Solved Warband.exe contains a Trojan?

Currently viewing this thread:

DovahkiinNA

Recruit
Best answers
0
Recently, Malwarebytes has been picking up a possible Trojan in my installation of Native Warband. Is anyone else having this issue? For context, I was using the NeoGK mod for native, but before installing it I copied my original native folder as a backup, to my desktop. I have never in 10 years of this game had a problem with possible malware existing or being detected, so the copy I made to the desktop was malware free as far as I knew. After a few weeks however, I wanted a fresh installation of Native, so I deleted the modded NeoGK Native and moved my original Native(unmodded) copy back into the Modules folder and on my next startup, Malwarebytes detected a possible Trojan.


That screenshot provides the details for it. Even after uninstalling Warband and reinstalling, Malwarebytes still picks up the same Trojan, that's making an outbound connection, to 185.107.96.157. After using whatismyipaddress.com and its search function, I'm lead to a location in Germany. Is anyone else having this same problem? Does anyone know why the Warband .exe wants to make an outbound connection to some place that it shouldn't? This problem only started yesterday, on 9/25/2020.

*Edit: Other people have had this problem, seeming to have the same experience as me. Also I forgot to mention that, Malwarebytes only detectes the Trojan when I'm loading the list of Multiplayer servers.
 
Last edited:

Alene

The Queen of Diamonds
Archduke
M&BWBWF&SNWVC
Best answers
0
185.107.96.157 seems to be connected to a Persistent Kingdoms mod. 7242 is the port Warband uses for MP connections.

All in all, the malware detection looks like a false positive to me.
 

RubbingMyAxe

Veteran
M&BWBWF&SNWVC
Best answers
0
I have received the same message twice from MalwareBytes in the past couple of weeks, in Native with NeoGK and Bear Force II. As you said, it happened on the server list.

I remember because after closing the messages I got a BSOD, which has not happened before for me on Windows 10. I turned off MalwareBytes after the second BSOD.
 

DovahkiinNA

Recruit
Best answers
0
I have received the same message twice from MalwareBytes in the past couple of weeks, in Native with NeoGK and Bear Force II. As you said, it happened on the server list.

I remember because after closing the messages I got a BSOD, which has not happened before for me on Windows 10. I turned off MalwareBytes after the second BSOD.
Hi Rubbing. I also got the BSOD after the malwarebytes message popped up that it blocked the ip. I've no idea why that would happen, or why malwarebytes blocked that ip in my original post. However after adding the ip to the exclusions list the BSOD stopped and I was able to play normally.