Renegade Public Forums
C&C: Renegade --> Dying since 2003™, resurrected in 2024!
Home » Archived Forums » RenGuard Client » RG Connects to Malicious IP
RG Connects to Malicious IP [message #401322] Wed, 02 September 2009 14:21 Go to next message
twig123 is currently offline  twig123
Messages: 18
Registered: July 2006
Karma: 0
Recruit
Guys,

I have Malwarebytes anti-malware software installed on my system...
Every time I start RG I get a warning that access to a malicious IP has been blocked (IP: 213.131.252.251).

index.php?t=getfile&id=11696&private=0

What is this IP and why does RG keep trying to communicate with it?

~Dave

Report message to a moderator

Re: RG Connects to Malicious IP [message #401327 is a reply to message #401322] Wed, 02 September 2009 17:12 Go to previous messageGo to next message
dr3w2 is currently offline  dr3w2
Messages: 485
Registered: September 2006
Location: Ottawa,Canada
Karma: 0
Commander
http://www.ip-adress.com/whois/213.131.252.251

Thats definitely not a crimson renguard server. I'd find out what other applications you have running tbh

n00bstories Server Administrator

Report message to a moderator

Re: RG Connects to Malicious IP [message #401328 is a reply to message #401322] Wed, 02 September 2009 17:14 Go to previous messageGo to next message
dr3w2 is currently offline  dr3w2
Messages: 485
Registered: September 2006
Location: Ottawa,Canada
Karma: 0
Commander
http://www.malwaredomainlist.com/mdl.php?inactive=&sort=Date&search=& ;colsearch=All&ascordesc=ASC&quantity=100&page=98

^^ do a ctrl-f on that IP.

You got infected yo

n00bstories Server Administrator

Report message to a moderator

Re: RG Connects to Malicious IP [message #401390 is a reply to message #401328] Thu, 03 September 2009 07:49 Go to previous messageGo to next message
twig123 is currently offline  twig123
Messages: 18
Registered: July 2006
Karma: 0
Recruit
Guys, my system is clean...

This is sourcing from game.exe (RG) trying to communicate with this IP.

Report message to a moderator

Re: RG Connects to Malicious IP [message #401400 is a reply to message #401322] Thu, 03 September 2009 09:30 Go to previous messageGo to next message
CarrierII is currently offline  CarrierII
Messages: 3804
Registered: February 2006
Location: England
Karma: 0
General (3 Stars)
Yeah, then the Malware is simply in that EXE, along with several other EXEs on your system.

You should scan your entire system with your installed antivirus, as well as Windows Defender. If you do not have an antivirus installed, AVG antivirus has a free edition.

Renguard is a wonderful initiative
Toggle Spoiler

[Updated on: Thu, 03 September 2009 09:30]

Report message to a moderator

Re: RG Connects to Malicious IP [message #401417 is a reply to message #401400] Thu, 03 September 2009 12:37 Go to previous messageGo to next message
twig123 is currently offline  twig123
Messages: 18
Registered: July 2006
Karma: 0
Recruit
I don't know how to make this more clear...
"my system is clean"

[Updated on: Thu, 03 September 2009 12:41]

Report message to a moderator

Re: RG Connects to Malicious IP [message #401437 is a reply to message #401322] Thu, 03 September 2009 14:10 Go to previous messageGo to next message
CarrierII is currently offline  CarrierII
Messages: 3804
Registered: February 2006
Location: England
Karma: 0
General (3 Stars)
Ok, we'll make this clear:

"We don't think that is the case." Please post SS of scan results to prove your point.

Renguard is a wonderful initiative
Toggle Spoiler

Report message to a moderator

Re: RG Connects to Malicious IP [message #401458 is a reply to message #401437] Thu, 03 September 2009 17:53 Go to previous messageGo to next message
twig123 is currently offline  twig123
Messages: 18
Registered: July 2006
Karma: 0
Recruit
index.php?t=getfile&id=11706&private=0

Haha! BHS pwnd...
RenGuard_Setup_1.0323.exe - 2/41 Detections
https://www.virustotal.com/analisis/a1443e1ca1647f9be21ae62f0547a48238101ca73617 ad86f6806c9a2ed2ad17-1252025106
and
game.exe - 3/41 Detections
https://www.virustotal.com/analisis/bb9ac3edb3977d7a74b33fbc232fdbd5d5f09c59f809 9a3d7bc77bb530e9f739-1252024999

(Check the MD5 Hashes, this was downloaded fresh and directly sent to VirusTotal)

Report message to a moderator

Re: RG Connects to Malicious IP [message #401493 is a reply to message #401322] Fri, 04 September 2009 02:57 Go to previous messageGo to next message
Goztow is currently offline  Goztow
Messages: 9716
Registered: March 2005
Location: Belgium
Karma: 12
General (5 Stars)
Goztoe
Renguard uses some protection measures to protect itself from reverse engineering that some viruses also use.

You can find me in The KOSs2 (TK2) discord while I'm playing. Feel free to come and say hi! TK2 discord

Report message to a moderator

Re: RG Connects to Malicious IP [message #401501 is a reply to message #401493] Fri, 04 September 2009 04:54 Go to previous messageGo to next message
CarrierII is currently offline  CarrierII
Messages: 3804
Registered: February 2006
Location: England
Karma: 0
General (3 Stars)
Goztow wrote on Fri, 04 September 2009 10:57

Renguard uses some protection measures to protect itself from reverse engineering that some viruses also use.


I'll bet this is a repeat of the issue with Norton. Some virus used SVKP.sys to runtime-pack itself, and the virus connected to that IP, so MalwareBytes just assumes anything with SVKP is that virus, and blocks the connection "attempt" (As RG will NOT connect to that IP).

Ok - just add game.exe to your safe list.

Renguard is a wonderful initiative
Toggle Spoiler

Report message to a moderator

Re: RG Connects to Malicious IP [message #401747 is a reply to message #401322] Sat, 05 September 2009 15:42 Go to previous messageGo to next message
_SSnipe_ is currently offline  _SSnipe_
Messages: 4121
Registered: May 2007
Location: Riverside Southern Califo...
Karma: 0
General (4 Stars)
I have like 6 anti virus and some pick something up the others dont, so you still could be

Report message to a moderator

Re: RG Connects to Malicious IP [message #401933 is a reply to message #401747] Mon, 07 September 2009 02:46 Go to previous messageGo to next message
raven
Messages: 595
Registered: January 2007
Location: Toronto, Ontario
Karma: 0
Colonel
SSnipe wrote on Sat, 05 September 2009 17:42

I have like 6 anti virus


That's a bad idea.

-Jelly Administrator
-Exodus Administrator

Report message to a moderator

Re: RG Connects to Malicious IP [message #401934 is a reply to message #401322] Mon, 07 September 2009 02:54 Go to previous messageGo to next message
CarrierII is currently offline  CarrierII
Messages: 3804
Registered: February 2006
Location: England
Karma: 0
General (3 Stars)
All of those are "Heuristic" (guess-work) or "Suspect" (looks like) results. I'll tell you why: some git made a virus that used SVKP(.sys) to protect itself, and some (very) lazy anti-virus makers added anything using SVKP(.sys) to the blacklist.

The file is safe.

Renguard is a wonderful initiative
Toggle Spoiler

[Updated on: Mon, 07 September 2009 02:54]

Report message to a moderator

Re: RG Connects to Malicious IP [message #402127 is a reply to message #401934] Tue, 08 September 2009 14:12 Go to previous message
twig123 is currently offline  twig123
Messages: 18
Registered: July 2006
Karma: 0
Recruit
trying to get another SS for you guys...

[Updated on: Tue, 08 September 2009 14:15]

Report message to a moderator

Previous Topic: Renguard refuses to load
Next Topic: renegade connect problem's
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Sat Apr 20 06:20:57 MST 2024

Total time taken to generate the page: 0.01296 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 420.69.
Copyright ©2001-2023 FUDforum Bulletin Board Software