• Malwarebytes reports trojan

    From Dumas Walker@CAPCITY2 to All on Sat Jan 20 10:41:58 2024
    A couple of weeks ago, one of my users reported that his Malwarebytes was warning him of a potential Trojan when he tried to connect here via telnet. At the time, I assumed it was because I have iptables set up to redirect the port from 23 to the "non root" port that Syncrhonet is listening on.

    However, I have since had a fellow sysop who connects here to exchange mail report the same thing. Because the bink port that binkit listens on is not a "needs root" port, I don't have that one redirected by iptables. He also tried it via telnet and sent me the error message. I cannot see what Trojan it thinks is on this end -- I don't think the message says.

    I have asked him to resend the message as text so I can share it. Malwarebytes was actually blocking our systems from exchanging mail.

    I did scan with ClamAV and all it reports are some "potentially unwanted applications" -- some DOS programs in my download directories that are apparently compressed with PKlite.

    As I only have linux machines, I don't have any experience with Malwarebytes. Has anyone else run into this -- is it a case of Malwarebytes just not liking BBSes or something else?

    Thanks!
    #

    ---
    ■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From MRO@BBSESINF to Dumas Walker on Sun Jan 21 06:04:14 2024
    Re: Malwarebytes reports trojan
    By: Dumas Walker to All on Sat Jan 20 2024 10:41 am


    As I only have linux machines, I don't have any experience with Malwarebytes. Has anyone else run into this -- is it a case of Malwarebytes just not liking BBSes or something else?


    it sounds like he's using the trial version or the paid version where you have more features. honestly it's just overkill unless you really ARE infected and you want to try to clean out your system.

    i would install it to try on your system bu it's become so convoluted i wont want it on my systems.
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From Dumas Walker@CAPCITY2 to MRO on Sun Jan 21 09:49:00 2024
    As I only have linux machines, I don't have any experience with Malwarebytes. Has anyone else run into this -- is it a case of Malwarebytes
    just not liking BBSes or something else?

    it sounds like he's using the trial version or the paid version where you have
    ore features. honestly it's just overkill unless you really ARE infected and u want to try to clean out your system.

    I think it is the paid version.

    i would install it to try on your system bu it's become so convoluted i wont w
    t it on my systems.

    Isn't Malwarebytes a windows program?


    * SLMR 2.1a * Tinnn Rooooooooof! --Rusted!

    ---
    ■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Dumas Walker@CAPCITY2 to ALL on Sun Jan 21 09:54:00 2024
    As I only have linux machines, I don't have any experience with
    Malwarebytes. Has anyone else run into this -- is it a case of Malwarebytes just not liking BBSes or something else?

    FYI, here is the message one of them is getting when trying to surf over
    via the web (line wraped).

    Location: https://block.malwarebytes.com?lic=Licensed&cat=Trojan&lang=en&prod=MBAM-C&ver=4
    .6.7.301&cpv=1.0.2222&upv=1.0.79814&ldr=290&ip=67.131.57.133&url=capitolcityonli
    ne.net
    Connection: close

    Website blocked due to a Trojan

    Your Malwarebytes Premium blocked this website because it may contain a Trojan.


    The main thing I am concerned about is that any Windows sysop who runs Malwarebytes Premium probably thinks that their connections have "gone
    down" when in reality Malwarebytes is rerouting the outbound traffic to a "127." address, and blocking the inbound traffic, to their hub or node.


    * SLMR 2.1a * AAAAA - American Association Against Acronym Abuse

    ---
    ■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From MRO@BBSESINF to Dumas Walker on Sun Jan 21 14:18:18 2024
    Re: Malwarebytes reports troj
    By: Dumas Walker to MRO on Sun Jan 21 2024 09:49 am

    i would install it to try on your system bu it's become so convoluted i wont w
    t it on my systems.

    Isn't Malwarebytes a windows program?


    yeah it is. it used to be good back in the day. i installed it in the middle of last year and it was just to convoluted and annoying to run.

    i supposed if you download a lot of viruses it would be useful.
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From MRO@BBSESINF to Dumas Walker on Sun Jan 21 16:32:47 2024
    Re: Malwarebytes reports troj
    By: Dumas Walker to ALL on Sun Jan 21 2024 09:54 am

    https://block.malwarebytes.com?lic=Licensed&cat=Trojan&lang=en&prod=M BAM-C&ver=4 .6.7.301&cpv=1.0.2222&upv=1.0.79814&ldr=290&ip=67.131.57.133&url =capitolcityonl i
    ne.net
    Connection: close


    it's also possible that your ip got blacklisted by malwarebytes.
    you could have got scanned by one of those shitty port scanners and you got put on a list for being compromised and malwarebytes used the list.

    you can contact malwarebytes and try to get it removed.
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From Dumas Walker@CAPCITY2 to MRO on Mon Jan 22 09:28:00 2024
    it's also possible that your ip got blacklisted by malwarebytes.
    you could have got scanned by one of those shitty port scanners and you got put
    on a list for being compromised and malwarebytes used the list.

    That is what I also suspect.


    * SLMR 2.1a * Halloween is *not* Christmas, even though 31 oct = 25 dec

    ---
    ■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Marc Lewis@@p0.f45.n396.z1[ASC46]fidonet[.]org to alt.bbs.synchronet on Mon Jan 22 15:34:11 2024
    From Newsgroup: alt.bbs.synchronet

    + User FidoNet address: 1:396/45
    Hello All.

    <On 20Jan2024 22:49 Dumas Walker wrote a message to All regarding Malwarebytes reports troj >

    To: MRO
    As I only have linux machines, I don't have any experience with Malwarebytes. Has anyone else run into this -- is it a case of Malwarebytes just not liking BBSes or something else?

    it sounds like he's using the trial version or the paid version
    where you have ore features. honestly it's just overkill unless you
    really ARE infected and u want to try to clean out your system.

    I think it is the paid version.

    i would install it to try on your system bu it's become so convoluted
    i wont w t it on my systems.

    Isn't Malwarebytes a windows program?
    Another useful one I've been using that's really easy on resources and easy to configure is Avast, both the freeware version as well as the professional version. Very little interference with all Windows programs. I am not sure if it is available on other OSes... Not sure. https://www.avast.com

    Best regards,
    Marc
    --
    +++++++++++++++++++++++++++++++++++++++++++++++++++++++
    + The FidoNet News Gate (Huntsville, AL - USA) +
    + The views of this user are strictly his or her own. + +++++++++++++++++++++++++++++++++++++++++++++++++++++++
    --
    This email has been checked for viruses by Avast antivirus software. www.avast.com
    --- Synchronet 3.20a-Linux NewsLink 1.114
  • From MRO@BBSESINF to Dumas Walker on Mon Jan 22 16:49:12 2024
    Re: Malwarebytes reports troj
    By: Dumas Walker to MRO on Mon Jan 22 2024 09:28 am

    it's also possible that your ip got blacklisted by malwarebytes.
    you could have got scanned by one of those shitty port scanners and you got put
    on a list for being compromised and malwarebytes used the list.

    That is what I also suspect.



    the reason why that popped in my head is stuff like this happened to me more than a few times over the years, especially when i was running my servers off a residential ip address.
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From MRO@BBSESINF to Marc Lewis on Mon Jan 22 17:51:15 2024
    Re: Malwarebytes reports troj
    By: Marc Lewis to alt.bbs.synchronet on Mon Jan 22 2024 03:34 pm

    Another useful one I've been using that's really easy on resources and easy to configure is Avast, both the freeware version as well as the professional version. Very little interference with all Windows programs. I am not sure if it is available on other OSes... Not sure. https://www.avast.com

    Best regards,

    wasnt avast caught selling our information?
    i just use the ms security essentials.
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From Dumas Walker@CAPCITY2 to MARC LEWIS on Wed Jan 24 09:45:00 2024
    Isn't Malwarebytes a windows program?
    Another useful one I've been using that's really easy on resources and easy to
    configure is Avast, both the freeware version as well as the professional version. Very little interference with all Windows programs. I am not sure if
    it is available on other OSes... Not sure. https://www.avast.com

    Thanks, I used to use that one when I had a windows machine and it did seem
    to work and play better than others.

    I was curious if maybe malwarebytes doesn't like bbses but it sounded like
    it was only my board that was tripping the alert which makes me think mro
    might be right about the port scanners/blacklists. I have been getting hit
    a lot lately with script bots that tie up / lock up the telnet service, and
    a few that have hit me both there and the web interface at the same time.

    I scanned the system with ClamAV. It did find a bunch of PUAs -- DOS
    programs for download that are compressed with PKlite or were compiled
    using watcomm (not sure why that is an issue) -- but it did not find any trojans or viruses.


    * SLMR 2.1a * In Stereo where available. .elbaliava erehw oeretS nI

    ---
    ■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From MRO@BBSESINF to Dumas Walker on Wed Jan 24 18:53:37 2024
    Re: Malwarebytes reports troj
    By: Dumas Walker to MARC LEWIS on Wed Jan 24 2024 09:45 am

    I was curious if maybe malwarebytes doesn't like bbses but it sounded like it was only my board that was tripping the alert which makes me think mro might be right about the port scanners/blacklists. I have been getting hit a lot lately with script bots that tie up / lock up the telnet service, and

    I don't even think it's about you running a bbs.
    your domain is just blacklisted.

    https://i.imgur.com/dsSaM8M.png

    *.synchro.net websites work.
    my site works.

    I installed a vm and installed malwarebytes. It has changed a lot. stupid splash screens when installing, takes a while. looks like bloatware.
    whoever runs this shit is a moron.
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From MRO@BBSESINF to Dumas Walker on Wed Jan 24 18:59:51 2024
    Re: Malwarebytes reports troj
    By: MRO to Dumas Walker on Wed Jan 24 2024 06:53 pm

    Re: Malwarebytes reports troj
    By: Dumas Walker to MARC LEWIS on Wed Jan 24 2024 09:45 am

    I was curious if maybe malwarebytes doesn't like bbses but it sounded like it was only my board that was tripping the alert which makes me think mro might be right about the port scanners/blacklists. I have been getting hit a lot lately with script bots that tie up / lock up the telnet service, and

    I don't even think it's about you running a bbs.
    your domain is just blacklisted.

    https://i.imgur.com/dsSaM8M.png

    *.synchro.net websites work.
    my site works.

    I installed a vm and installed malwarebytes. It has changed a lot. stupid splash screens when installing, takes a while. looks like bloatware. whoever runs this shit is a moron.

    damn dude malwarebytes really hates your ass.
    when trying to telnet to it, it blocks and does a popup.

    you should contact them and give them your ip to get unblacklisted.

    https://i.imgur.com/F0UPzKn.png
    even rlogin
    https://i.imgur.com/jAM7Xbg.png
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From Dumas Walker@CAPCITY2 to MRO on Thu Jan 25 09:59:00 2024
    I don't even think it's about you running a bbs.
    your domain is just blacklisted.

    https://i.imgur.com/dsSaM8M.png

    *.synchro.net websites work.
    my site works.

    When you say *.synchro.net sites, I assume you mean "other than mine." :D

    I installed a vm and installed malwarebytes. It has changed a lot. stupid spl
    h screens when installing, takes a while. looks like bloatware.
    whoever runs this shit is a moron.

    But a very popular moron, unfortunately.


    * SLMR 2.1a * Speed doesn't kill. Stopping very fast kills.

    ---
    ■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Dumas Walker@CAPCITY2 to MRO on Thu Jan 25 10:12:27 2024
    I don't even think it's about you running a bbs.
    your domain is just blacklisted.

    https://i.imgur.com/dsSaM8M.png


    Yeah, I like how it doesn't tell you what trojan it thinks is there (because there isn't one). :(

    #

    ---
    ■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From Dumas Walker@CAPCITY2 to MRO on Thu Jan 25 10:32:26 2024
    you should contact them and give them your ip to get unblacklisted.

    Reported. We shall see what happens.

    #

    ---
    ■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
  • From MRO@BBSESINF to Dumas Walker on Thu Jan 25 13:22:43 2024
    Re: Malwarebytes reports troj
    By: Dumas Walker to MRO on Thu Jan 25 2024 09:59 am

    I don't even think it's about you running a bbs.
    your domain is just blacklisted.

    https://i.imgur.com/dsSaM8M.png

    *.synchro.net websites work.
    my site works.

    When you say *.synchro.net sites, I assume you mean "other than mine." :D

    yep

    h screens when installing, takes a while. looks like bloatware.
    whoever runs this shit is a moron.

    But a very popular moron, unfortunately.


    the guy who can't access your site is a moron?
    i mean whoever would want to run malwarebytes in this form is a moron.
    it's not a simple utility anymore. it takes over everything.
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From MRO@BBSESINF to Dumas Walker on Thu Jan 25 13:24:04 2024
    Re: Re: Malwarebytes reports troj
    By: Dumas Walker to MRO on Thu Jan 25 2024 10:12 am

    I don't even think it's about you running a bbs.
    your domain is just blacklisted.

    https://i.imgur.com/dsSaM8M.png


    Yeah, I like how it doesn't tell you what trojan it thinks is there (because there isn't one). :(

    yeah, not very technical for being in the biz.
    it's not like there's bad javascript or it's serving up anything.

    so contact them with your ip address. that's the thing that triggers the blocking. hopefully you will get ahold of a real person.
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From Marc Lewis@@p0.f45.n396.z1[ASC46]fidonet[.]org to alt.bbs.synchronet on Tue Jan 23 20:34:36 2024
    From Newsgroup: alt.bbs.synchronet

    + User FidoNet address: 1:396/45
    Hello All.

    <On 22Jan2024 05:51 MO wrote a message to All regarding Malwarebytes reports troj >

    From: "MRO" <mro@BBSESINF.remove-olj-this>

    By: Marc Lewis to alt.bbs.synchronet on Mon Jan 22 2024 03:34 pm

    Another useful one I've been using that's really easy on resources
    and easy
    to configure is Avast, both the freeware version as well as the
    professional
    version. Very little interference with all Windows programs. I am
    not sure
    if it is available on other OSes... Not sure. https://www.avast.com

    Best regards,

    wasnt avast caught selling our information?
    i just use the ms security essentials.

    There are specific settings in Avast under settings - personal privacy to turn off sharing. I'm sure that some folks will still not be convinced. I've been satisfied with its performance. I will check further and see. You may in fact be correct.

    Best regards,
    Marc

    .. "Military intelligence" is a contradiction in terms.(Groucho Marx)
    --
    +++++++++++++++++++++++++++++++++++++++++++++++++++++++
    + The FidoNet News Gate (Huntsville, AL - USA) +
    + The views of this user are strictly his or her own. + +++++++++++++++++++++++++++++++++++++++++++++++++++++++
    --
    This email has been checked for viruses by Avast antivirus software. www.avast.com
    --- Synchronet 3.20a-Linux NewsLink 1.114
  • From MRO@BBSESINF to Marc Lewis on Sun Jan 28 20:36:38 2024
    Re: RE: Malwarebytes reports troj
    By: Marc Lewis to alt.bbs.synchronet on Tue Jan 23 2024 08:34 pm


    There are specific settings in Avast under settings - personal privacy to turn off sharing. I'm sure that some folks will still not be convinced. I've been satisfied with its performance. I will check further and see. You may in fact be correct.


    if they did it once, they'll do it again.
    I wouldn't trust it.

    I just use the built in windows shit.
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::