Malwarebytes reports Trojan every 4 hours

bitbeans / SimpleDnsCrypt

A simple management tool for dnscrypt-proxy

https://simplednscrypt.org

MIT License

2.29k stars 233 forks source link

Malwarebytes reports Trojan every 4 hours #574

Open Compunologist opened 1 week ago

Compunologist commented 1 week ago

Malwarebytes reports a Trojan with dnscrypt-proxy trying to reach two IP numbers. This seems to occur every 4 hours.

Trojan_Screenshot 2024-09-08 100108 Website blocked due to Trojan

Detection History_Screenshot 2024-09-07 232154 Detection occurs every 4 hours

Malwarebytes Website Blocked Report 2024-09-07 231828.txt ba26ca1a-6d5e-11ef-ab1f-dc4546c03275.json

Simple DNSCrypt v0.7.1 (x64) [dnscrypt-proxy 2.0.42] Malwarebytes v5.1.9.124 OS: Windows 11 Pro (Build 22631.4037) v23H2

jedisct1 commented 1 week ago

Why didn't you report this to Malwarebytes instead?

Compunologist commented 5 days ago

I created a support ticket at Malwarebytes and they responded that after having reviewed the IP's it was confirmed there were no active threats remaining and the block has been removed. These IP's are part of the public DNSCrypt resolvers list and apparently at some point the IP's may have contained malware prior to being used by DNSCrypt.