A couple of weeks ago, one of my users reported that his Malwarebytes was warning him of a potential Trojan when he tried to connect here via telnet. At the time, I assumed it was because I have iptables set up to redirect the port from 23 to the "non root" port that Syncrhonet is listening on.

However, I have since had a fellow sysop who connects here to exchange mail report the same thing. Because the bink port that binkit listens on is not a "needs root" port, I don't have that one redirected by iptables. He also tried it via telnet and sent me the error message. I cannot see what Trojan it thinks is on this end -- I don't think the message says.

I have asked him to resend the message as text so I can share it. Malwarebytes was actually blocking our systems from exchanging mail.

I did scan with ClamAV and all it reports are some "potentially unwanted applications" -- some DOS programs in my download directories that are apparently compressed with PKlite.

As I only have linux machines, I don't have any experience with Malwarebytes. Has anyone else run into this -- is it a case of Malwarebytes just not liking BBSes or something else?

Thanks!
#

---
þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Malwarebytes reports trojan
By: Dumas Walker to All on Sat Jan 20 2024 10:41 am

As I only have linux machines, I don't have any experience with Malwarebytes. Has anyone else run into this -- is it a case of Malwarebytes just not liking BBSes or something else?

it sounds like he's using the trial version or the paid version where you have more features. honestly it's just overkill unless you really ARE infected and you want to try to clean out your system.

i would install it to try on your system bu it's become so convoluted i wont want it on my systems.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

As I only have linux machines, I don't have any experience with Malwarebytes. Has anyone else run into this -- is it a case of Malwarebytes
just not liking BBSes or something else?

it sounds like he's using the trial version or the paid version where you have
ore features. honestly it's just overkill unless you really ARE infected and u want to try to clean out your system.

I think it is the paid version.

i would install it to try on your system bu it's become so convoluted i wont w
t it on my systems.

Isn't Malwarebytes a windows program?


* SLMR 2.1a * Tinnn Rooooooooof! --Rusted!

---
þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

As I only have linux machines, I don't have any experience with
Malwarebytes. Has anyone else run into this -- is it a case of Malwarebytes just not liking BBSes or something else?

FYI, here is the message one of them is getting when trying to surf over
via the web (line wraped).

Location: https://block.malwarebytes.com?lic=Licensed&cat=Trojan&lang=en&prod=MBAM-C&ver=4
.6.7.301&cpv=1.0.2222&upv=1.0.79814&ldr=290&ip=67.131.57.133&url=capitolcityonli
ne.net
Connection: close

Website blocked due to a Trojan

Your Malwarebytes Premium blocked this website because it may contain a Trojan.


The main thing I am concerned about is that any Windows sysop who runs Malwarebytes Premium probably thinks that their connections have "gone
down" when in reality Malwarebytes is rerouting the outbound traffic to a "127." address, and blocking the inbound traffic, to their hub or node.


* SLMR 2.1a * AAAAA - American Association Against Acronym Abuse

---
þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Malwarebytes reports troj
By: Dumas Walker to MRO on Sun Jan 21 2024 09:49 am

i would install it to try on your system bu it's become so convoluted i wont w
t it on my systems.

Isn't Malwarebytes a windows program?

yeah it is. it used to be good back in the day. i installed it in the middle of last year and it was just to convoluted and annoying to run.

i supposed if you download a lot of viruses it would be useful.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Malwarebytes reports troj
By: Dumas Walker to ALL on Sun Jan 21 2024 09:54 am

https://block.malwarebytes.com?lic=Licensed&cat=Trojan&lang=en&prod=M BAM-C&ver=4 .6.7.301&cpv=1.0.2222&upv=1.0.79814&ldr=290&ip=67.131.57.133&url =capitolcityonl i
ne.net
Connection: close

it's also possible that your ip got blacklisted by malwarebytes.
you could have got scanned by one of those shitty port scanners and you got put on a list for being compromised and malwarebytes used the list.

you can contact malwarebytes and try to get it removed.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

it's also possible that your ip got blacklisted by malwarebytes.
you could have got scanned by one of those shitty port scanners and you got put
on a list for being compromised and malwarebytes used the list.

That is what I also suspect.


* SLMR 2.1a * Halloween is *not* Christmas, even though 31 oct = 25 dec

---
þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

From Newsgroup: alt.bbs.synchronet

+ User FidoNet address: 1:396/45
Hello All.

<On 20Jan2024 22:49 Dumas Walker wrote a message to All regarding Malwarebytes reports troj >

To: MRO

As I only have linux machines, I don't have any experience with Malwarebytes. Has anyone else run into this -- is it a case of Malwarebytes just not liking BBSes or something else?

it sounds like he's using the trial version or the paid version
where you have ore features. honestly it's just overkill unless you
really ARE infected and u want to try to clean out your system.

I think it is the paid version.

i would install it to try on your system bu it's become so convoluted
i wont w t it on my systems.

Isn't Malwarebytes a windows program?

Another useful one I've been using that's really easy on resources and easy to configure is Avast, both the freeware version as well as the professional version. Very little interference with all Windows programs. I am not sure if it is available on other OSes... Not sure. https://www.avast.com

Best regards,
Marc
--
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ The FidoNet News Gate (Huntsville, AL - USA) +
+ The views of this user are strictly his or her own. + +++++++++++++++++++++++++++++++++++++++++++++++++++++++
--
This email has been checked for viruses by Avast antivirus software. www.avast.com
--- Synchronet 3.20a-Linux NewsLink 1.114
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Malwarebytes reports troj
By: Dumas Walker to MRO on Mon Jan 22 2024 09:28 am

it's also possible that your ip got blacklisted by malwarebytes.
you could have got scanned by one of those shitty port scanners and you got put
on a list for being compromised and malwarebytes used the list.

That is what I also suspect.

the reason why that popped in my head is stuff like this happened to me more than a few times over the years, especially when i was running my servers off a residential ip address.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: Malwarebytes reports troj
By: Marc Lewis to alt.bbs.synchronet on Mon Jan 22 2024 03:34 pm

Another useful one I've been using that's really easy on resources and easy to configure is Avast, both the freeware version as well as the professional version. Very little interference with all Windows programs. I am not sure if it is available on other OSes... Not sure. https://www.avast.com

Best regards,

wasnt avast caught selling our information?
i just use the ms security essentials.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

From Newsgroup: alt.bbs.synchronet

+ User FidoNet address: 1:396/45
Hello All.

<On 22Jan2024 05:51 MO wrote a message to All regarding Malwarebytes reports troj >

From: "MRO" <mro@BBSESINF.remove-olj-this>

By: Marc Lewis to alt.bbs.synchronet on Mon Jan 22 2024 03:34 pm

Another useful one I've been using that's really easy on resources
and easy
to configure is Avast, both the freeware version as well as the
professional
version. Very little interference with all Windows programs. I am
not sure
if it is available on other OSes... Not sure. https://www.avast.com

Best regards,

wasnt avast caught selling our information?
i just use the ms security essentials.

There are specific settings in Avast under settings - personal privacy to turn off sharing. I'm sure that some folks will still not be convinced. I've been satisfied with its performance. I will check further and see. You may in fact be correct.

Best regards,
Marc

.. "Military intelligence" is a contradiction in terms.(Groucho Marx)
--
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ The FidoNet News Gate (Huntsville, AL - USA) +
+ The views of this user are strictly his or her own. + +++++++++++++++++++++++++++++++++++++++++++++++++++++++
--
This email has been checked for viruses by Avast antivirus software. www.avast.com
--- Synchronet 3.20a-Linux NewsLink 1.114
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

Re: RE: Malwarebytes reports troj
By: Marc Lewis to alt.bbs.synchronet on Tue Jan 23 2024 08:34 pm

There are specific settings in Avast under settings - personal privacy to turn off sharing. I'm sure that some folks will still not be convinced. I've been satisfied with its performance. I will check further and see. You may in fact be correct.

if they did it once, they'll do it again.
I wouldn't trust it.

I just use the built in windows shit.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)