Malwarebytes is reporting a Trojan from PathofExileSteam.exe?

I'm getting multiple alerts during play about this. Is this a false positive, I assume?

IP Address Trojan is coming from: 64.58.126.236
File: C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathofExileSteam.exe

Malwarebytes is wrong.

This crops up every now and again and it has NEVER been an accurate reading from them.

If you are really concerned about it, hit up Steam's support staff.

"

Warfalcon76 wrote:

Is this a false positive, I assume?

It is difficult to say for sure; it certainly shouldn't reach you infected, however it's always possible that 1) someone mnaged to perform a supply chain attack, or, 2) an existing infection on your PC has interfered with a legitimate file in a bid to increase its persistance.

My advice would be to upload your copy of the file to https://www.virustotal.com/gui/home/upload, which will create dozens of copies & subject each to the assessment of a different bit of security software. If there's 0-2 positives then Malwarebytes done goof'd - if there's a bunch of them, it's time to assume there's a problem and start taking steps to address it.

In this day and age malware can survive a drive format & OS reinstall. While for most people this is probably sufficient, in 2022 I really think you're asking for problems if you see proof your computer has been compromised and do anything less than that.

But hey - your computer, your rules. Best of luck!

Are you also getting a crash to desktop that says you cannot deserialise pid 18516?

"

Jaldy wrote:

Are you also getting a crash to desktop that says you cannot deserialise pid 18516?

That is also because of Malwarebytes.

Just figured that out this evening.

It's not a false positive. Game is just a trojan horse.

Type Path of Exile trojan in google, look how many times that game is recognized as trojan.

"

madermax2 wrote:

It's not a false positive. Game is just a trojan horse.

Type Path of Exile trojan in google, look how many times that game is recognized as trojan.

funny.

you do know that malware sometimes attaches itself to exe files when it infects your pc?

the reason the exe is compromised when you scan it, isn't because ggg delivered it to you this way, it's because you caught malware.

.

"

elesham4ever wrote:

"

Warfalcon76 wrote:

I'm getting multiple alerts during play about this. Is this a false positive, I assume?

IP Address Trojan is coming from: 64.58.126.236
File: C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathofExileSteam.exe

https://forums.malwarebytes.com/topic/283785-path-of-exile-executable-reporting-a-false-positive-for-trojan/

Malwarebytes staff reviewed it, concluded that specific IP address is being blocked for a legitimate reason ie not just some false positive.

just uninstall malwarebytes then since the software blocks a totally valid ip address for invalid reasons.

the post you linked showed that malwarebyte blocks incoming traffic from a (web)server looking for open RTP ports, which is connected to windwow remote desktop functionality. they got that info from their own systems which are designed to log these events.

but since youre behind your router, it's firewall will always block those incoming connection attempts by default. it's no threat.

the reason malwarebyte blocks you from those servers is, that they assume that a server which scans for open rtp ports also delivers malware when you actively contact it to get a website or other data.

some call it "advanced protection" which are those that wanna sell it to you. others call it fearmongering since ip addresses on the internet are mostly dynamic and a host that spreads malware is interested in changing it's own ip address as often as possible to circumvent blocking.

the disadvantages of overblocking are greater than the posivive sides. malwarebytes should interfere if you actually download something fishy. but that's probably covered in the free version already.