Originally posted by opticsnake:

When I booted up War Thunder tonight, Malwarebytes flagged a request that it made to a blacklisted site. The site is known to
Barracuda_Reputation_B...,
BlockedServersRBL
CBL_AbuseAt
MegaRBL
SURBL
Blacklists_co
IPSpamList

The requested IP address was 187.39.130.150 and originated from the War Thunder Launcher. Here's the log from Malwarebytes:
Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 3/8/19
Protection Event Time: 8:29 PM
Log File: d6a19128-420a-11e9-b974-107b44a10e1d.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.538
Update Package Version: 1.0.9606
License: Premium

-System Information-
OS: Windows 10 (Build 17134.590)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Trojan
Domain:
IP Address: 187.39.130.150
Port: [27032]
Type: Outbound
File: A:\Steam\steamapps\common\War Thunder\launcher.exe



(end)

I've had this too
when it blocks it, you can still play the game (for some reason)

You should take this up with Malwarebytes. Are these the 'free' version? These programs often create 'false postitives' to get you to upgrade to the paid version. It is a common tactic from these types of suppliers. It is not possible to run Anti Virus software companies for nothing. Given the number of staff needed to oversee the 'threat environment' we have nowadays in cyberspace. Therefore, for the 'free' programs 'nudging you' to purchase their paid product is a commercial tactic. We have discussed this before (several times) in the Tech section here on Steam.

I have a fully functioning paid for AV software that is considered to be one of the best in the World. Many military forces and commercial enterprises use it and it does not show any issue with War Thunder, nor gjagent as it is 'smart enough' to know the the agent is just updating the game and restricts changes to the game directory.

Some of the 'free' programs do not like the gjagent. They see this as a program attempting to change files on your system, which of course it is, it is the update process for the game!

gjagent is very similar to the update software used by Windows and your AV software.

There is of course the possibility that you do indeed have a virus or trojan on your machine that you have picked up from somewhere else. You should therefore ensure that there is actually no issue with your machine. If you like you can check your machine using Trend Micro's free Online virus scan. https://www.trendmicro.com/en_us/forHome/products/housecall.html

Do you currently have War Thunder set as an Exemption or Trusted in your AV software. If not after you have thoroughly checked your system to ensure that no threat exists you should be able to add War Thunder to this area. You may have to un-quarantine it if this has been done by your AV software.

I hope this explains it all. If you have any issues that you want to discuss further, please PM on the War Thunder Forums.

Cheers

Originally posted by KnightoftheAbyss:

You should take this up with Malwarebytes. Are these the 'free' version? These programs often create 'false postitives' to get you to upgrade to the paid version. It is a common tactic from these types of suppliers. It is not possible to run Anti Virus software companies for nothing. Given the number of staff needed to oversee the 'threat environment' we have nowadays in cyberspace. Therefore, for the 'free' programs 'nudging you' to purchase their paid product is a commercial tactic. We have discussed this before (several times) in the Tech section here on Steam.

I have a fully functioning paid for AV software that is considered to be one of the best in the World. Many military forces and commercial enterprises use it and it does not show any issue with War Thunder, nor gjagent as it is 'smart enough' to know the the agent is just updating the game and restricts changes to the game directory.

Some of the 'free' programs do not like the gjagent. They see this as a program attempting to change files on your system, which of course it is, it is the update process for the game!

gjagent is very similar to the update software used by Windows and your AV software.

There is of course the possibility that you do indeed have a virus or trojan on your machine that you have picked up from somewhere else. You should therefore ensure that there is actually no issue with your machine. If you like you can check your machine using Trend Micro's free Online virus scan. https://www.trendmicro.com/en_us/forHome/products/housecall.html

Do you currently have War Thunder set as an Exemption or Trusted in your AV software. If not after you have thoroughly checked your system to ensure that no threat exists you should be able to add War Thunder to this area. You may have to un-quarantine it if this has been done by your AV software.

I hope this explains it all. If you have any issues that you want to discuss further, please PM on the War Thunder Forums.

Cheers

you are right, of course,
but I might also comment the premium trial calls it out too

Originally posted by KnightoftheAbyss:

You should take this up with Malwarebytes. Are these the 'free' version? These programs often create 'false postitives' to get you to upgrade to the paid version. It is a common tactic from these types of suppliers. It is not possible to run Anti Virus software companies for nothing. Given the number of staff needed to oversee the 'threat environment' we have nowadays in cyberspace. Therefore, for the 'free' programs 'nudging you' to purchase their paid product is a commercial tactic. We have discussed this before (several times) in the Tech section here on Steam.

I have a fully functioning paid for AV software that is considered to be one of the best in the World. Many military forces and commercial enterprises use it and it does not show any issue with War Thunder, nor gjagent as it is 'smart enough' to know the the agent is just updating the game and restricts changes to the game directory.

Some of the 'free' programs do not like the gjagent. They see this as a program attempting to change files on your system, which of course it is, it is the update process for the game!

gjagent is very similar to the update software used by Windows and your AV software.

There is of course the possibility that you do indeed have a virus or trojan on your machine that you have picked up from somewhere else. You should therefore ensure that there is actually no issue with your machine. If you like you can check your machine using Trend Micro's free Online virus scan. https://www.trendmicro.com/en_us/forHome/products/housecall.html

Do you currently have War Thunder set as an Exemption or Trusted in your AV software. If not after you have thoroughly checked your system to ensure that no threat exists you should be able to add War Thunder to this area. You may have to un-quarantine it if this has been done by your AV software.

I hope this explains it all. If you have any issues that you want to discuss further, please PM on the War Thunder Forums.

Cheers

I heard nowadays anti viruses are bad as normal viruses themselves. Just uninstall it.

Originally posted by shab.amin17:

Originally posted by KnightoftheAbyss:

You should take this up with Malwarebytes. Are these the 'free' version? These programs often create 'false postitives' to get you to upgrade to the paid version. It is a common tactic from these types of suppliers. It is not possible to run Anti Virus software companies for nothing. Given the number of staff needed to oversee the 'threat environment' we have nowadays in cyberspace. Therefore, for the 'free' programs 'nudging you' to purchase their paid product is a commercial tactic. We have discussed this before (several times) in the Tech section here on Steam.

I have a fully functioning paid for AV software that is considered to be one of the best in the World. Many military forces and commercial enterprises use it and it does not show any issue with War Thunder, nor gjagent as it is 'smart enough' to know the the agent is just updating the game and restricts changes to the game directory.

Some of the 'free' programs do not like the gjagent. They see this as a program attempting to change files on your system, which of course it is, it is the update process for the game!

gjagent is very similar to the update software used by Windows and your AV software.

There is of course the possibility that you do indeed have a virus or trojan on your machine that you have picked up from somewhere else. You should therefore ensure that there is actually no issue with your machine. If you like you can check your machine using Trend Micro's free Online virus scan. https://www.trendmicro.com/en_us/forHome/products/housecall.html

Do you currently have War Thunder set as an Exemption or Trusted in your AV software. If not after you have thoroughly checked your system to ensure that no threat exists you should be able to add War Thunder to this area. You may have to un-quarantine it if this has been done by your AV software.

I hope this explains it all. If you have any issues that you want to discuss further, please PM on the War Thunder Forums.

Cheers

I heard nowadays anti viruses are bad as normal viruses themselves. Just uninstall it.

I think the tip is: antiviruses CAN be as bad as normal viruses.
But hey, mine picked up the software the school was using to block task manager...

Originally posted by KnightoftheAbyss:

You should take this up with Malwarebytes. Are these the 'free' version? These programs often create 'false postitives' to get you to upgrade to the paid version. It is a common tactic from these types of suppliers. It is not possible to run Anti Virus software companies for nothing. Given the number of staff needed to oversee the 'threat environment' we have nowadays in cyberspace. Therefore, for the 'free' programs 'nudging you' to purchase their paid product is a commercial tactic. We have discussed this before (several times) in the Tech section here on Steam.

I have a fully functioning paid for AV software that is considered to be one of the best in the World. Many military forces and commercial enterprises use it and it does not show any issue with War Thunder, nor gjagent as it is 'smart enough' to know the the agent is just updating the game and restricts changes to the game directory.

Some of the 'free' programs do not like the gjagent. They see this as a program attempting to change files on your system, which of course it is, it is the update process for the game!

gjagent is very similar to the update software used by Windows and your AV software.

There is of course the possibility that you do indeed have a virus or trojan on your machine that you have picked up from somewhere else. You should therefore ensure that there is actually no issue with your machine. If you like you can check your machine using Trend Micro's free Online virus scan. https://www.trendmicro.com/en_us/forHome/products/housecall.html

Do you currently have War Thunder set as an Exemption or Trusted in your AV software. If not after you have thoroughly checked your system to ensure that no threat exists you should be able to add War Thunder to this area. You may have to un-quarantine it if this has been done by your AV software.

I hope this explains it all. If you have any issues that you want to discuss further, please PM on the War Thunder Forums.

Cheers

Thanks for your input. This is the paid for version of Malwarebytes.

To break this down, I'm not saying that the War Thunder launcher itself is a Trojan. What was getting flagged was the IP address that the launcher was reaching out to. If you take that IP address, 187.39.130.150, and plug it into a blacklist site such as ipvoid.com you can see that it has been flagged multiple times by sites that track those IPs.

For example, if you go to https://www.abuseat.org/lookup.cgi and plug in the IP address 187.39.130.150 (this is the IP address the War Thunder launcher attempted to communicate with) you get a report back on that IP address that includes this:
This IP is infected with Hajime, Wopbot, Mirai or similar malware, primarily used for DDOS attacks via IoT devices. See Mirai: The IoT Bot That Took Down Krebs and Launched a Tbps DDoS Attack on OVH for more information.

In fairness I should note that the IP address was flagged 3 times in 28 days but not in the last 24 hours.

My original intent behind posting this information was to inform other users that while the War Thunder launcher may not INTENTIONALLY be doing anything illicit, they should perhaps give their system a quick scan.

This happens to me w/ the paid version, but I don't worry about it. According to their forums, it's possibly because Gaijin rents their servers from larger provider(s), and they have no control over said provider's customers (guess what kind the Russian government is known for sponsoring).

Originally posted by microspace38:

This happens to me w/ the paid version, but I don't worry about it. According to their forums, it's possibly because Gaijin rents their servers from larger provider(s), and they have no control over said provider's customers (guess what kind the Russian government is known for sponsoring).

That would make sense. This server was located in Brazil.

Originally posted by opticsnake:

Originally posted by microspace38:

This happens to me w/ the paid version, but I don't worry about it. According to their forums, it's possibly because Gaijin rents their servers from larger provider(s), and they have no control over said provider's customers (guess what kind the Russian government is known for sponsoring).

That would make sense. This server was located in Brazil.

lol