Jump to content

Blocked Intrusion


Recommended Posts

3 godziny temu, Falconeer82 napisał:

After installing 9.20.1.3 #01, My anti virus is reporting the following every time I start the game., never had this before????

 

image.png.3a306406fdc41c7454a6e7daba8e6d75.png

Capture.JPG

Please use the game consistency in the game and then reinstall the modpack

wot_22589.png

Edited by tomjac29
wstawianie grafiki
  • Like 1
Link to comment
33 minuty temu, Falconeer82 napisał:

@tomjac29 Ran the consistency check and I still get it.

please paste the log file .... 

To report a bug or problem, please post a new topic in this section and include following things:
 
- Run special application: >> Aslains_WoT_Logs_Archiver.exe << (which can be found in the game installation folder  or as shortcut on your windows desktop) it will create Aslains_WoT_Logs.zip file, attach that file to your thread, it's mandatory !!! I don't need any other logs, only that particular zip file. Aslains_WoT_Logs.zip can be found in game folder inside Aslains_Modpack directory.

 

ps what is antivir program?

Edited by tomjac29
  • Upvote 1
Link to comment
1 hour ago, tomjac29 said:

please paste the log file .... 

To report a bug or problem, please post a new topic in this section and include following things:
 
- Run special application: >> Aslains_WoT_Logs_Archiver.exe << (which can be found in the game installation folder  or as shortcut on your windows desktop) it will create Aslains_WoT_Logs.zip file, attach that file to your thread, it's mandatory !!! I don't need any other logs, only that particular zip file. Aslains_WoT_Logs.zip can be found in game folder inside Aslains_Modpack directory.

 

ps what is antivir program?

The AV is Norton. Something in the modpack edits the browser .exe..

Link to comment

Removed the modpack and checked the integrity of original WoT installation - And the attack stopped. Something included in the modpack attempts to activate malicious code. At least it seems so.

Link to comment
43 minutes ago, Aslain said:

It's not a conclusive tool. We have evidence that something, very likely the Ekspoint mod, edits the CEF BROWSER exe-file to connect to a known malvertising address (Which does appear to be the website of Ekspoint mod). My theory is that there is a malicious ad on the website, which means that all connections that try to access Ekspoint website will be blocked by their AV's.

Edited by Guest
Link to comment

The Ekspoint mods isn't broken in the game - But the website is. So, anytime the modpack tries to connect to the website or anything like that - You automatically visit a malicious page which will try to attack you. That's the problem. I urge Aslain to remove the Ekspoint mods until this is fixed. I think the website is either hacked or is running malvertising on purpose. I visited the website on a secure virtual machine 10 minutes ago and it's still infected.

 

Edited by Guest
Link to comment
  • Administrator

I visited it on virutal machine too, i'm analyzing it atm. You are prolly right about the mods.

 

Will keep you informed.

 

currently these mods from ekspoint are in the modpack:

  • auto equip (non xvm one)
  • wn8 in the battle (MHL)
  • various debug panels (except for ragnarocek)
  • extra aim info
  • info panel extended
  • safe shot extended
  • tactical map
  • mini damage panel
  • minimap tankview extended

 

Messaged ekspoint 5h ago, but no reply so far.

  • Like 1
  • Upvote 1
Link to comment
1 hour ago, Aslain said:

I visited it on virutal machine too, i'm analyzing it atm. You are prolly right about the mods.

 

Will keep you informed.

 

currently these mods from ekspoint are in the modpack:

  • auto equip (non xvm one)
  • wn8 in the battle (MHL)
  • various debug panels (except for ragnarocek)
  • extra aim info
  • info panel extended
  • safe shot extended
  • tactical map
  • mini damage panel
  • minimap tankview extended

 

Messaged ekspoint 5h ago, but no reply so far.

Thanks for keeping us updated, Aslain. We all appriciate your work and we all know that this isn't your fault. I hope that this is resolved as soon as possible.

Link to comment
  • Administrator

I have tested it all on few various antivirs today. Only Norton was showing notifications.

 

http://slinadu.info/bnews.js?vxre34=855382  -> https://www.virustotal.com/#/url/341c38a6b294c555ed824e19a1a7f0ea5eaa7bde4683e92bc7e08e00dc20b7da/detection

 

http://ralkipa.info/cdrive.js?t5vg9c=855352 -> 

https://www.virustotal.com/#/url/95909a4f14fb5fae94f5d849e635e4d38a0cdcaf02fce231c96dfd42ce6a04e7/detection

 

It's might be simple redirection and code related to showing ads:

 

Yeah looks like the purpose of this connection is to display in game website from ekspoint:

 

N5OEKdn.jpg

 

Still waiting for a reply from him. Yet today his website was blocked by admins because he was cheating counters and auto surfing (redirections to ads).

Link to comment

So the website is attached to the browser process. And by displaying the ads on the website we get targeted with malvertising. I think all Ekspoint mods need to be removed til' this is fixed.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use and Privacy Policy.