Jump to content
Falconeer82

Blocked Intrusion

Recommended Posts

After installing 9.20.1.3 #01, My anti virus is reporting the following every time I start the game., never had this before????

 

image.png.3a306406fdc41c7454a6e7daba8e6d75.png

Capture.JPG

Share this post


Link to post
Share on other sites

CEF_BROWSER_PROCESS is a Wargaming file. It's NOT from the modpack.

It even has a Wargaming digital signature.

Share this post


Link to post
Share on other sites

I would send a message to Wargaming support about it, to be sure what the hell it is. :)

Share this post


Link to post
Share on other sites
3 godziny temu, Falconeer82 napisał:

After installing 9.20.1.3 #01, My anti virus is reporting the following every time I start the game., never had this before????

 

image.png.3a306406fdc41c7454a6e7daba8e6d75.png

Capture.JPG

Please use the game consistency in the game and then reinstall the modpack

wot_22589.png

Edited by tomjac29
wstawianie grafiki
  • Like 1

Share this post


Link to post
Share on other sites

Happened to me only after installing Aslains modpack. Anyone got any info?

Share this post


Link to post
Share on other sites
33 minuty temu, Falconeer82 napisał:

@tomjac29 Ran the consistency check and I still get it.

please paste the log file .... 

To report a bug or problem, please post a new topic in this section and include following things:
 
- Run special application: >> Aslains_WoT_Logs_Archiver.exe << (which can be found in the game installation folder  or as shortcut on your windows desktop) it will create Aslains_WoT_Logs.zip file, attach that file to your thread, it's mandatory !!! I don't need any other logs, only that particular zip file. Aslains_WoT_Logs.zip can be found in game folder inside Aslains_Modpack directory.

 

ps what is antivir program?

Edited by tomjac29
  • Upvote 1

Share this post


Link to post
Share on other sites

ps 2 Start the game in safe mode and see if you have the same .... theoretically this file is responsible for all these "special" notifications in the game ... some missions, etc.

Share this post


Link to post
Share on other sites
1 hour ago, tomjac29 said:

please paste the log file .... 

To report a bug or problem, please post a new topic in this section and include following things:
 
- Run special application: >> Aslains_WoT_Logs_Archiver.exe << (which can be found in the game installation folder  or as shortcut on your windows desktop) it will create Aslains_WoT_Logs.zip file, attach that file to your thread, it's mandatory !!! I don't need any other logs, only that particular zip file. Aslains_WoT_Logs.zip can be found in game folder inside Aslains_Modpack directory.

 

ps what is antivir program?

The AV is Norton. Something in the modpack edits the browser .exe..

Share this post


Link to post
Share on other sites

I was getting this last night as well, but I've already installed the new modpack...

 

 

If I get it again tonight, I'll post logs.

 

Norton AV as well.

 

ETA: Still getting error on game launch.

 

 

intrusion.PNG

Aslains_WoT_Logs.zip

Edited by downinflames
Still getting warning...

Share this post


Link to post
Share on other sites

It analyzes these logs very carefully, but it will take a while ... for the moment I can only say that it is not a problem. Aslain modpack ... I will let you know and I will try to give a reason

Edited by tomjac29

Share this post


Link to post
Share on other sites

Removed the modpack and checked the integrity of original WoT installation - And the attack stopped. Something included in the modpack attempts to activate malicious code. At least it seems so.

  • Upvote 1

Share this post


Link to post
Share on other sites

Same here I’m afraid. Norton AV prevented several intrusion attempts.

Edited by Interface2037

Share this post


Link to post
Share on other sites

same here.

Expoint modpack website is infected, hence every attempt to connect to it, is blocked by FW

 

 

seccenter_2017-11-18_14-48-27.png.a2c0f84b650cbf8c896c19c378dba334.png

 

 

chrome_2017-11-18_14-54-20.thumb.png.6dbd74331d0ea790aec5a5e0eb52b9ee.png

  • Upvote 1

Share this post


Link to post
Share on other sites
43 minutes ago, Aslain said:

It's not a conclusive tool. We have evidence that something, very likely the Ekspoint mod, edits the CEF BROWSER exe-file to connect to a known malvertising address (Which does appear to be the website of Ekspoint mod). My theory is that there is a malicious ad on the website, which means that all connections that try to access Ekspoint website will be blocked by their AV's.

Edited by xSweden

Share this post


Link to post
Share on other sites

I can agree on that ekspoint has updated all his mods recently, even today, maybe he fixed something.

Share this post


Link to post
Share on other sites

Just analyzed the website - it contains malicious code. DONT visit it and DONT run the modpack as long as Ekspoint is there.

  • Upvote 1

Share this post


Link to post
Share on other sites

What parts of Aslains modpack is related to Ekspoint?

is there anything we can disable to be able to continue using the modpack?

Edited by Interface2037

Share this post


Link to post
Share on other sites

I still check but I have the first malfunction. To the core. Do you use the TS plug-in to WoT and if so how do you have the TS client version and what is the TS server version

Share this post


Link to post
Share on other sites

The Ekspoint mods isn't broken in the game - But the website is. So, anytime the modpack tries to connect to the website or anything like that - You automatically visit a malicious page which will try to attack you. That's the problem. I urge Aslain to remove the Ekspoint mods until this is fixed. I think the website is either hacked or is running malvertising on purpose. I visited the website on a secure virtual machine 10 minutes ago and it's still infected.

 

Edited by xSweden

Share this post


Link to post
Share on other sites

I visited it on virutal machine too, i'm analyzing it atm. You are prolly right about the mods.

 

Will keep you informed.

 

currently these mods from ekspoint are in the modpack:

  • auto equip (non xvm one)
  • wn8 in the battle (MHL)
  • various debug panels (except for ragnarocek)
  • extra aim info
  • info panel extended
  • safe shot extended
  • tactical map
  • mini damage panel
  • minimap tankview extended

 

Messaged ekspoint 5h ago, but no reply so far.

  • Like 1
  • Upvote 1

Share this post


Link to post
Share on other sites
1 hour ago, Aslain said:

I visited it on virutal machine too, i'm analyzing it atm. You are prolly right about the mods.

 

Will keep you informed.

 

currently these mods from ekspoint are in the modpack:

  • auto equip (non xvm one)
  • wn8 in the battle (MHL)
  • various debug panels (except for ragnarocek)
  • extra aim info
  • info panel extended
  • safe shot extended
  • tactical map
  • mini damage panel
  • minimap tankview extended

 

Messaged ekspoint 5h ago, but no reply so far.

Thanks for keeping us updated, Aslain. We all appriciate your work and we all know that this isn't your fault. I hope that this is resolved as soon as possible.

  • Like 1
  • Upvote 2

Share this post


Link to post
Share on other sites

I have tested it all on few various antivirs today. Only Norton was showing notifications.

 

http://slinadu.info/bnews.js?vxre34=855382  -> https://www.virustotal.com/#/url/341c38a6b294c555ed824e19a1a7f0ea5eaa7bde4683e92bc7e08e00dc20b7da/detection

 

http://ralkipa.info/cdrive.js?t5vg9c=855352 -> 

https://www.virustotal.com/#/url/95909a4f14fb5fae94f5d849e635e4d38a0cdcaf02fce231c96dfd42ce6a04e7/detection

 

It's might be simple redirection and code related to showing ads:

 

Yeah looks like the purpose of this connection is to display in game website from ekspoint:

 

N5OEKdn.jpg

 

Still waiting for a reply from him. Yet today his website was blocked by admins because he was cheating counters and auto surfing (redirections to ads).

Share this post


Link to post
Share on other sites

So the website is attached to the browser process. And by displaying the ads on the website we get targeted with malvertising. I think all Ekspoint mods need to be removed til' this is fixed.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×