SimpleDnsCrypt icon indicating copy to clipboard operation
SimpleDnsCrypt copied to clipboard
verified publisher icon bitbeans

Malwarebytes reports Trojan every 4 hours

Open Compunologist opened this issue 1 year ago • 2 comments

Malwarebytes reports a Trojan with dnscrypt-proxy trying to reach two IP numbers. This seems to occur every 4 hours.

Trojan_Screenshot 2024-09-08 100108 Website blocked due to Trojan

Detection History_Screenshot 2024-09-07 232154 Detection occurs every 4 hours

Malwarebytes Website Blocked Report 2024-09-07 231828.txt ba26ca1a-6d5e-11ef-ab1f-dc4546c03275.json

Simple DNSCrypt v0.7.1 (x64) [dnscrypt-proxy 2.0.42] Malwarebytes v5.1.9.124 OS: Windows 11 Pro (Build 22631.4037) v23H2

Compunologist avatar Sep 08 '24 08:09 Compunologist

Why didn't you report this to Malwarebytes instead?

jedisct1 avatar Sep 08 '24 21:09 jedisct1

I created a support ticket at Malwarebytes and they responded that after having reviewed the IP's it was confirmed there were no active threats remaining and the block has been removed. These IP's are part of the public DNSCrypt resolvers list and apparently at some point the IP's may have contained malware prior to being used by DNSCrypt.

Compunologist avatar Sep 13 '24 13:09 Compunologist