All Discussions > Steam Forums > Help and Tips > Topic Details
tweeber69 Apr 7, 2015 @ 3:49am
Malwarebytes Pro detecting malicious site
Got this pop-up from Malwarebytes Pro while checking out a server on Steam:

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 4/6/2015 4:52:18 PM, SYSTEM, ********-PC, Protection, Malware Protection, Starting,
Protection, 4/6/2015 4:52:18 PM, SYSTEM, ********-PC, Protection, Malware Protection, Started,
Protection, 4/6/2015 4:52:18 PM, SYSTEM, ********-PC, Protection, Malicious Website Protection, Starting,
Protection, 4/6/2015 4:53:06 PM, SYSTEM, ********-PC, Protection, Malicious Website Protection, Started,
Update, 4/6/2015 5:04:39 PM, SYSTEM, ********-PC, Manual, Remediation Database, 2015.3.9.1, 2015.4.6.2,
Update, 4/6/2015 5:04:47 PM, SYSTEM, ********-PC, Manual, Malware Database, 2015.4.5.3, 2015.4.6.10,
Protection, 4/6/2015 5:04:47 PM, SYSTEM, ********-PC, Protection, Refresh, Starting,
Protection, 4/6/2015 5:04:47 PM, SYSTEM, ********-PC, Protection, Malicious Website Protection, Stopping,
Protection, 4/6/2015 5:04:48 PM, SYSTEM, ********-PC, Protection, Malicious Website Protection, Stopped,
Protection, 4/6/2015 5:04:54 PM, SYSTEM, ********-PC, Protection, Refresh, Success,
Protection, 4/6/2015 5:04:54 PM, SYSTEM, ********-PC, Protection, Malicious Website Protection, Starting,
Protection, 4/6/2015 5:05:14 PM, SYSTEM, ********-PC, Protection, Malicious Website Protection, Started,
Update, 4/6/2015 5:40:49 PM, SYSTEM, ********-PC, Scheduler, Malware Database, 2015.4.6.10, 2015.4.6.11,
Protection, 4/6/2015 5:40:49 PM, SYSTEM, ********-PC, Protection, Refresh, Starting,
Protection, 4/6/2015 5:40:49 PM, SYSTEM, ********-PC, Protection, Malicious Website Protection, Stopping,
Protection, 4/6/2015 5:40:49 PM, SYSTEM, ********-PC, Protection, Malicious Website Protection, Stopped,
Protection, 4/6/2015 5:40:55 PM, SYSTEM, ********-PC, Protection, Refresh, Success,
Protection, 4/6/2015 5:40:55 PM, SYSTEM, ********-PC, Protection, Malicious Website Protection, Starting,
Protection, 4/6/2015 5:40:55 PM, SYSTEM, ********-PC, Protection, Malicious Website Protection, Started,
Detection, 4/6/2015 9:17:44 PM, SYSTEM, ********-PC, Protection, Malicious Website Protection, IP, 74.91.118.239, 54206, Outbound, D:\Steam\Steam.exe,
Detection, 4/6/2015 9:17:44 PM, SYSTEM, ********-PC, Protection, Malicious Website Protection, IP, 74.91.118.239, 54206, Outbound, D:\Steam\Steam.exe,

(end)


So is this a false positive or what? I was viewing the server located at IP: 23.235.225.107:27045

All I did was right-click it and view server info then Malwarebytes went nutty a few seconds later. First time I've seen it block a website but I'm guessing it's not a malicious one. Anyone know anything about this? I tried to post a question to Steam's support but can't login due to the captcha they use...

Any help is appreciated. I won't be able to view it until tomorrow due to the nature of my work. Thank you in advance.

Something went wrong while displaying this content. Refresh

Error Reference: Community_9708323_
Loading CSS chunk 7561 failed.
(error: https://community.fastly.steamstatic.com/public/css/applications/community/communityawardsapp.css?contenthash=789dd1fbdb6c6b5c773d)
Showing 1-9 of 9 comments
Muppet among Puppets Apr 7, 2015 @ 3:55am 
Send it to malwarebytes to check.
#1
Knightwolf Apr 7, 2015 @ 3:58am 
malwarebytes blocked 46.21.150.220 for me when i just checked ya was just going to post that as well ^^^
Last edited by Knightwolf; Apr 7, 2015 @ 4:05am
#2
Knightwolf Apr 7, 2015 @ 4:08am 
take that back i had 3 on full search
#3
tweeber69 Apr 8, 2015 @ 2:08am 
Originally posted by Muppet among Puppets:
Send it to malwarebytes to check.

Just did. Will update tomorrow with their reply. I hope I gave them enough info to figure it out.
#4
tweeber69 Apr 8, 2015 @ 2:08am 
Originally posted by Sangheili:
malwarebytes blocked 46.21.150.220 for me when i just checked ya was just going to post that as well ^^^

Every time I update the server list, Malwarebytes catches that IP again. This time it's catching it through port 57991.
#5
tweeber69 Apr 20, 2015 @ 11:33pm 
Originally posted by Sangheili:
take that back i had 3 on full search

I apparently got a reply from MalwareBytes almost two weeks ago but didn't see it because gmail hid it in between my original message to them and the auto-reply from them. They asked me to download and run FarBar. Some kind of tool that scans a few areas of the computer. I kind of think they don't exactly know what Steam.exe is. lol
#6
tweeber69 Apr 23, 2015 @ 11:30pm 
Originally posted by Sangheili:
take that back i had 3 on full search

The final verdict was that something was trying to mess up my computer from a Steam server, basically. They had me fix my registry. Well, this is what I'm guessing from what I emailed them and they emailed to me. Probably best to stay away from the Steam servers. They're P2P and that's never a good thing to use, if you don't want malware.
#7
Silicon Vampire Apr 23, 2015 @ 11:35pm 
really, it sounds like you opened something on your computer that changed something on the computer and created the issues.

I'm helping investigate something right now that would be easy to get people to download and install but would totally fubar the system. It's far more likely something similar happened to you than anything coming from Steam.

I know no part of Steam itself that uses P2P. Some games, maybe... not Steam itself.
Last edited by Silicon Vampire; Apr 23, 2015 @ 11:41pm
#8
Azza ☠ Apr 23, 2015 @ 11:47pm 
Well it's complaining about IP: 74.91.118.239

Which is:
NFOSERVERS (Game Hosting Server Provider)
Nuclearfallout Enterprises, Inc.
United States San Jose
Internap Network Services Corporation

Quite possibly being used as a server host for Counter-Strike: Global Offensive and other online games.

Virus Total IP Snoop:
https://www.virustotal.com/en/ip-address/74.91.118.239/information/

Malware site detected under IP domain control:
https://www.virustotal.com/en/url/fd47ea5e3874e48cfa729a6823e6cb9aaf6fb9b789ede2f7375de1a0e53adda5/analysis/1429832262/

Blackhole exploit kit 2.0 detected in the past.

Website with that malware/exploit has been suspended in the past however, just still probably blacklisted under Malwarebytes. You need to ask them to recheck and update their database.
Last edited by Azza ☠; Apr 23, 2015 @ 11:52pm
#9
Showing 1-9 of 9 comments
Per page: 1530 50

All Discussions > Steam Forums > Help and Tips > Topic Details
Date Posted: Apr 7, 2015 @ 3:49am
Posts: 9
Start a New Discussion

Discussions Rules and Guidelines