A couple of weeks ago, one of my users reported that his Malwarebytes was warning him of a potential Trojan when he tried to connect here via telnet. At the time, I assumed it was because I have iptables set up to redirect the port from 23 to the "non root" port that Syncrhonet is listening on.

However, I have since had a fellow sysop who connects here to exchange mail report the same thing. Because the bink port that binkit listens on is not a "needs root" port, I don't have that one redirected by iptables. He also tried it via telnet and sent me the error message. I cannot see what Trojan it thinks is on this end -- I don't think the message says.

I have asked him to resend the message as text so I can share it. Malwarebytes was actually blocking our systems from exchanging mail.

I did scan with ClamAV and all it reports are some "potentially unwanted applications" -- some DOS programs in my download directories that are apparently compressed with PKlite.

As I only have linux machines, I don't have any experience with Malwarebytes. Has anyone else run into this -- is it a case of Malwarebytes just not liking BBSes or something else?

Thanks!
#

---
þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Re: Malwarebytes reports trojan
By: Dumas Walker to All on Sat Jan 20 2024 10:41 am

As I only have linux machines, I don't have any experience with Malwarebytes. Has anyone else run into this -- is it a case of Malwarebytes just not liking BBSes or something else?

it sounds like he's using the trial version or the paid version where you have more features. honestly it's just overkill unless you really ARE infected and you want to try to clean out your system.

i would install it to try on your system bu it's become so convoluted i wont want it on my systems.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

As I only have linux machines, I don't have any experience with Malwarebytes. Has anyone else run into this -- is it a case of Malwarebytes
just not liking BBSes or something else?

it sounds like he's using the trial version or the paid version where you have
ore features. honestly it's just overkill unless you really ARE infected and u want to try to clean out your system.

I think it is the paid version.

i would install it to try on your system bu it's become so convoluted i wont w
t it on my systems.

Isn't Malwarebytes a windows program?


* SLMR 2.1a * Tinnn Rooooooooof! --Rusted!

---
þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

As I only have linux machines, I don't have any experience with
Malwarebytes. Has anyone else run into this -- is it a case of Malwarebytes just not liking BBSes or something else?

FYI, here is the message one of them is getting when trying to surf over
via the web (line wraped).

Location: https://block.malwarebytes.com?lic=Licensed&cat=Trojan&lang=en&prod=MBAM-C&ver=4
.6.7.301&cpv=1.0.2222&upv=1.0.79814&ldr=290&ip=67.131.57.133&url=capitolcityonli
ne.net
Connection: close

Website blocked due to a Trojan

Your Malwarebytes Premium blocked this website because it may contain a Trojan.


The main thing I am concerned about is that any Windows sysop who runs Malwarebytes Premium probably thinks that their connections have "gone
down" when in reality Malwarebytes is rerouting the outbound traffic to a "127." address, and blocking the inbound traffic, to their hub or node.


* SLMR 2.1a * AAAAA - American Association Against Acronym Abuse

---
þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Re: Malwarebytes reports troj
By: Dumas Walker to MRO on Sun Jan 21 2024 09:49 am

i would install it to try on your system bu it's become so convoluted i wont w
t it on my systems.

Isn't Malwarebytes a windows program?

yeah it is. it used to be good back in the day. i installed it in the middle of last year and it was just to convoluted and annoying to run.

i supposed if you download a lot of viruses it would be useful.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

Re: Malwarebytes reports troj
By: Dumas Walker to ALL on Sun Jan 21 2024 09:54 am

https://block.malwarebytes.com?lic=Licensed&cat=Trojan&lang=en&prod=M BAM-C&ver=4 .6.7.301&cpv=1.0.2222&upv=1.0.79814&ldr=290&ip=67.131.57.133&url =capitolcityonl i
ne.net
Connection: close

it's also possible that your ip got blacklisted by malwarebytes.
you could have got scanned by one of those shitty port scanners and you got put on a list for being compromised and malwarebytes used the list.

you can contact malwarebytes and try to get it removed.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

it's also possible that your ip got blacklisted by malwarebytes.
you could have got scanned by one of those shitty port scanners and you got put
on a list for being compromised and malwarebytes used the list.

That is what I also suspect.


* SLMR 2.1a * Halloween is *not* Christmas, even though 31 oct = 25 dec

---
þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

From Newsgroup: alt.bbs.synchronet

+ User FidoNet address: 1:396/45
Hello All.

<On 20Jan2024 22:49 Dumas Walker wrote a message to All regarding Malwarebytes reports troj >

To: MRO

As I only have linux machines, I don't have any experience with Malwarebytes. Has anyone else run into this -- is it a case of Malwarebytes just not liking BBSes or something else?

it sounds like he's using the trial version or the paid version
where you have ore features. honestly it's just overkill unless you
really ARE infected and u want to try to clean out your system.

I think it is the paid version.

i would install it to try on your system bu it's become so convoluted
i wont w t it on my systems.

Isn't Malwarebytes a windows program?

Another useful one I've been using that's really easy on resources and easy to configure is Avast, both the freeware version as well as the professional version. Very little interference with all Windows programs. I am not sure if it is available on other OSes... Not sure. https://www.avast.com

Best regards,
Marc
--
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ The FidoNet News Gate (Huntsville, AL - USA) +
+ The views of this user are strictly his or her own. + +++++++++++++++++++++++++++++++++++++++++++++++++++++++
--
This email has been checked for viruses by Avast antivirus software. www.avast.com
--- Synchronet 3.20a-Linux NewsLink 1.114
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

Re: Malwarebytes reports troj
By: Dumas Walker to MRO on Mon Jan 22 2024 09:28 am

it's also possible that your ip got blacklisted by malwarebytes.
you could have got scanned by one of those shitty port scanners and you got put
on a list for being compromised and malwarebytes used the list.

That is what I also suspect.

the reason why that popped in my head is stuff like this happened to me more than a few times over the years, especially when i was running my servers off a residential ip address.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

Re: Malwarebytes reports troj
By: Marc Lewis to alt.bbs.synchronet on Mon Jan 22 2024 03:34 pm

Another useful one I've been using that's really easy on resources and easy to configure is Avast, both the freeware version as well as the professional version. Very little interference with all Windows programs. I am not sure if it is available on other OSes... Not sure. https://www.avast.com

Best regards,

wasnt avast caught selling our information?
i just use the ms security essentials.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

Isn't Malwarebytes a windows program?

Another useful one I've been using that's really easy on resources and easy to
configure is Avast, both the freeware version as well as the professional version. Very little interference with all Windows programs. I am not sure if
it is available on other OSes... Not sure. https://www.avast.com

Thanks, I used to use that one when I had a windows machine and it did seem
to work and play better than others.

I was curious if maybe malwarebytes doesn't like bbses but it sounded like
it was only my board that was tripping the alert which makes me think mro
might be right about the port scanners/blacklists. I have been getting hit
a lot lately with script bots that tie up / lock up the telnet service, and
a few that have hit me both there and the web interface at the same time.

I scanned the system with ClamAV. It did find a bunch of PUAs -- DOS
programs for download that are compressed with PKlite or were compiled
using watcomm (not sure why that is an issue) -- but it did not find any trojans or viruses.


* SLMR 2.1a * In Stereo where available. .elbaliava erehw oeretS nI

---
þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Re: Malwarebytes reports troj
By: Dumas Walker to MARC LEWIS on Wed Jan 24 2024 09:45 am

I was curious if maybe malwarebytes doesn't like bbses but it sounded like it was only my board that was tripping the alert which makes me think mro might be right about the port scanners/blacklists. I have been getting hit a lot lately with script bots that tie up / lock up the telnet service, and

I don't even think it's about you running a bbs.
your domain is just blacklisted.

https://i.imgur.com/dsSaM8M.png

*.synchro.net websites work.
my site works.

I installed a vm and installed malwarebytes. It has changed a lot. stupid splash screens when installing, takes a while. looks like bloatware.
whoever runs this shit is a moron.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

Re: Malwarebytes reports troj
By: MRO to Dumas Walker on Wed Jan 24 2024 06:53 pm

Re: Malwarebytes reports troj
By: Dumas Walker to MARC LEWIS on Wed Jan 24 2024 09:45 am

I was curious if maybe malwarebytes doesn't like bbses but it sounded like it was only my board that was tripping the alert which makes me think mro might be right about the port scanners/blacklists. I have been getting hit a lot lately with script bots that tie up / lock up the telnet service, and

I don't even think it's about you running a bbs.
your domain is just blacklisted.

https://i.imgur.com/dsSaM8M.png

*.synchro.net websites work.
my site works.

I installed a vm and installed malwarebytes. It has changed a lot. stupid splash screens when installing, takes a while. looks like bloatware. whoever runs this shit is a moron.

damn dude malwarebytes really hates your ass.
when trying to telnet to it, it blocks and does a popup.

you should contact them and give them your ip to get unblacklisted.

https://i.imgur.com/F0UPzKn.png
even rlogin
https://i.imgur.com/jAM7Xbg.png
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

I don't even think it's about you running a bbs.
your domain is just blacklisted.

https://i.imgur.com/dsSaM8M.png

*.synchro.net websites work.
my site works.

When you say *.synchro.net sites, I assume you mean "other than mine." :D

I installed a vm and installed malwarebytes. It has changed a lot. stupid spl
h screens when installing, takes a while. looks like bloatware.
whoever runs this shit is a moron.

But a very popular moron, unfortunately.


* SLMR 2.1a * Speed doesn't kill. Stopping very fast kills.

---
þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP

Re: Malwarebytes reports troj
By: Dumas Walker to MRO on Thu Jan 25 2024 09:59 am

I don't even think it's about you running a bbs.
your domain is just blacklisted.

https://i.imgur.com/dsSaM8M.png

*.synchro.net websites work.
my site works.

When you say *.synchro.net sites, I assume you mean "other than mine." :D

yep

h screens when installing, takes a while. looks like bloatware.
whoever runs this shit is a moron.

But a very popular moron, unfortunately.

the guy who can't access your site is a moron?
i mean whoever would want to run malwarebytes in this form is a moron.
it's not a simple utility anymore. it takes over everything.
---
þ Synchronet þ ::: BBSES.info - free BBS services :::