Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

On the eighth day, God created FORTRAN.

computers / alt.bbs.synchronet / RE: Malwarebytes reports

SubjectAuthor
* Malwarebytes reports trojanDumas Walker
`* Malwarebytes reports trojanMRO
 +* Malwarebytes reports trojDumas Walker
 |+- Malwarebytes reports trojMRO
 |`* Malwarebytes reports trojMarc Lewis
 | +* Malwarebytes reports trojMRO
 | |`* RE: Malwarebytes reports trojMarc Lewis
 | | `* RE: Malwarebytes reports trojMRO
 | |  `- RE: Malwarebytes reportsDumas Walker
 | `* Malwarebytes reports trojDumas Walker
 |  `* Malwarebytes reports trojMRO
 |   +* Malwarebytes reports trojMRO
 |   |`- Re: Malwarebytes reports trojDumas Walker
 |   +* Re: Malwarebytes reports trojDumas Walker
 |   |`* Re: Malwarebytes reports trojMRO
 |   | `* Re: Malwarebytes reportsDumas Walker
 |   |  `* Re: Malwarebytes reportsMRO
 |   |   `- Re: Malwarebytes reportsDumas Walker
 |   `* Malwarebytes reports trojDumas Walker
 |    `- Malwarebytes reports trojMRO
 `* Malwarebytes reports trojDumas Walker
  `* Malwarebytes reports trojMRO
   `* Malwarebytes reports trojDumas Walker
    `- Malwarebytes reports trojMRO

1
Malwarebytes reports trojan

<65ABE9C6.70177.sync@capcity2.synchro.net>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=19524&group=alt.bbs.synchronet#19524

  copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!newsfeed.hasname.com!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx18.iad.POSTED!not-for-mail
From: dumas.wa...@CAPCITY2.remove-l4p-this (Dumas Walker)
Subject: Malwarebytes reports trojan
Message-ID: <65ABE9C6.70177.sync@capcity2.synchro.net>
X-Comment-To: All
Organization: Capitol City Online
Newsgroups: alt.bbs.synchronet
X-FTN-PID: Synchronet 3.19c-Linux master/cb76b1463 Feb 20 2022 GCC 7.5.0
X-FTN-MSGID: 70177.sync@723:320/1 2a1231e7
X-FTN-CHRS: CP437 2
WhenImported: 20240120104158-0500 412c
WhenExported: 20240120135663-0500 412c
ExportedFrom: CAPCITY2 sync 70177
Content-Type: text/plain; charset=IBM437
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.20a-Linux NewsLink 1.114]
Lines: 29
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Sat, 20 Jan 2024 18:57:00 UTC
Date: Sat, 20 Jan 2024 10:41:58 -0500
X-Received-Bytes: 2243
 by: Dumas Walker - Sat, 20 Jan 2024 15:41 UTC

A couple of weeks ago, one of my users reported that his Malwarebytes was
warning him of a potential Trojan when he tried to connect here via telnet. At
the time, I assumed it was because I have iptables set up to redirect the port
from 23 to the "non root" port that Syncrhonet is listening on.

However, I have since had a fellow sysop who connects here to exchange mail
report the same thing. Because the bink port that binkit listens on is not a
"needs root" port, I don't have that one redirected by iptables. He also tried
it via telnet and sent me the error message. I cannot see what Trojan it
thinks is on this end -- I don't think the message says.

I have asked him to resend the message as text so I can share it. Malwarebytes
was actually blocking our systems from exchanging mail.

I did scan with ClamAV and all it reports are some "potentially unwanted
applications" -- some DOS programs in my download directories that are
apparently compressed with PKlite.

As I only have linux machines, I don't have any experience with Malwarebytes.
Has anyone else run into this -- is it a case of Malwarebytes just not liking
BBSes or something else?

Thanks!
#

---
■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
--- Synchronet 3.20a-Linux NewsLink 1.114
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Malwarebytes reports trojan

<65AD083E.9797.sync@bbses.info>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=19525&group=alt.bbs.synchronet#19525

  copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!newsreader4.netcologne.de!news.netcologne.de!peer01.ams1!peer.ams1.xlned.com!news.xlned.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx36.iad.POSTED!not-for-mail
From: mro...@BBSESINF.remove-csm-this (MRO)
Subject: Malwarebytes reports trojan
Message-ID: <65AD083E.9797.sync@bbses.info>
X-Comment-To: Dumas Walker
Organization: bbses.info
Newsgroups: alt.bbs.synchronet
In-Reply-To: <65ABE9C6.70177.sync@capcity2.synchro.net>
References: <65ABE9C6.70177.sync@capcity2.synchro.net>
X-FTN-PID: Synchronet 3.19b-Win32 master/a2a9dc027 Jan 2 2022 MSC 1928
X-FTN-MSGID: 51056.sync@1:103/705 2a130c6a
X-FTN-REPLY: 70177.sync@723:320/1 2a1231e7
X-FTN-CHRS: CP437 2
WhenImported: 20240121060414-0600 4168
WhenExported: 20240121063255-0600 4168
ExportedFrom: BBSESINF sync 9797
Content-Type: text/plain; charset=IBM437
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.20a-Linux NewsLink 1.114]
Lines: 17
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Sun, 21 Jan 2024 12:32:59 UTC
Date: Sun, 21 Jan 2024 06:04:14 -0600
X-Received-Bytes: 1854
 by: MRO - Sun, 21 Jan 2024 12:04 UTC

To: Dumas Walker
Re: Malwarebytes reports trojan
By: Dumas Walker to All on Sat Jan 20 2024 10:41 am

>
> As I only have linux machines, I don't have any experience with
> Malwarebytes. Has anyone else run into this -- is it a case of Malwarebytes
> just not liking BBSes or something else?
>

it sounds like he's using the trial version or the paid version where you have more features. honestly it's just overkill unless you really ARE infected and you want to try to clean out your system.

i would install it to try on your system bu it's become so convoluted i wont want it on my systems.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::
--- Synchronet 3.20a-Linux NewsLink 1.114
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Malwarebytes reports troj

<65AD3370.70181.sync@capcity2.synchro.net>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=19526&group=alt.bbs.synchronet#19526

  copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!newsreader4.netcologne.de!news.netcologne.de!peer03.ams1!peer.ams1.xlned.com!news.xlned.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx12.iad.POSTED!not-for-mail
From: dumas.wa...@CAPCITY2.remove-lg1-this (Dumas Walker)
Subject: Malwarebytes reports troj
Message-ID: <65AD3370.70181.sync@capcity2.synchro.net>
X-Comment-To: MRO
Organization: Capitol City Online
Newsgroups: alt.bbs.synchronet
In-Reply-To: <65AD083E.9797.sync@bbses.info>
References: <65AD083E.9797.sync@bbses.info>
X-FTN-PID: Synchronet 3.19c-Linux master/cb76b1463 Feb 20 2022 GCC 7.5.0
X-FTN-MSGID: 70181.sync@723:320/1 2a137b95
X-FTN-REPLY: 51056.sync@1:103/705 2a130c6a
X-FTN-CHRS: ASCII 1
WhenImported: 20240121100832-0500 412c
WhenExported: 20240121135667-0500 412c
ExportedFrom: CAPCITY2 sync 70181
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.20a-Linux NewsLink 1.114]
Lines: 23
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Sun, 21 Jan 2024 18:57:01 UTC
Date: Sun, 21 Jan 2024 09:49:00 -0500
X-Received-Bytes: 1919
 by: Dumas Walker - Sun, 21 Jan 2024 14:49 UTC

To: MRO
> > As I only have linux machines, I don't have any experience with
> > Malwarebytes. Has anyone else run into this -- is it a case of Malwarebytes
> > just not liking BBSes or something else?

> it sounds like he's using the trial version or the paid version where you have
> ore features. honestly it's just overkill unless you really ARE infected and
> u want to try to clean out your system.

I think it is the paid version.

> i would install it to try on your system bu it's become so convoluted i wont w
> t it on my systems.

Isn't Malwarebytes a windows program?

* SLMR 2.1a * Tinnn Rooooooooof! --Rusted!

---
� Synchronet � CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
--- Synchronet 3.20a-Linux NewsLink 1.114
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Malwarebytes reports troj

<65AD3370.70182.sync@capcity2.synchro.net>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=19527&group=alt.bbs.synchronet#19527

  copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!nntp.club.cc.cmu.edu!45.76.7.193.MISMATCH!3.us.feeder.erje.net!feeder.erje.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx12.iad.POSTED!not-for-mail
From: dumas.wa...@CAPCITY2.remove-lg1-this (Dumas Walker)
Subject: Malwarebytes reports troj
Message-ID: <65AD3370.70182.sync@capcity2.synchro.net>
X-Comment-To: ALL
Organization: Capitol City Online
Newsgroups: alt.bbs.synchronet
In-Reply-To: <65AD083E.9797.sync@bbses.info>
References: <65AD083E.9797.sync@bbses.info>
X-FTN-PID: Synchronet 3.19c-Linux master/cb76b1463 Feb 20 2022 GCC 7.5.0
X-FTN-MSGID: 70182.sync@723:320/1 2a137b96
X-FTN-REPLY: 51056.sync@1:103/705 2a130c6a
X-FTN-CHRS: ASCII 1
WhenImported: 20240121100832-0500 412c
WhenExported: 20240121135667-0500 412c
ExportedFrom: CAPCITY2 sync 70182
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.20a-Linux NewsLink 1.114]
Lines: 30
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Sun, 21 Jan 2024 18:57:02 UTC
Date: Sun, 21 Jan 2024 09:54:00 -0500
X-Received-Bytes: 2165
 by: Dumas Walker - Sun, 21 Jan 2024 14:54 UTC

> As I only have linux machines, I don't have any experience with
> Malwarebytes. Has anyone else run into this -- is it a case of Malwarebytes
> just not liking BBSes or something else?

FYI, here is the message one of them is getting when trying to surf over
via the web (line wraped).

Location:
https://block.malwarebytes.com?lic=Licensed&cat=Trojan&lang=en&prod=MBAM-C&ver=4
..6.7.301&cpv=1.0.2222&upv=1.0.79814&ldr=290&ip=67.131.57.133&url=capitolcityonli
ne.net
Connection: close

Website blocked due to a Trojan

Your Malwarebytes Premium blocked this website because it may contain a Trojan.

The main thing I am concerned about is that any Windows sysop who runs
Malwarebytes Premium probably thinks that their connections have "gone
down" when in reality Malwarebytes is rerouting the outbound traffic to a
"127." address, and blocking the inbound traffic, to their hub or node.

* SLMR 2.1a * AAAAA - American Association Against Acronym Abuse

---
� Synchronet � CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
--- Synchronet 3.20a-Linux NewsLink 1.114
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Malwarebytes reports troj

<65AD7C0A.9801.sync@bbses.info>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=19528&group=alt.bbs.synchronet#19528

  copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!panix!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx10.iad.POSTED!not-for-mail
From: mro...@BBSESINF.remove-8yd-this (MRO)
Subject: Malwarebytes reports troj
Message-ID: <65AD7C0A.9801.sync@bbses.info>
X-Comment-To: Dumas Walker
Organization: bbses.info
Newsgroups: alt.bbs.synchronet
In-Reply-To: <65AD3370.70181.sync@capcity2.synchro.net>
References: <65AD3370.70181.sync@capcity2.synchro.net>
X-FTN-PID: Synchronet 3.19b-Win32 master/a2a9dc027 Jan 2 2022 MSC 1928
X-FTN-MSGID: 51060.sync@1:103/705 2a137dd3
X-FTN-REPLY: 70181.sync@723:320/1 2a137b95
X-FTN-CHRS: CP437 2
WhenImported: 20240121141818-0600 4168
WhenExported: 20240121143645-0600 4168
ExportedFrom: BBSESINF sync 9801
Content-Type: text/plain; charset=IBM437
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.20a-Linux NewsLink 1.114]
Lines: 18
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Sun, 21 Jan 2024 20:36:48 UTC
Date: Sun, 21 Jan 2024 14:18:18 -0600
X-Received-Bytes: 1635
 by: MRO - Sun, 21 Jan 2024 20:18 UTC

To: Dumas Walker
Re: Malwarebytes reports troj
By: Dumas Walker to MRO on Sun Jan 21 2024 09:49 am

> > i would install it to try on your system bu it's become so convoluted i
> > wont w
> > t it on my systems.
>
> Isn't Malwarebytes a windows program?
>

yeah it is. it used to be good back in the day. i installed it in the middle of last year and it was just to convoluted and annoying to run.

i supposed if you download a lot of viruses it would be useful.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::
--- Synchronet 3.20a-Linux NewsLink 1.114
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Malwarebytes reports troj

<65AD9B8F.9802.sync@bbses.info>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=19529&group=alt.bbs.synchronet#19529

  copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx18.iad.POSTED!not-for-mail
From: mro...@BBSESINF.remove-hqz-this (MRO)
Subject: Malwarebytes reports troj
Message-ID: <65AD9B8F.9802.sync@bbses.info>
X-Comment-To: Dumas Walker
Organization: bbses.info
Newsgroups: alt.bbs.synchronet
In-Reply-To: <65AD3370.70182.sync@capcity2.synchro.net>
References: <65AD3370.70182.sync@capcity2.synchro.net>
X-FTN-PID: Synchronet 3.19b-Win32 master/a2a9dc027 Jan 2 2022 MSC 1928
X-FTN-MSGID: 51061.sync@1:103/705 2a13a3c5
X-FTN-REPLY: 70182.sync@723:320/1 2a137b96
X-FTN-CHRS: CP437 2
WhenImported: 20240121163247-0600 4168
WhenExported: 20240121171838-0600 4168
ExportedFrom: BBSESINF sync 9802
Content-Type: text/plain; charset=IBM437
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.20a-Linux NewsLink 1.114]
Lines: 19
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Sun, 21 Jan 2024 23:18:41 UTC
Date: Sun, 21 Jan 2024 16:32:47 -0600
X-Received-Bytes: 1739
 by: MRO - Sun, 21 Jan 2024 22:32 UTC

To: Dumas Walker
Re: Malwarebytes reports troj
By: Dumas Walker to ALL on Sun Jan 21 2024 09:54 am

> https://block.malwarebytes.com?lic=Licensed&cat=Trojan&lang=en&prod=M
> BAM-C&ver=4 .6.7.301&cpv=1.0.2222&upv=1.0.79814&ldr=290&ip=67.131.57.133&url
> =capitolcityonl i
> ne.net
> Connection: close

it's also possible that your ip got blacklisted by malwarebytes.
you could have got scanned by one of those shitty port scanners and you got put on a list for being compromised and malwarebytes used the list.

you can contact malwarebytes and try to get it removed.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::
--- Synchronet 3.20a-Linux NewsLink 1.114
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Malwarebytes reports troj

<65AE7D88.70188.sync@capcity2.synchro.net>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=19533&group=alt.bbs.synchronet#19533

  copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx11.iad.POSTED!not-for-mail
From: dumas.wa...@CAPCITY2.remove-9on-this (Dumas Walker)
Subject: Malwarebytes reports troj
Message-ID: <65AE7D88.70188.sync@capcity2.synchro.net>
X-Comment-To: MRO
Organization: Capitol City Online
Newsgroups: alt.bbs.synchronet
In-Reply-To: <65AD9B8F.9802.sync@bbses.info>
References: <65AD9B8F.9802.sync@bbses.info>
X-FTN-PID: Synchronet 3.19c-Linux master/cb76b1463 Feb 20 2022 GCC 7.5.0
X-FTN-MSGID: 70188.sync@723:320/1 2a14c5b4
X-FTN-REPLY: 51061.sync@1:103/705 2a13a3c5
X-FTN-CHRS: ASCII 1
WhenImported: 20240122093656-0500 412c
WhenExported: 20240122135709-0500 412c
ExportedFrom: CAPCITY2 sync 70188
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.20a-Linux NewsLink 1.114]
Lines: 14
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Mon, 22 Jan 2024 18:57:05 UTC
Date: Mon, 22 Jan 2024 09:28:00 -0500
X-Received-Bytes: 1517
 by: Dumas Walker - Mon, 22 Jan 2024 14:28 UTC

To: MRO
>it's also possible that your ip got blacklisted by malwarebytes.
>you could have got scanned by one of those shitty port scanners and you got put
>on a list for being compromised and malwarebytes used the list.

That is what I also suspect.

* SLMR 2.1a * Halloween is *not* Christmas, even though 31 oct = 25 dec

---
� Synchronet � CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
--- Synchronet 3.20a-Linux NewsLink 1.114
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Malwarebytes reports troj

<0000.65aee1ad@net396.fidonet.org>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=19534&group=alt.bbs.synchronet#19534

  copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!newsfeed.hasname.com!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx10.iad.POSTED!not-for-mail
From: ...@p0.f45.n396.z1[ASC46]fidonet[.]org (Marc Lewis)
Newsgroups: alt.bbs.synchronet
Subject: Malwarebytes reports troj
Organization: FidoNet
Message-ID: <0000.65aee1ad@net396.fidonet.org>
References: <65AD3370.70181.sync@capcity2.synchro.net> ffffffff
X-Gateway: NewsGate v1.0 gamma 1 NNTP <-> FidoNet Gateway
X-FTNADDR: 1:396/45.0
X-Antivirus: Avast (VPS 240122-8, 1/22/2024), Outbound message
X-Antivirus-Status: Clean
Lines: 37
X-Complaints-To: abuse@usenetserver.com
NNTP-Posting-Date: Mon, 22 Jan 2024 21:44:15 UTC
Date: Sun, 22 Jan 2024 15:34:11
X-Received-Bytes: 2038
 by: Marc Lewis - Sun, 28 Jan 2024 15:34 UTC

+ User FidoNet address: 1:396/45
Hello All.

<On 20Jan2024 22:49 Dumas Walker wrote a message to All regarding Malwarebytes
reports troj >

DW> To: MRO
> > As I only have linux machines, I don't have any experience with
> > Malwarebytes. Has anyone else run into this -- is it a case of
> > Malwarebytes just not liking BBSes or something else?

> it sounds like he's using the trial version or the paid version
> where you have ore features. honestly it's just overkill unless you
> really ARE infected and u want to try to clean out your system.

DW> I think it is the paid version.

> i would install it to try on your system bu it's become so convoluted
> i wont w t it on my systems.

DW> Isn't Malwarebytes a windows program?
Another useful one I've been using that's really easy on resources and easy to
configure is Avast, both the freeware version as well as the professional
version. Very little interference with all Windows programs. I am not sure if
it is available on other OSes... Not sure. https://www.avast.com

Best regards,
Marc
--
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ The FidoNet News Gate (Huntsville, AL - USA) +
+ The views of this user are strictly his or her own. +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++

--
This email has been checked for viruses by Avast antivirus software.
www.avast.com

Malwarebytes reports troj

<65AEF0E8.9807.sync@bbses.info>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=19535&group=alt.bbs.synchronet#19535

  copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!newsreader4.netcologne.de!news.netcologne.de!peer01.ams1!peer.ams1.xlned.com!news.xlned.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx11.iad.POSTED!not-for-mail
From: mro...@BBSESINF.remove-wpr-this (MRO)
Subject: Malwarebytes reports troj
Message-ID: <65AEF0E8.9807.sync@bbses.info>
X-Comment-To: Dumas Walker
Organization: bbses.info
Newsgroups: alt.bbs.synchronet
In-Reply-To: <65AE7D88.70188.sync@capcity2.synchro.net>
References: <65AE7D88.70188.sync@capcity2.synchro.net>
X-FTN-PID: Synchronet 3.19b-Win32 master/a2a9dc027 Jan 2 2022 MSC 1928
X-FTN-MSGID: 51067.sync@1:103/705 2a14f2cc
X-FTN-REPLY: 70188.sync@723:320/1 2a14c5b4
X-FTN-CHRS: CP437 2
WhenImported: 20240122164912-0600 4168
WhenExported: 20240122170759-0600 4168
ExportedFrom: BBSESINF sync 9807
Content-Type: text/plain; charset=IBM437
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.20a-Linux NewsLink 1.114]
Lines: 18
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Mon, 22 Jan 2024 23:08:01 UTC
Date: Mon, 22 Jan 2024 16:49:12 -0600
X-Received-Bytes: 1800
 by: MRO - Mon, 22 Jan 2024 22:49 UTC

To: Dumas Walker
Re: Malwarebytes reports troj
By: Dumas Walker to MRO on Mon Jan 22 2024 09:28 am

> >it's also possible that your ip got blacklisted by malwarebytes.
> >you could have got scanned by one of those shitty port scanners and you got
> put
> >on a list for being compromised and malwarebytes used the list.
>
> That is what I also suspect.
>
>

the reason why that popped in my head is stuff like this happened to me more than a few times over the years, especially when i was running my servers off a residential ip address.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::
--- Synchronet 3.20a-Linux NewsLink 1.114
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Malwarebytes reports troj

<65AEFF73.9809.sync@bbses.info>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=19536&group=alt.bbs.synchronet#19536

  copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx35.iad.POSTED!not-for-mail
From: mro...@BBSESINF.remove-olj-this (MRO)
Subject: Malwarebytes reports troj
Message-ID: <65AEFF73.9809.sync@bbses.info>
X-Comment-To: Marc Lewis
Organization: bbses.info
Newsgroups: alt.bbs.synchronet
In-Reply-To: <0000.65aee1ad@net396.fidonet.org>
References: <0000.65aee1ad@net396.fidonet.org>
X-FTN-PID: Synchronet 3.19b-Win32 master/a2a9dc027 Jan 2 2022 MSC 1928
X-FTN-MSGID: 51068.sync@1:103/705 2a15013f
X-FTN-REPLY: 51066.sync@1:103/705 2a14f049
X-FTN-CHRS: CP437 2
WhenImported: 20240122175115-0600 4168
WhenExported: 20240122180937-0600 4168
ExportedFrom: BBSESINF sync 9809
Content-Type: text/plain; charset=IBM437
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.20a-Linux NewsLink 1.114]
Lines: 17
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Tue, 23 Jan 2024 00:09:40 UTC
Date: Mon, 22 Jan 2024 17:51:15 -0600
X-Received-Bytes: 1671
 by: MRO - Mon, 22 Jan 2024 23:51 UTC

To: Marc Lewis
Re: Malwarebytes reports troj
By: Marc Lewis to alt.bbs.synchronet on Mon Jan 22 2024 03:34 pm

> Another useful one I've been using that's really easy on resources and easy
> to configure is Avast, both the freeware version as well as the professional
> version. Very little interference with all Windows programs. I am not sure
> if it is available on other OSes... Not sure. https://www.avast.com
>
> Best regards,

wasnt avast caught selling our information?
i just use the ms security essentials.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::
--- Synchronet 3.20a-Linux NewsLink 1.114
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Malwarebytes reports troj

<65B125AF.70194.sync@capcity2.synchro.net>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=19537&group=alt.bbs.synchronet#19537

  copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx16.iad.POSTED!not-for-mail
From: dumas.wa...@CAPCITY2.remove-nxm-this (Dumas Walker)
Subject: Malwarebytes reports troj
Message-ID: <65B125AF.70194.sync@capcity2.synchro.net>
X-Comment-To: MARC LEWIS
Organization: Capitol City Online
Newsgroups: alt.bbs.synchronet
In-Reply-To: <0000.65aee1ad@net396.fidonet.org>
References: <0000.65aee1ad@net396.fidonet.org>
X-FTN-PID: Synchronet 3.19c-Linux master/cb76b1463 Feb 20 2022 GCC 7.5.0
X-FTN-MSGID: 70194.sync@723:320/1 2a176de1
X-FTN-REPLY: 51066.sync@1:103/705 2a14f049
X-FTN-CHRS: ASCII 1
WhenImported: 20240124095855-0500 412c
WhenExported: 20240124135711-0500 412c
ExportedFrom: CAPCITY2 sync 70194
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.20a-Linux NewsLink 1.114]
Lines: 28
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Wed, 24 Jan 2024 18:57:09 UTC
Date: Wed, 24 Jan 2024 09:45:00 -0500
X-Received-Bytes: 2381
 by: Dumas Walker - Wed, 24 Jan 2024 14:45 UTC

To: MARC LEWIS
> DW> Isn't Malwarebytes a windows program?
> Another useful one I've been using that's really easy on resources and easy to
> configure is Avast, both the freeware version as well as the professional
> version. Very little interference with all Windows programs. I am not sure if
> it is available on other OSes... Not sure. https://www.avast.com

Thanks, I used to use that one when I had a windows machine and it did seem
to work and play better than others.

I was curious if maybe malwarebytes doesn't like bbses but it sounded like
it was only my board that was tripping the alert which makes me think mro
might be right about the port scanners/blacklists. I have been getting hit
a lot lately with script bots that tie up / lock up the telnet service, and
a few that have hit me both there and the web interface at the same time.

I scanned the system with ClamAV. It did find a bunch of PUAs -- DOS
programs for download that are compressed with PKlite or were compiled
using watcomm (not sure why that is an issue) -- but it did not find any
trojans or viruses.

* SLMR 2.1a * In Stereo where available. .elbaliava erehw oeretS nI

---
� Synchronet � CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
--- Synchronet 3.20a-Linux NewsLink 1.114
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Malwarebytes reports troj

<65B1B111.9811.sync@bbses.info>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=19538&group=alt.bbs.synchronet#19538

  copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!rocksolid2!news.neodome.net!weretis.net!feeder6.news.weretis.net!panix!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx16.iad.POSTED!not-for-mail
From: mro...@BBSESINF.remove-86u-this (MRO)
Subject: Malwarebytes reports troj
Message-ID: <65B1B111.9811.sync@bbses.info>
X-Comment-To: Dumas Walker
Organization: bbses.info
Newsgroups: alt.bbs.synchronet
In-Reply-To: <65B125AF.70194.sync@capcity2.synchro.net>
References: <65B125AF.70194.sync@capcity2.synchro.net>
X-FTN-PID: Synchronet 3.19b-Win32 master/a2a9dc027 Jan 2 2022 MSC 1928
X-FTN-MSGID: 51071.sync@1:103/705 2a17b479
X-FTN-REPLY: 70194.sync@723:320/1 2a176de1
X-FTN-CHRS: CP437 2
WhenImported: 20240124185337-0600 4168
WhenExported: 20240124191843-0600 4168
ExportedFrom: BBSESINF sync 9811
Content-Type: text/plain; charset=IBM437
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.20a-Linux NewsLink 1.114]
Lines: 23
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Thu, 25 Jan 2024 01:18:51 UTC
Date: Wed, 24 Jan 2024 18:53:37 -0600
X-Received-Bytes: 1932
 by: MRO - Thu, 25 Jan 2024 00:53 UTC

To: Dumas Walker
Re: Malwarebytes reports troj
By: Dumas Walker to MARC LEWIS on Wed Jan 24 2024 09:45 am

> I was curious if maybe malwarebytes doesn't like bbses but it sounded like
> it was only my board that was tripping the alert which makes me think mro
> might be right about the port scanners/blacklists. I have been getting hit
> a lot lately with script bots that tie up / lock up the telnet service, and

I don't even think it's about you running a bbs.
your domain is just blacklisted.

https://i.imgur.com/dsSaM8M.png

*.synchro.net websites work.
my site works.

I installed a vm and installed malwarebytes. It has changed a lot. stupid splash screens when installing, takes a while. looks like bloatware.
whoever runs this shit is a moron.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::
--- Synchronet 3.20a-Linux NewsLink 1.114
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Malwarebytes reports troj

<65B1B287.9813.sync@bbses.info>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=19539&group=alt.bbs.synchronet#19539

  copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!rocksolid2!news.neodome.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx16.iad.POSTED!not-for-mail
From: mro...@BBSESINF.remove-86u-this (MRO)
Subject: Malwarebytes reports troj
Message-ID: <65B1B287.9813.sync@bbses.info>
X-Comment-To: Dumas Walker
Organization: bbses.info
Newsgroups: alt.bbs.synchronet
In-Reply-To: <65B1B111.9811.sync@bbses.info>
References: <65B1B111.9811.sync@bbses.info>
X-FTN-PID: Synchronet 3.19b-Win32 master/a2a9dc027 Jan 2 2022 MSC 1928
X-FTN-MSGID: 51073.sync@1:103/705 2a17b47b
X-FTN-REPLY: 51071.sync@1:103/705 2a17b479
X-FTN-CHRS: CP437 2
WhenImported: 20240124185951-0600 4168
WhenExported: 20240124191843-0600 4168
ExportedFrom: BBSESINF sync 9813
Content-Type: text/plain; charset=IBM437
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.20a-Linux NewsLink 1.114]
Lines: 37
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Thu, 25 Jan 2024 01:18:53 UTC
Date: Wed, 24 Jan 2024 18:59:51 -0600
X-Received-Bytes: 2319
 by: MRO - Thu, 25 Jan 2024 00:59 UTC

To: Dumas Walker
Re: Malwarebytes reports troj
By: MRO to Dumas Walker on Wed Jan 24 2024 06:53 pm

> Re: Malwarebytes reports troj
> By: Dumas Walker to MARC LEWIS on Wed Jan 24 2024 09:45 am
>
> > I was curious if maybe malwarebytes doesn't like bbses but it sounded
> > like it was only my board that was tripping the alert which makes me
> > think mro might be right about the port scanners/blacklists. I have been
> > getting hit a lot lately with script bots that tie up / lock up the
> > telnet service, and
>
> I don't even think it's about you running a bbs.
> your domain is just blacklisted.
>
> https://i.imgur.com/dsSaM8M.png
>
> *.synchro.net websites work.
> my site works.
>
> I installed a vm and installed malwarebytes. It has changed a lot. stupid
> splash screens when installing, takes a while. looks like bloatware.
> whoever runs this shit is a moron.

damn dude malwarebytes really hates your ass.
when trying to telnet to it, it blocks and does a popup.

you should contact them and give them your ip to get unblacklisted.

https://i.imgur.com/F0UPzKn.png
even rlogin
https://i.imgur.com/jAM7Xbg.png
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::
--- Synchronet 3.20a-Linux NewsLink 1.114
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Re: Malwarebytes reports troj

<65B27A5B.70200.sync@capcity2.synchro.net>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=19543&group=alt.bbs.synchronet#19543

  copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!news.neodome.net!weretis.net!feeder6.news.weretis.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx12.iad.POSTED!not-for-mail
From: dumas.wa...@CAPCITY2.remove-4hw-this (Dumas Walker)
Subject: Re: Malwarebytes reports troj
Message-ID: <65B27A5B.70200.sync@capcity2.synchro.net>
X-Comment-To: MRO
Organization: Capitol City Online
Newsgroups: alt.bbs.synchronet
In-Reply-To: <65B1B111.9811.sync@bbses.info>
References: <65B1B111.9811.sync@bbses.info>
X-FTN-PID: Synchronet 3.19c-Linux master/cb76b1463 Feb 20 2022 GCC 7.5.0
X-FTN-MSGID: 70200.sync@723:320/1 2a18c293
X-FTN-REPLY: 51071.sync@1:103/705 2a17b479
X-FTN-CHRS: CP437 2
WhenImported: 20240125101227-0500 412c
WhenExported: 20240125135712-0500 412c
ExportedFrom: CAPCITY2 sync 70200
Content-Type: text/plain; charset=IBM437
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.20a-Linux NewsLink 1.114]
Lines: 16
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Thu, 25 Jan 2024 18:57:12 UTC
Date: Thu, 25 Jan 2024 10:12:27 -0500
X-Received-Bytes: 1432
 by: Dumas Walker - Thu, 25 Jan 2024 15:12 UTC

To: MRO
> I don't even think it's about you running a bbs.
> your domain is just blacklisted.

> https://i.imgur.com/dsSaM8M.png

Yeah, I like how it doesn't tell you what trojan it thinks is there (because
there isn't one). :(

#

---
■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
--- Synchronet 3.20a-Linux NewsLink 1.114
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Malwarebytes reports troj

<65B27978.70199.sync@capcity2.synchro.net>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=19544&group=alt.bbs.synchronet#19544

  copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx12.iad.POSTED!not-for-mail
From: dumas.wa...@CAPCITY2.remove-4hw-this (Dumas Walker)
Subject: Malwarebytes reports troj
Message-ID: <65B27978.70199.sync@capcity2.synchro.net>
X-Comment-To: MRO
Organization: Capitol City Online
Newsgroups: alt.bbs.synchronet
In-Reply-To: <65B1B111.9811.sync@bbses.info>
References: <65B1B111.9811.sync@bbses.info>
X-FTN-PID: Synchronet 3.19c-Linux master/cb76b1463 Feb 20 2022 GCC 7.5.0
X-FTN-MSGID: 70199.sync@723:320/1 2a18c1af
X-FTN-REPLY: 51071.sync@1:103/705 2a17b479
X-FTN-CHRS: ASCII 1
WhenImported: 20240125100840-0500 412c
WhenExported: 20240125135712-0500 412c
ExportedFrom: CAPCITY2 sync 70199
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.20a-Linux NewsLink 1.114]
Lines: 24
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Thu, 25 Jan 2024 18:57:11 UTC
Date: Thu, 25 Jan 2024 09:59:00 -0500
X-Received-Bytes: 1747
 by: Dumas Walker - Thu, 25 Jan 2024 14:59 UTC

To: MRO
> I don't even think it's about you running a bbs.
> your domain is just blacklisted.

> https://i.imgur.com/dsSaM8M.png

> *.synchro.net websites work.
> my site works.

When you say *.synchro.net sites, I assume you mean "other than mine." :D

> I installed a vm and installed malwarebytes. It has changed a lot. stupid spl
> h screens when installing, takes a while. looks like bloatware.
> whoever runs this shit is a moron.

But a very popular moron, unfortunately.

* SLMR 2.1a * Speed doesn't kill. Stopping very fast kills.

---
� Synchronet � CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
--- Synchronet 3.20a-Linux NewsLink 1.114
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Re: Malwarebytes reports troj

<65B27F0A.70201.sync@capcity2.synchro.net>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=19545&group=alt.bbs.synchronet#19545

  copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!news.neodome.net!weretis.net!feeder6.news.weretis.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx12.iad.POSTED!not-for-mail
From: dumas.wa...@CAPCITY2.remove-4hw-this (Dumas Walker)
Subject: Re: Malwarebytes reports troj
Message-ID: <65B27F0A.70201.sync@capcity2.synchro.net>
X-Comment-To: MRO
Organization: Capitol City Online
Newsgroups: alt.bbs.synchronet
In-Reply-To: <65B1B287.9813.sync@bbses.info>
References: <65B1B287.9813.sync@bbses.info>
X-FTN-PID: Synchronet 3.19c-Linux master/cb76b1463 Feb 20 2022 GCC 7.5.0
X-FTN-MSGID: 70201.sync@723:320/1 2a18c743
X-FTN-REPLY: 51073.sync@1:103/705 2a17b47b
X-FTN-CHRS: CP437 2
WhenImported: 20240125103226-0500 412c
WhenExported: 20240125135712-0500 412c
ExportedFrom: CAPCITY2 sync 70201
Content-Type: text/plain; charset=IBM437
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.20a-Linux NewsLink 1.114]
Lines: 11
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Thu, 25 Jan 2024 18:57:13 UTC
Date: Thu, 25 Jan 2024 10:32:26 -0500
X-Received-Bytes: 1312
 by: Dumas Walker - Thu, 25 Jan 2024 15:32 UTC

To: MRO
> you should contact them and give them your ip to get unblacklisted.

Reported. We shall see what happens.

#

---
■ Synchronet ■ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
--- Synchronet 3.20a-Linux NewsLink 1.114
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Malwarebytes reports troj

<65B2B503.9822.sync@bbses.info>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=19550&group=alt.bbs.synchronet#19550

  copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!rocksolid2!news.neodome.net!weretis.net!feeder6.news.weretis.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx46.iad.POSTED!not-for-mail
From: mro...@BBSESINF.remove-pig-this (MRO)
Subject: Malwarebytes reports troj
Message-ID: <65B2B503.9822.sync@bbses.info>
X-Comment-To: Dumas Walker
Organization: bbses.info
Newsgroups: alt.bbs.synchronet
In-Reply-To: <65B27978.70199.sync@capcity2.synchro.net>
References: <65B27978.70199.sync@capcity2.synchro.net>
X-FTN-PID: Synchronet 3.19b-Win32 master/a2a9dc027 Jan 2 2022 MSC 1928
X-FTN-MSGID: 51083.sync@1:103/705 2a18bb3a
X-FTN-REPLY: 70199.sync@723:320/1 2a18c1af
X-FTN-CHRS: CP437 2
WhenImported: 20240125132243-0600 4168
WhenExported: 20240125135942-0600 4168
ExportedFrom: BBSESINF sync 9822
Content-Type: text/plain; charset=IBM437
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.20a-Linux NewsLink 1.114]
Lines: 29
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Thu, 25 Jan 2024 19:59:44 UTC
Date: Thu, 25 Jan 2024 13:22:43 -0600
X-Received-Bytes: 1893
 by: MRO - Thu, 25 Jan 2024 19:22 UTC

To: Dumas Walker
Re: Malwarebytes reports troj
By: Dumas Walker to MRO on Thu Jan 25 2024 09:59 am

> > I don't even think it's about you running a bbs.
> > your domain is just blacklisted.
>
> > https://i.imgur.com/dsSaM8M.png
>
> > *.synchro.net websites work.
> > my site works.
>
> When you say *.synchro.net sites, I assume you mean "other than mine." :D

yep

> > h screens when installing, takes a while. looks like bloatware.
> > whoever runs this shit is a moron.
>
> But a very popular moron, unfortunately.
>

the guy who can't access your site is a moron?
i mean whoever would want to run malwarebytes in this form is a moron.
it's not a simple utility anymore. it takes over everything.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::
--- Synchronet 3.20a-Linux NewsLink 1.114
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Re: Malwarebytes reports troj

<65B2B554.9823.sync@bbses.info>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=19552&group=alt.bbs.synchronet#19552

  copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!rocksolid2!news.neodome.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx46.iad.POSTED!not-for-mail
From: mro...@BBSESINF.remove-pig-this (MRO)
Subject: Re: Malwarebytes reports troj
Message-ID: <65B2B554.9823.sync@bbses.info>
X-Comment-To: Dumas Walker
Organization: bbses.info
Newsgroups: alt.bbs.synchronet
In-Reply-To: <65B27A5B.70200.sync@capcity2.synchro.net>
References: <65B27A5B.70200.sync@capcity2.synchro.net>
X-FTN-PID: Synchronet 3.19b-Win32 master/a2a9dc027 Jan 2 2022 MSC 1928
X-FTN-MSGID: 51084.sync@1:103/705 2a18bb3b
X-FTN-REPLY: 70200.sync@723:320/1 2a18c293
X-FTN-CHRS: CP437 2
WhenImported: 20240125132404-0600 4168
WhenExported: 20240125135942-0600 4168
ExportedFrom: BBSESINF sync 9823
Content-Type: text/plain; charset=IBM437
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.20a-Linux NewsLink 1.114]
Lines: 21
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Thu, 25 Jan 2024 19:59:45 UTC
Date: Thu, 25 Jan 2024 13:24:04 -0600
X-Received-Bytes: 1767
 by: MRO - Thu, 25 Jan 2024 19:24 UTC

To: Dumas Walker
Re: Re: Malwarebytes reports troj
By: Dumas Walker to MRO on Thu Jan 25 2024 10:12 am

> > I don't even think it's about you running a bbs.
> > your domain is just blacklisted.
>
> > https://i.imgur.com/dsSaM8M.png
>
>
> Yeah, I like how it doesn't tell you what trojan it thinks is there (because
> there isn't one). :(

yeah, not very technical for being in the biz.
it's not like there's bad javascript or it's serving up anything.

so contact them with your ip address. that's the thing that triggers the blocking. hopefully you will get ahold of a real person.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::
--- Synchronet 3.20a-Linux NewsLink 1.114
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Re: Malwarebytes reports

<65B3C73A.70227.sync@capcity2.synchro.net>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=19575&group=alt.bbs.synchronet#19575

  copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!feeder6.news.weretis.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx18.iad.POSTED!not-for-mail
From: dumas.wa...@CAPCITY2.remove-z2a-this (Dumas Walker)
Subject: Re: Malwarebytes reports
Message-ID: <65B3C73A.70227.sync@capcity2.synchro.net>
X-Comment-To: MRO
Organization: Capitol City Online
Newsgroups: alt.bbs.synchronet
In-Reply-To: <65B2B554.9823.sync@bbses.info>
References: <65B2B554.9823.sync@bbses.info>
X-FTN-PID: Synchronet 3.19c-Linux master/cb76b1463 Feb 20 2022 GCC 7.5.0
X-FTN-MSGID: 70227.sync@723:320/1 2a1a0f8d
X-FTN-REPLY: 51084.sync@1:103/705 2a18bb3b
X-FTN-CHRS: ASCII 1
WhenImported: 20240126095242-0500 412c
WhenExported: 20240126135709-0500 412c
ExportedFrom: CAPCITY2 sync 70227
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.20a-Linux NewsLink 1.114]
Lines: 23
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Fri, 26 Jan 2024 18:57:12 UTC
Date: Fri, 26 Jan 2024 09:50:00 -0500
X-Received-Bytes: 1989
 by: Dumas Walker - Fri, 26 Jan 2024 14:50 UTC

To: MRO
> so contact them with your ip address. that's the thing that triggers the block
> g. hopefully you will get ahold of a real person.

Their answer is that I need to add my site to my malwarebytes config, even
though I told them (1) I am not the one running their software and (2) it
is other people who are accessing my site and getting a false positive.

I sort of figured I'd not find much joy there since I am not a customer.

Meanwhile, I can see where they immediately helped someone else out who
runs a commecercial website -- selling men's undergarments -- whose site
apparently got blocked because it has the word "ass" in it.

Maybe I should change my site name to "getsomeass.net" so they will fix it.

* SLMR 2.1a * Veni, Vidi, Velcro. (I came, I saw, I stuck around)

---
� Synchronet � CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
--- Synchronet 3.20a-Linux NewsLink 1.114
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Re: Malwarebytes reports

<65B43C59.9853.sync@bbses.info>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=19580&group=alt.bbs.synchronet#19580

  copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!news.1d4.us!news.quux.org!weretis.net!feeder6.news.weretis.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx12.iad.POSTED!not-for-mail
From: mro...@BBSESINF.remove-m3t-this (MRO)
Subject: Re: Malwarebytes reports
Message-ID: <65B43C59.9853.sync@bbses.info>
X-Comment-To: Dumas Walker
Organization: bbses.info
Newsgroups: alt.bbs.synchronet
In-Reply-To: <65B3C73A.70227.sync@capcity2.synchro.net>
References: <65B3C73A.70227.sync@capcity2.synchro.net>
X-FTN-PID: Synchronet 3.19b-Win32 master/a2a9dc027 Jan 2 2022 MSC 1928
X-FTN-MSGID: 51115.sync@1:103/705 2a1a3cdc
X-FTN-REPLY: 70227.sync@723:320/1 2a1a0f8d
X-FTN-CHRS: CP437 2
WhenImported: 20240126171225-0600 4168
WhenExported: 20240126172432-0600 4168
ExportedFrom: BBSESINF sync 9853
Content-Type: text/plain; charset=IBM437
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.20a-Linux NewsLink 1.114]
Lines: 25
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Fri, 26 Jan 2024 23:24:34 UTC
Date: Fri, 26 Jan 2024 17:12:25 -0600
X-Received-Bytes: 2031
 by: MRO - Fri, 26 Jan 2024 23:12 UTC

To: Dumas Walker
Re: Re: Malwarebytes reports
By: Dumas Walker to MRO on Fri Jan 26 2024 09:50 am

>
> Their answer is that I need to add my site to my malwarebytes config, even
> though I told them (1) I am not the one running their software and (2) it
> is other people who are accessing my site and getting a false positive.
>
> I sort of figured I'd not find much joy there since I am not a customer.
>
> Meanwhile, I can see where they immediately helped someone else out who
> runs a commecercial website -- selling men's undergarments -- whose site
> apparently got blocked because it has the word "ass" in it.
>
> Maybe I should change my site name to "getsomeass.net" so they will fix it.

yep looks like they arent the same malwarebytes from years ago.
they are all about the money.

not many people use it, so i wouldn't worry about it.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::
--- Synchronet 3.20a-Linux NewsLink 1.114
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

Re: Malwarebytes reports

<65B51E58.70242.sync@capcity2.synchro.net>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=19584&group=alt.bbs.synchronet#19584

  copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!rocksolid2!news.neodome.net!tncsrv06.tnetconsulting.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx47.iad.POSTED!not-for-mail
From: dumas.wa...@CAPCITY2.remove-gr4-this (Dumas Walker)
Subject: Re: Malwarebytes reports
Message-ID: <65B51E58.70242.sync@capcity2.synchro.net>
X-Comment-To: MRO
Organization: Capitol City Online
Newsgroups: alt.bbs.synchronet
In-Reply-To: <65B43C59.9853.sync@bbses.info>
References: <65B43C59.9853.sync@bbses.info>
X-FTN-PID: Synchronet 3.19c-Linux master/cb76b1463 Feb 20 2022 GCC 7.5.0
X-FTN-MSGID: 70242.sync@723:320/1 2a1b66ba
X-FTN-REPLY: 51115.sync@1:103/705 2a1a3cdc
X-FTN-CHRS: ASCII 1
WhenImported: 20240127101640-0500 412c
WhenExported: 20240127135718-0500 412c
ExportedFrom: CAPCITY2 sync 70242
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.20a-Linux NewsLink 1.114]
Lines: 12
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Sat, 27 Jan 2024 18:57:27 UTC
Date: Sat, 27 Jan 2024 10:01:00 -0500
X-Received-Bytes: 1358
 by: Dumas Walker - Sat, 27 Jan 2024 15:01 UTC

To: MRO
> not many people use it, so i wouldn't worry about it.

I've decided not to. Thanks!

* SLMR 2.1a * Energize! said Picard....and this pink bunny appeared...

---
� Synchronet � CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
--- Synchronet 3.20a-Linux NewsLink 1.114
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

RE: Malwarebytes reports troj

<0000.65b6ad13@net396.fidonet.org>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=19587&group=alt.bbs.synchronet#19587

  copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!newsreader4.netcologne.de!news.netcologne.de!peer02.ams1!peer.ams1.xlned.com!news.xlned.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx09.iad.POSTED!not-for-mail
From: ...@p0.f45.n396.z1[ASC46]fidonet[.]org (Marc Lewis)
Newsgroups: alt.bbs.synchronet
Subject: RE: Malwarebytes reports troj
Organization: FidoNet
Message-ID: <0000.65b6ad13@net396.fidonet.org>
References: <65AEFF73.9809.sync@bbses.info>
X-Gateway: NewsGate v1.0 gamma 1 NNTP <-> FidoNet Gateway
X-FTNADDR: 1:396/45.0
X-Antivirus: Avast (VPS 240128-4, 1/28/2024), Outbound message
X-Antivirus-Status: Clean
Lines: 41
X-Complaints-To: abuse@usenetserver.com
NNTP-Posting-Date: Sun, 28 Jan 2024 19:37:57 UTC
Date: Mon, 23 Jan 2024 20:34:36
X-Received-Bytes: 2076
 by: Marc Lewis - Mon, 29 Jan 2024 20:34 UTC

+ User FidoNet address: 1:396/45
Hello All.

<On 22Jan2024 05:51 MO wrote a message to All regarding Malwarebytes reports
troj >

M> From: "MRO" <mro@BBSESINF.remove-olj-this>

M> By: Marc Lewis to alt.bbs.synchronet on Mon Jan 22 2024 03:34 pm

> Another useful one I've been using that's really easy on resources
> and easy
> to configure is Avast, both the freeware version as well as the
> professional
> version. Very little interference with all Windows programs. I am
> not sure
> if it is available on other OSes... Not sure. https://www.avast.com
>
> Best regards,

M> wasnt avast caught selling our information?
M> i just use the ms security essentials.

There are specific settings in Avast under settings - personal privacy to turn
off sharing. I'm sure that some folks will still not be convinced. I've been
satisfied with its performance. I will check further and see. You may in fact
be correct.

Best regards,
Marc

... "Military intelligence" is a contradiction in terms.(Groucho Marx)
--
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ The FidoNet News Gate (Huntsville, AL - USA) +
+ The views of this user are strictly his or her own. +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++

--
This email has been checked for viruses by Avast antivirus software.
www.avast.com

RE: Malwarebytes reports troj

<65B70F36.9867.sync@bbses.info>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=19594&group=alt.bbs.synchronet#19594

  copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx07.iad.POSTED!not-for-mail
From: mro...@BBSESINF.remove-826-this (MRO)
Subject: RE: Malwarebytes reports troj
Message-ID: <65B70F36.9867.sync@bbses.info>
X-Comment-To: Marc Lewis
Organization: bbses.info
Newsgroups: alt.bbs.synchronet
In-Reply-To: <0000.65b6ad13@net396.fidonet.org>
References: <0000.65b6ad13@net396.fidonet.org>
X-FTN-PID: Synchronet 3.19b-Win32 master/a2a9dc027 Jan 2 2022 MSC 1928
X-FTN-MSGID: 51129.sync@1:103/705 2a1d0e6c
X-FTN-REPLY: 51123.sync@1:103/705 2a1cbebd
X-FTN-CHRS: CP437 2
WhenImported: 20240128203638-0600 4168
WhenExported: 20240128204258-0600 4168
ExportedFrom: BBSESINF sync 9867
Content-Type: text/plain; charset=IBM437
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.20a-Linux NewsLink 1.114]
Lines: 19
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Mon, 29 Jan 2024 02:42:59 UTC
Date: Sun, 28 Jan 2024 20:36:38 -0600
X-Received-Bytes: 1636
 by: MRO - Mon, 29 Jan 2024 02:36 UTC

To: Marc Lewis
Re: RE: Malwarebytes reports troj
By: Marc Lewis to alt.bbs.synchronet on Tue Jan 23 2024 08:34 pm

>
> There are specific settings in Avast under settings - personal privacy to
> turn off sharing. I'm sure that some folks will still not be convinced.
> I've been satisfied with its performance. I will check further and see. You
> may in fact be correct.
>

if they did it once, they'll do it again.
I wouldn't trust it.

I just use the built in windows shit.
---
■ Synchronet ■ ::: BBSES.info - free BBS services :::
--- Synchronet 3.20a-Linux NewsLink 1.114
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

RE: Malwarebytes reports

<65BA7703.70285.sync@capcity2.synchro.net>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=19628&group=alt.bbs.synchronet#19628

  copy link   Newsgroups: alt.bbs.synchronet
Path: i2pn2.org!rocksolid2!news.neodome.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx15.iad.POSTED!not-for-mail
From: dumas.wa...@CAPCITY2.remove-m0y-this (Dumas Walker)
Subject: RE: Malwarebytes reports
Message-ID: <65BA7703.70285.sync@capcity2.synchro.net>
X-Comment-To: MRO
Organization: Capitol City Online
Newsgroups: alt.bbs.synchronet
In-Reply-To: <65B70F36.9867.sync@bbses.info>
References: <65B70F36.9867.sync@bbses.info>
X-FTN-PID: Synchronet 3.19c-Linux master/cb76b1463 Feb 20 2022 GCC 7.5.0
X-FTN-MSGID: 70285.sync@723:320/1 2a20bf90
X-FTN-REPLY: 51129.sync@1:103/705 2a1d0e6c
X-FTN-CHRS: ASCII 1
WhenImported: 20240131113619-0500 412c
WhenExported: 20240131173342-0500 412c
ExportedFrom: CAPCITY2 sync 70285
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit
X-Gateway: vert.synchro.net [Synchronet 3.20a-Linux NewsLink 1.114]
Lines: 23
X-Complaints-To: https://www.astraweb.com/aup
NNTP-Posting-Date: Wed, 31 Jan 2024 22:33:44 UTC
Date: Wed, 31 Jan 2024 11:31:00 -0500
X-Received-Bytes: 1768
 by: Dumas Walker - Wed, 31 Jan 2024 16:31 UTC

To: MRO
> >
> > There are specific settings in Avast under settings - personal privacy to
> > turn off sharing. I'm sure that some folks will still not be convinced.
> > I've been satisfied with its performance. I will check further and see. Yo
> > may in fact be correct.
> >

> if they did it once, they'll do it again.
> I wouldn't trust it.

> I just use the built in windows shit.

I was thinking it might have been AVG instead of Avast, but I often get
those mixed up so there is that.

* SLMR 2.1a * Computers make very fast, very efficient mistakes.

---
� Synchronet � CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
--- Synchronet 3.20a-Linux NewsLink 1.114
* Vertrauen - Riverside County, California - telnet://vert.synchro.net

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor