Jump to content


AVG BS? (win-iphone-service-uk.ochalte.ru)


  • Please log in to reply
15 replies to this topic

Lomad #1 Posted 16 July 2018 - 09:56 PM

    Private

  • Player
  • 5990 battles
  • 26
  • Member since:
    02-03-2014

AVG said threat blocked... I usually wouldn't put any credance in it but immediately after a WoT battle *and* specifically citing a WoT executable made me post so see attached.

 

(This is FYI, TWIMC)

 

 

 

 

Attached Files

  • Attached File   aaaaaaaaa.JPG   59.42K


lgfrbcsgo #2 Posted 16 July 2018 - 10:00 PM

    Second Lieutenant

  • Player
  • 33827 battles
  • 1,045
  • [MOTIV] MOTIV
  • Member since:
    04-04-2012
This is a malicious mod trying to display ads through the embedded browser of your WoT client.

Lomad #3 Posted 16 July 2018 - 10:10 PM

    Private

  • Player
  • 5990 battles
  • 26
  • Member since:
    02-03-2014

View Postlgfrbcsgo, on 16 July 2018 - 10:00 PM, said:

This is a malicious mod trying to display ads through the embedded browser of your WoT client.

 

I will notify Solo

 

Edit: I have notified Solo


Edited by Lomad, 16 July 2018 - 10:17 PM.


Nishi_Kinuyo #4 Posted 16 July 2018 - 10:35 PM

    Lieutenant General

  • Player
  • 9022 battles
  • 6,234
  • [GUP] GUP
  • Member since:
    05-28-2011

Congratulations, tovarishch, for using a malicious mod.

 

Also, if you download mods, make sure you get them directly from the original author instead of some random redistributioner.



Lomad #5 Posted 16 July 2018 - 10:55 PM

    Private

  • Player
  • 5990 battles
  • 26
  • Member since:
    02-03-2014

View PostNishi_Kinuyo, on 16 July 2018 - 10:35 PM, said:

Congratulations, tovarishch, for using a malicious mod.

 

Also, if you download mods, make sure you get them directly from the original author instead of some random redistributioner.

 

Thx for the heads up

I'm on -1 update, Solo*s good, I expect the prob to go away in *current* update, Especially if ppl report bugs :)



benachie #6 Posted 16 July 2018 - 11:23 PM

    Private

  • Player
  • 52011 battles
  • 11
  • [T_I_A] T_I_A
  • Member since:
    07-30-2013
I have had this threat come up repeatedly over a number of weeks and have already notified Solo via his website several times.  I think that it is time wargaming.net removed Solo's mod from their "approved list".  I believe that the purpose of the infection is to use your computer for bitcoin mining and I am sure that Solo knows what is in his mod.  I have uninstalled it tonight.  Incidently the infected file is  " cef_browser_process.exe " in the res/cef foler of WoT.  You can rename it safely without affecting gameplay BUT it seems to re-install itself.

Lomad #7 Posted 17 July 2018 - 02:33 AM

    Private

  • Player
  • 5990 battles
  • 26
  • Member since:
    02-03-2014

View Postbenachie, on 16 July 2018 - 11:23 PM, said:

I have had this threat come up repeatedly over a number of weeks and have already notified Solo via his website several times.  I think that it is time wargaming.net removed Solo's mod from their "approved list".  I believe that the purpose of the infection is to use your computer for bitcoin mining and I am sure that Solo knows what is in his mod.  I have uninstalled it tonight.  Incidently the infected file is  " cef_browser_process.exe " in the res/cef foler of WoT.  You can rename it safely without affecting gameplay BUT it seems to re-install itself.

 

Do uninstall it if you wish. I will install the latest update and see... Afterall my AV *did* catch it!

 

I'd rather reserve judgement on anyone who has put so much work in for so long...

 

Mostly I mean Solo but WoT devs too... I'd rather support both :)



Babbet_1 #8 Posted 17 July 2018 - 07:21 AM

    Second Lieutenant

  • Player
  • 13914 battles
  • 1,113
  • [WJDE] WJDE
  • Member since:
    12-13-2015

View PostLomad, on 16 July 2018 - 10:10 PM, said:

 

I will notify Solo

 

Edit: I have notified Solo

 

And what did Han say?  :popcorn:Not something like "Play vanilla and avoid all problems like this" I'll bet! 

Edited by Babbet_1, 17 July 2018 - 07:26 AM.


Homer_J #9 Posted 17 July 2018 - 07:34 AM

    Field Marshal

  • Beta Tester
  • 32256 battles
  • 35,316
  • [WJDE] WJDE
  • Member since:
    09-03-2010

View Postbenachie, on 16 July 2018 - 11:23 PM, said:

 Incidently the infected file is  " cef_browser_process.exe " in the res/cef foler of WoT.  

That is not the infected file.  That is merely the game's in built web browser which is being hijacked by a mod.

 

The infected file is one of the mods you have installed.

 

If you got the modpack through the WG mod hub then also raise a ticket with WG, although they will probably just point you at their disclaimer.



lgfrbcsgo #10 Posted 17 July 2018 - 08:15 AM

    Second Lieutenant

  • Player
  • 33827 battles
  • 1,045
  • [MOTIV] MOTIV
  • Member since:
    04-04-2012

View PostHomer_J, on 17 July 2018 - 07:34 AM, said:

That is not the infected file.  That is merely the game's in built web browser which is being hijacked by a mod.

 

This. That's also the reason why you can't delete the file. Your WoT client is simply repairing itself.



benachie #11 Posted 18 July 2018 - 10:18 AM

    Private

  • Player
  • 52011 battles
  • 11
  • [T_I_A] T_I_A
  • Member since:
    07-30-2013
If I google the malicious link to "win-iphone-service-uk.ochalte.ru" the only link is to this forum, all using solo's mod - go figure.

fraglimit #12 Posted 12 August 2018 - 10:33 AM

    Private

  • Player
  • 28628 battles
  • 6
  • Member since:
    08-05-2012

I also get this warning on Aslain's modpack - August11, release #3. (I know that a release #4 is out, but the release-notes don't mention this matter, so I haven't updated yet). I am guessing that one of the mods has gone rogue, but the modpack-creators (Solo/Aslain/Etc.) haven't wizened up to the problem yet. 

If I try to browse to ochalte_DOT_ru , my AV also blocks my attempts to safeguard against malware.



Nishi_Kinuyo #13 Posted 12 August 2018 - 11:40 AM

    Lieutenant General

  • Player
  • 9022 battles
  • 6,234
  • [GUP] GUP
  • Member since:
    05-28-2011

View Postfraglimit, on 12 August 2018 - 10:33 AM, said:

I also get this warning on Aslain's modpack - August11, release #3. (I know that a release #4 is out, but the release-notes don't mention this matter, so I haven't updated yet). I am guessing that one of the mods has gone rogue, but the modpack-creators (Solo/Aslain/Etc.) haven't wizened up to the problem yet. 

If I try to browse to ochalte_DOT_ru , my AV also blocks my attempts to safeguard against malware.

And where, exactly, did you download that modpack from?

WGMods? His official website? His official forumpost in the mods section?

 

Because I can't find any comments of the sort on the wgmods page: https://wgmods.net/46/

 

So maybe whatever third-party site you downloaded it from has gone rogue?


Edited by Nishi_Kinuyo, 12 August 2018 - 11:41 AM.


fraglimit #14 Posted 13 August 2018 - 12:15 AM

    Private

  • Player
  • 28628 battles
  • 6
  • Member since:
    08-05-2012

View PostNishi_Kinuyo, on 12 August 2018 - 10:40 AM, said:

And where, exactly, did you download that modpack from?

WGMods? His official website? His official forumpost in the mods section?

 

Because I can't find any comments of the sort on the wgmods page: https://wgmods.net/46/

 

So maybe whatever third-party site you downloaded it from has gone rogue?

 

Downloaded from Aslain.com - I did verify the SHA256 checksum before installing.

SHA256 hash of file Aslains_WoT_Modpack_Installer_v.1.0.2.4_03.exe: b6 0c ea 1c 74 30 c3 f5 85 b7 01 f4 6c 09 8f a2 ca cc 18 80 25 a5 0f a7 3e 3d 86 2b c2 6c e0 a3 (was on aslain.com for pack #03)

 


Edited by fraglimit, 13 August 2018 - 12:26 AM.


fraglimit #15 Posted 13 August 2018 - 12:37 AM

    Private

  • Player
  • 28628 battles
  • 6
  • Member since:
    08-05-2012
nvm

Edited by fraglimit, 14 August 2018 - 10:12 PM.


fraglimit #16 Posted 13 August 2018 - 10:11 PM

    Private

  • Player
  • 28628 battles
  • 6
  • Member since:
    08-05-2012
And again from iqt_dot_soundharborredirect_dot_com :(

Edited by fraglimit, 13 August 2018 - 10:11 PM.





1 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users