avatar(QA)\Shroud of the Avatar - Launcher.exe
    (end)

    Malwarebytes
    www.malwarebytes.com
    -Log Details-
    Protection Event Date: 12/11/19
    Protection Event Time: 7:19 AM
    Log File: 9610d62e-1c29-11ea-8907-704d7b2d7b47.json
    -Software Information-
    Version: 4.0.4.49
    Components Version: 1.0.770
    Update Package Version: 1.0.16004
    License: Premium
    -System Information-
    OS: Windows 10 (Build 18362.535)
    CPU: x64
    File System: NTFS
    User: System
    -Blocked Website Details-
    Malicious Website: 1
    , D:\Program Files\Portalarium\Shroud of the Avatar(QA)\Shroud of the Avatar - Launcher.exe, Blocked, -1, -1, 0.0.0
    -Website Data-
    Category: Trojan
    Domain:
    IP Address: 59.30.20.102
    Port: 55721
    Type: Outbound
    File: D:\Program Files\Portalarium\Shroud of the Avatar(QA)\Shroud of the Avatar - Launcher.exe
    (end)

    Steps to Reproduce: Run malwarebytes premium, download/patch/launch SOTA.
    User Specs:
    OS: Windows 10 (10.0.0) 64bit
    CPU: Intel(R) Core(TM) i5-7600K CPU @ 3.80GHz (4) System RAM: 32686
    GPU: NVIDIA GeForce GTX 1080 GPU RAM: 8079
    SotA.QA.Win.64.900.Date.12.05.19
    Area: POT_alpine_metropolis_01a_template/Inselberg Wastes
    Area Display Name: Inselberg Wastes
    Loc: (-3.7, 38.6, 96.7)
    Debug: UE9UX2FscGluZV9tZXRyb3BvbGlzXzAxYV90ZW1wbGF0ZXxJbnNlbGJlcmcgV2FzdGVzfCgtMy42NjgsIDM4LjY0NSwgOTYuNzM2KXwoMCwgLTAuMDA0LCAwLCAxKXw0MDkuMDg1Nnw0Ni45NTU0M3wzLjk2MzMxMQ==
     
  2. Ravalox

    Ravalox Chief Cook and Bottle Washer Moderator SOTA Developer

    Messages:
    1,731
    Likes Received:
    4,954
    Trophy Points:
    125
    Gender:
    Male
    Location:
    Dallas, TX
    Every so often the Launcher is flagged in this way due to the P2P patching option, which speeds up the patching of player clients. To confirm, you can un-check the "Help Upload Game Data via P2P" box and you should not get the warning again when running the launcher.

    Note the port number used for the Peer to Peer data port (55721), this matches the port in Malwarebytes report.

    [​IMG]
     
    Tazar, tioga trailrunner and Anpu like this.
  3. tioga trailrunner

    tioga trailrunner Avatar

    Messages:
    38
    Likes Received:
    21
    Trophy Points:
    8
    Location:
    California, Central Valley
    Ravalox,

    Got it. Turned off option and I don't see that now.
     
    Anpu and Ravalox like this.
Thread Status:
Not open for further replies.