« previous next »
Pages: [1]   Go Down

Author Topic: botnet:blacklist warning  (Read 1871 times)

0 Members and 2 Guests are viewing this topic.

Offline whyruby

  • Newbie
  • *
  • Posts: 1
botnet:blacklist warning
« on: September 09, 2023, 10:47:00 PM »
So yesterday Avast Premium gave me this warning: We savely aborted the connection to tcp://140.82.121.5:443 as it is infected with botnet:blacklist.

No screenshot because I'm dumb and just immediately selected the option to get rid of the problem and now the program acts like everything is fine? If I remember correctly the process in question was something like (C:)/Modding/MO2/ModOrganizer.exe
I had MO2 open at that time.

Did a full free scan with HitmanPro which found nothing related to the issue (just pointed out HP Analytics as spyware) Am in the clear like can assume that Avast solved the problem or do I need to do anything else? Was it a real positive in the first place? I'm just feeling very paranoid about this.


« Last Edit: September 09, 2023, 10:49:46 PM by whyruby »
Logged

Offline lae

  • Newbie
  • *
  • Posts: 1
Re: botnet:blacklist warning
« Reply #1 on: September 10, 2023, 09:45:32 AM »
I don't know how ModOrganizer works, but I had the same for spotify. I have modded my spotify, and by taking a look at the dev console I saw that one plugin tried to pull something from Github and failed because the connection got cut.
Also, whois says the range 140.82.112.0 - 140.82.127.255 is all spotify, which would make sense, because the address avast gave out is indeed in that range.
I don't know why that would be identified as even remotely botnet related, but does ModOrganizer pull things from Github too?
Logged

Offline johntimothy.cherry

  • Newbie
  • *
  • Posts: 2
Re: botnet:blacklist warning
« Reply #2 on: November 04, 2023, 01:45:43 PM »
I too have received the same warning from Avast. I have a screengrab but don't know how to attach it to this forum. 
Threat name: Botnet:Blacklist
URL tcp://52.84.151.45:43
Process c:\program files (x86)\microsoftoffice\root\office16outlook.exe
Detected by Web Shield
Status Connection aborted

What is this and how to I stop it trying to connect?
Many thanks
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37532
  • Not a avast user
Re: botnet:blacklist warning
« Reply #3 on: November 04, 2023, 01:58:56 PM »
Quote from: johntimothy.cherry on November 04, 2023, 01:45:43 PM
I too have received the same warning from Avast. I have a screengrab but don't know how to attach it to this forum. 
Threat name: Botnet:Blacklist
URL tcp://52.84.151.45:43
Process c:\program files (x86)\microsoftoffice\root\office16outlook.exe
Detected by Web Shield
Status Connection aborted

What is this and how to I stop it trying to connect?
Many thanks
Activity related to DEIMOS - according to source Cluster25 - 3 days ago
This IPV4 is used as a CnC by DEIMOS. Deimos implant, initially reported in 2020, is a sophisticated form of malware under continuous development. It operates as a remote access tool and employs multiple layers of complex obfuscation and encryption techniques to evade detection. Its advanced defensive measures encompass convincing lure files and digitally signed installation executables, making analysis and identification challenging. Deimos serves for initial access, persistence, and C2 functions, making it a potent tool for various tasks requiring remote access.

https://www.virustotal.com/gui/url/e38fb2de5c2a5b913f1a735998244ac1ef49ba0cd95123431d2a92c8efb6cbeb/detection


Logged
Pages: [1]   Go Up
« previous next »