Search the Community
Showing results for tags 'trojan'.
Found 2 results
-
Hi, I've been using AirVPN in more than a year and for the first time I have received a Trojan warning concerning one of the servers! I have attached the log files from both MalwareBytes 3.6.1 and Eddie 2.16.3. Looking in Eddies log file I noticed the following: ... (An update was made shortly before the Trojan report from MalwareBytes) ... . 2019.02.02 15:09:34 - Updating systems & servers data ... . 2019.02.02 15:09:36 - Systems & servers data update completed . 2019.02.02 15:19:39 - Updating systems & servers data ... . 2019.02.02 15:19:41 - Systems & servers data update completed . 2019.02.02 15:29:45 - Updating systems & servers data ... . 2019.02.02 15:29:46 - Systems & servers data update completed . 2019.02.02 15:39:50 - Updating systems & servers data ... . 2019.02.02 15:39:51 - Systems & servers data update completed . 2019.02.02 15:49:55 - Updating systems & servers data ... . 2019.02.02 15:49:56 - Systems & servers data update completed ... (Here a bug was detected by OpenVPN?) ... . 2019.02.02 15:53:25 - Detected an OpenVPN bug (On-Link route on VPN range), autofix. ... (Here Eddie connect to the server blocked by MalwareBytes) ... . 2019.02.02 15:53:34 - Routes, added a new route, 62.102.148.185 for gateway 10.8.110.1 . 2019.02.02 15:53:34 - Routes, added a new route, 2a00:1520:27:1:af00:6910:ebff:7f35 for gateway fde6:7a:7d20:46e::1 . 2019.02.02 15:53:34 - Flushing DNS I 2019.02.02 15:53:38 - Checking route IPv4 . 2019.02.02 15:53:41 - curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number . 2019.02.02 15:53:41 - Checking route (2° try) . 2019.02.02 15:53:42 - curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number . 2019.02.02 15:53:42 - Checking route (3° try) . 2019.02.02 15:53:44 - curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number E 2019.02.02 15:53:44 - Checking route IPv4 failed. . 2019.02.02 15:53:44 - OpenVPN > Initialization Sequence Completed ! 2019.02.02 15:53:44 - Disconnecting . 2019.02.02 15:53:44 - Routes, removed a route previously added, 62.102.148.185 for gateway 10.8.110.1 . 2019.02.02 15:53:45 - Routes, removed a route previously added, 2a00:1520:27:1:af00:6910:ebff:7f35 for gateway fde6:7a:7d20:46e::1 . 2019.02.02 15:53:45 - Sending management termination signal . 2019.02.02 15:53:45 - Management - Send 'signal SIGTERM' . 2019.02.02 15:53:45 - OpenVPN > MANAGEMENT: CMD 'c0a8a239e7bc043f7f1860c4adfc74a0d8764c91decaaea28972e67b0daa01b2' . 2019.02.02 15:53:54 - Sending management termination signal . 2019.02.02 15:53:54 - Management - Send 'signal SIGTERM' . 2019.02.02 15:53:54 - OpenVPN > MANAGEMENT: CMD 'signal SIGTERM' . 2019.02.02 15:53:54 - OpenVPN > SIGTERM received, sending exit notification to peer . 2019.02.02 15:53:59 - OpenVPN > C:\Windows\system32\route.exe DELETE 62.102.148.204 MASK 255.255.255.255 192.168.200.1 . 2019.02.02 15:53:59 - OpenVPN > Route deletion via IPAPI succeeded [adaptive] . 2019.02.02 15:53:59 - OpenVPN > C:\Windows\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.8.110.1 . 2019.02.02 15:53:59 - OpenVPN > Route deletion via IPAPI succeeded [adaptive] . 2019.02.02 15:53:59 - OpenVPN > C:\Windows\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.8.110.1 . 2019.02.02 15:53:59 - OpenVPN > Route deletion via IPAPI succeeded [adaptive] . 2019.02.02 15:53:59 - OpenVPN > delete_route_ipv6(::/3) . 2019.02.02 15:53:59 - OpenVPN > C:\Windows\system32\netsh.exe interface ipv6 delete route ::/3 interface=9 fe80::8 store=active . 2019.02.02 15:53:59 - OpenVPN > env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem . 2019.02.02 15:53:59 - OpenVPN > delete_route_ipv6(2000::/4) . 2019.02.02 15:53:59 - OpenVPN > C:\Windows\system32\netsh.exe interface ipv6 delete route 2000::/4 interface=9 fe80::8 store=active . 2019.02.02 15:53:59 - OpenVPN > env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem . 2019.02.02 15:53:59 - OpenVPN > delete_route_ipv6(3000::/4) . 2019.02.02 15:53:59 - OpenVPN > C:\Windows\system32\netsh.exe interface ipv6 delete route 3000::/4 interface=9 fe80::8 store=active . 2019.02.02 15:53:59 - OpenVPN > env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem . 2019.02.02 15:54:00 - OpenVPN > delete_route_ipv6(fc00::/7) . 2019.02.02 15:54:00 - OpenVPN > C:\Windows\system32\netsh.exe interface ipv6 delete route fc00::/7 interface=9 fe80::8 store=active . 2019.02.02 15:54:00 - OpenVPN > env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem . 2019.02.02 15:54:00 - OpenVPN > Closing TUN/TAP interface . 2019.02.02 15:54:00 - OpenVPN > delete_route_ipv6(fde6:7a:7d20:46e::/64) . 2019.02.02 15:54:00 - OpenVPN > C:\Windows\system32\netsh.exe interface ipv6 delete route fde6:7a:7d20:46e::/64 interface=9 fe80::8 store=active . 2019.02.02 15:54:00 - OpenVPN > NETSH: C:\Windows\system32\netsh.exe interface ipv6 delete address Ethernet 2 fde6:7a:7d20:46e::1079 store=active . 2019.02.02 15:54:01 - OpenVPN > NETSH: C:\Windows\system32\netsh.exe interface ipv6 delete dns Ethernet 2 all . 2019.02.02 15:54:01 - OpenVPN > TAP: DHCP address released . 2019.02.02 15:54:01 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exiting . 2019.02.02 15:54:01 - Connection terminated. ... (From then on connections was made to other servers) NB: I have during the latest months noticed more and more servers getting blocked at domains like "duckduckgo.com", "wordpress.org" and some other miner websites which I don't recall. I don't know if this somehow could be related? Eddie_20190202_155647.txt malwarebytes.txt Eddie_20190202_155647.txt malwarebytes.txt
-
Malwarebytes gives me a warning and blocks 109.202.103.170 over and over when using airvpn client 2.16.3