Alpha Centauri 2

Community => Council Room => Topic started by: bvanevery on July 07, 2019, 10:58:27 PM

Title: Malwarebytes blocks site as Trojan
Post by: bvanevery on July 07, 2019, 10:58:27 PM

Was informed by a Reddit /r/4Xgaming post (https://www.reddit.com/r/4Xgaming/comments/c96bxm/smacx_ai_growth_mod_version_132_maintenance/) today:

Quote

Malwarebytes blocks your link. "Website blocked due to trojan".

The link in question being the SMACX AI Growth mod thread home page (http://alphacentauri2.info/index.php?topic=20959.0).  I responded:

Quote

I don't typically use Malwarebytes myself. I have access to a machine that does, and I confirm that the website is blocked. I am not the site owner. I do not know how Malwarebytes makes decisions about such things. I will say, the site contains game binaries that have been hacked / patched to fix or enhance various things about the game. These aren't trojans, but it wouldn't shock me if Malwarebytes is too stupid and uninterested to care about the difference.

In any event, my link itself does not contain any Trojans nor any immediate access to any .exe files for that matter. My mod is simply a collection of 16 .txt files that you drop into your SMAC game folder. Nothing's gonna happen. You can verify the contents of the .txt files yourself with any text editor.

I can bring the Malwarebytes issue to the attention of the site's main admin. However, if Malwarebytes simply categorizes anyone distributing 'illicit' binaries as a bad evildoer, well that site policy is not going to change. I don't know if there's some mechanism by which the site could plead withe Malwarebytes "for legitimacy". I would hope not, because that would pretty much invalidate any legitimate purpose on Malwarebytes making such a distinction. More than likely, Malwarebytes will believe what it wants to believe, and in the case of this site they will be wrong.

I personally would list an exception in Malwarebytes and be done with it. But of course, I've been around this site for a few years now. I'm biased.

Title: Re: Malwarebytes blocks site as Trojan
Post by: bvanevery on July 09, 2019, 12:04:20 AM

Further info from that Reddit thread:

Quote

Norton Safeweb and Google safe browsing find no problems, Avast's online scanner doesn't show any problems wither, and Virus Total scans it with 70 engines and only Dr Web finds a problem (not Malwarebytes interestingly). Also searching for it in different ways on different search engines shows no signs of problems but does get hits on discussions about using the site on GoG, Reddit, and a lot at civfanatics.com It seems like a likely false positive. Whether its a straight out false positive, or Malwarebytes making some determination that the content is "illegitimate" (if its the later they should give some warning other than "trojan" so I'm thinking more the former).

Title: Re: Malwarebytes blocks site as Trojan
Post by: Buster's Uncle on July 09, 2019, 12:14:52 AM

Quote from: t_ras

If the reason is the downloadable bineries, then there is nothing we can do.

[shrugs]

Title: Re: Malwarebytes blocks site as Trojan
Post by: Lorizael on July 21, 2019, 02:00:48 AM

Just got this today. I semi-accidentally activated a trial of premium malwarebytes. (I usually just use the free version.)

(https://lh3.googleusercontent.com/tVpmt4R4ijszMzL8LLsK9bBt68ILqF4ukJBry1kweLWXFpH4e35FXPcnUhn5syQMQcGFUF45Fn26BYvLNy0F4F-p62zfeOswmX4xBiynWAeanNI7FwFUbo5cMaYp16k9fbOgok47bDzujYOJD2eFiwVh7EQ0gxAAoIUYv4Eh3YDGm572K5muuLG7xphLcnszNVfERyN4MUj_o2HW3plvP01vIk_DkvCS1oR1kyS1SsRJHOTwr9xPP1geTXDuRGxBWg-THHoVztcZUz-AxftdDJ0-X15H-_SpulqFh4bcFu6hE5WbEAsgcF_S5-Dwoo9EKTrmfEiVlhheMT1iUqYDRNwX0ZAqUD4urMTCr0emDb0rKIMVvCURw2OHDwz05ETCZVrWoPg_XYsgjsmibeW_L6Ivo5Gr3U57cju57s99GxFEIDypoz7PnXhFF4TIifZFEYdOCkES4gucNUfFSr_DhglkQCYQyg1HfTiuc1Wdf-ubSwcuQvzCuGgloN96dg5uBV9l4Faw-nn2nXTfNkmQTsnIZZEMmhEG5m2iIjvG9GmYDR5DDC59KP2Urf2gBOm45V471D3llJDNpawbvg16CmbGxaVQrbRahjuq066iRzG2Js0hZkamx9Qan2ZYWO4gRTkP8ENclOh5cIPFsoSfrSjeDNEaClQ37NaPF4P6VZt9yq02FRnY5GpltziXAwcTuqnLhif1d3tRZ0njIF9wNWGC=w1189-h707-no)

Title: Re: Malwarebytes blocks site as Trojan
Post by: DrazharLn on August 21, 2019, 10:29:39 PM

I think this is a false positive. I have sent a message to malware bytes via twitter about it to try and find out more.

Edit: I've put the admin hat on so that they can check and see that an admin has said that they would contact twitter

Title: Re: Malwarebytes blocks site as Trojan
Post by: Vidsek on August 22, 2019, 02:27:49 AM

 I'm using Firefox as my browser and Bitdefender as my AV (with a little of Win10's security on the side). 

 They have never flagged our site for anything except a non-secure login.  If there was really a trojan here, I'm pretty certain they would have detected it.

Title: Re: Malwarebytes blocks site as Trojan
Post by: DrazharLn on August 23, 2019, 09:20:04 AM

https://forums.malwarebytes.com/topic/250802-unblock-alphacentauri2info/?tab=comments#comment-1330622

The block will be removed.

Title: Re: Malwarebytes blocks site as Trojan
Post by: Petek on September 30, 2019, 06:38:53 PM

Malwarebytes blocks AC2 again, for the same reason.

Title: Re: Malwarebytes blocks site as Trojan
Post by: Buster's Uncle on September 30, 2019, 07:45:03 PM

Oh, for pete's sake.

I'll alert sisko and the other tech guys.  Thanks for letting me know.

Title: Re: Malwarebytes blocks site as Trojan
Post by: DrazharLn on October 01, 2019, 07:20:07 AM

Requested unblock. Anyone else can do this, btw. https://forums.malwarebytes.com/topic/252192-unblock-alphacentauri2info/