It most likely is a false positive, you can set the games executable as an exception if you want. You can easily find that option in the settings.

It can happen with anything that accesses outbound manner.
False positive, plain and simple.

What are you using exactly? Malwarebytes Anti-Malware (paid version) ?

They update the definitions multiple times each day; try doing an Update; then do a re-scan. Or see if it is still thinking that .exe (or its actions) are malicious.

TBO, it is not a very good realtime app. My boss and I gave the paid version a try; yea POS. Sits there all day and does nothing but constantly hogg up CPU & RAM; even when idle.

Don't get me wrong; good app for a manual scanner. Should be on every system.
When the trial ends however it will want u to pay; to continue to use just the free, non-realtime part of it again, remove what Malwarevytes puts in Windows startups; then it should just turn back into a free manual scanner again.

For MP of course.

Enter 176.53.17.226 in a browser; u'll see

I think u got your answer...
http://security.stackexchange.com/questions/63858/malicious-website-blocked-on-a-legit-program-please-help

I wouldn't worry about it. Never hurts to ask though when u not sure.

Ask Steam Support about that IP coming up for that game then; that is all I can suggest if u want any real answer. If they do not know, request that they look into it perhaps. Or ask the game dev.

Depends how it is detected as far as class of "intrusion"
if it is labeled as "PUP" those are often false positives.
For example, MBAM will treat everything it finds from BigFishGames or iWinGames as "PUP" which isn't really harful, but may contain forms of ad-ware, so while it gets flagged by apps as PUP, that is more/less up to the user to decide.

IP: 176.53.17.226 is over in Turkey with the ISP of Radore Veri Merkezi Hizmetleri A.S.

You can even access it: http://176.53.17.226/?page=player_names

Seems to use various ports, such as: 49287, 63932, 65135, 57512, and 60600.
Appears to be a server host or recording game stat data. No Malware detected.

It's labelled as a 'Persistent System'

Malwarebytes is right to warn about it, due to the fact it's recording a little of your data, however in this case it appears to just be your multiplayer game details. Most likely a false positive and no need for alarm - add to your exception list if deemed as safe and actually part of the game server.

Originally posted by Keyes:

Originally posted by Azza ☠:

IP: 176.53.17.226 is over in Turkey with the ISP of Radore Veri Merkezi Hizmetleri A.S.

You can even access it: http://176.53.17.226/?page=player_names

Seems to use various ports, such as: 49287, 63932, 65135, 57512, and 60600.
Appears to be a server host or recording game stat data. No Malware detected.

It's labelled as a 'Persistent System'

Malwarebytes is right to warn about it, due to the fact it's recording a little of your data, however in this case it appears to just be your multiplayer game details. Most likely a false positive and no need for alarm - add to your exception list if deemed as safe and actually part of the game server.

I sent a support ticket to malwarebytes and they investigated it, and they have unblocked it.

If you would be able to, would you be able to look into 2 other warnings? On the game garrys mod, Malwarebytes seemed to show warnings on 2 servers I played on.

46.246.94.108

91.211.117.31

91.211.117.73

217.23.9.123


These came up playing the game garrys mod, when I went onto multiplayer.

Snooping...

46.246.94.108
- Gridlane Cloud VPS Hosting
- Location: Sweden
- Open Port: 27015
- Game Server: Counter Strike Source
- Server Name: Poolparty!Deathmatch!MuchRush!Smoke nade week!www.Lolbrothers.c

91.211.117.31
- 0x2a.com.ua Data-Center
- Location: Ukraine
- Open Port: 27019
- Game Server: Counter Strike 1.6
- Server Name: [J]ust play and [W]in #1 16+

91.211.117.73
- 0x2a.com.ua Data-Center
- Location: Ukraine
- Open Port: 28000
- Game Server: Call of Duty 4
- Server Name: SMELA(Ukraine)Cod-4OpenWarfare_mw2

217.23.9.123
- dsa-ws-nl101.vilayer.com
- Location: Netherlands
- Open Post: 2302
- Game Server: DayZ
- Server Name: Friendly Server (For Friendly Players)
- Server Manager: ahmedwia

Detected them all as safe, without malware, game servers. Seems your Malwarebytes (under Website protection) is being a little bit over protective for various multiplayer games. However it's still good to check to be safe. You could report all of those as false positives to Malwarebytes and add the IPs into your Settings -> Web Exclusions or Ignore List, if you play them regularly (else just allow them temporary when you play).

If your really annoyed with it and want to disable those warnings - access the Web Exclusions tab under Settings, you can actually exclude each of the multiplayer games processes (find the exe) such as GarrysMod (\Steam\steamapps\common\GarrysMod\hl2.exe) using the Add Process button and it won't block any servers that process attempts to connect. This would be better than completely disable Malicious Website Protection (which would be more ideal for web browsing).

They might host more than one game server? However, that's just what was detected by me. Don't you have those games?

Originally posted by Keyes:

Originally posted by Azza ☠:

They might host more than one game server? However, that's just what was detected by me.

I did see the Netherlands server as a Gmod server, but it seemed a bit unresponsive.. Just checked game tracker, and the 91.211.117.73 IP hosts 3 CS:S servers.

Garry's Mod is originally a mod of Half-Life 2 (before being created into it's own standalone) and runs off of the "source engine" of that and CounterStrike Source. It will be using those textures and perhaps similar servers?

You can also get things like GMod DayZ - which also could be leeching in those game textures?

Any good firewall should warn first time usage of port connections collecting data, similar to those Malwarebytes is detecting... it shouldn't however be labelling it malicious. It's most likely just letting you be aware of it, incase it's something malicous your not expecting (keylogger, etc). It should just be asking you - do you want to allow this connection, then depending on what your doing at the time, you can make that decision.

Are you using the freebee or purchased version?

I personally recommend Kaspersky Internet Security 2015 (purchased) - it's well worth it for a good all rounder security: anti-virus, anti-adware, script detect, application control, firewall, safe money, privacy clean, and vulnerability scanner, etc.

However, MalwareBytes is good too. As mentioned in the past post, perhap add that game to the exceptions (if you trust it).

hola

i tried to open garry's mod and it thot hl2.exe was a ransomware

I had this IP named 80.211.195.16 come up before everytime when i launch a steam source multiplayer game.