Jump to content

Private Internet Access


Recommended Posts

Hello, I am using a paid vpn. Everytime i use the program MBAM pops up, with a malicious website blocked, it continues as long as i use the program.

For example

Detection, 15/04/2014 20:29:38, SYSTEM, MICHAEL-TOSH, Protection, Malicious Website Protection, IP, 93.115.82.54, 55875, Outbound, C:\Users\zzzzzzzzzzzzz\AppData\Local\Temp\ocrC492.tmp\bin\rubyw.exe,
 IP, 93.115.82.54, 55875, ,

IP, 37.221.165.196, 55898,
 IP, 93.115.85.34, 56001,
 IP, 93.115.85.39, 56649,
 IP, 93.115.85.39, 56666,
 IP, 93.115.85.39, 56693,
 IP, 93.115.85.39, 56714,
 IP, 93.115.85.39, 56735,
 IP, 93.115.85.39, 56753,

IP, 93.115.85.39, 56776,
 IP, 93.115.85.39, 56803,
 IP, 37.221.165.196, 56880,

This is a couple of minutes worth.Obviously I cannot keep adding them to exclusions

Now, i reported a bug yesterday, https://forums.malwarebytes.org/index.php?showtopic=146586  My question is, are these detections specifically realted to version 2, because I did not have them prior to yesterday, when i upgraded to version 2

I will revert to 1.75 tomorrow and block updates.

Is this a mistake , thank you


(end)

Link to post
Share on other sites

I could be way off here, but this is what appears to be happening...

 

Seems that this is common with the use of Private Internet Access as mentioned HERE on their forums, and the file and seems to be related to the file rubyw.exe.  Now if you ask me, I would say that Malwarebytes is doing its job blocking connections to sites that are know to contain malware.

 

You seem to have two choices here, one is that you can just continue to just allow Malwarebytes to block the sites as in the forum I point you to above, clearly states its not all their (Private Internet Access) servers they are connecting to and they have no control of that claiming its a rDNS lookup as mentioned by alexb on their site.

 

Second choice is not really recommended by me, is to add rubyw.exe to your exclusions list, but that may be hard to as everytime you run their vpn software its going to extract a new copy of the file and probably in a different temp folder location so your first exclusion will probably stop working as the file now resides in a different location.  If you notice in your post above your file location is C:\Users\zzzzzzzzzzzzz\AppData\Local\Temp\ocrC492.tmp\bin\rubyw.exe, which is a temp folder....

Link to post
Share on other sites

I could be way off here

No, I think you are on the ball.

Like you say, it's no use using an exclusion, as the location rubyw.exe changes everytime. I have read the explanation from the PIA forum, and it's a little too techy for me to understand. My solution was to turn off MBAM notifications. However I ve noticed some times my vpn connection is lost, and it could be MBAM that has caused this. I think all i can do, is disable website blocking, when using the vpn.Which is a shame.

Perhaps when my subscription runs out for PIA ( not for 10 months ) I will look for another vpn

Many thanks

Link to post
Share on other sites

I use PIA as well and this is extreemly annoying, enough that I stopped using MBAM Website protection. Adding a rubyw.exe exemption might work, but don't you have to add the exemption with the full folder path, not just a generic EXE name? I'd assume that temp file folder path will change periodically.

Link to post
Share on other sites

I use PIA as well and this is extreemly annoying, enough that I stopped using MBAM Website protection. Adding a rubyw.exe exemption might work, but don't you have to add the exemption with the full folder path, not just a generic EXE name? I'd assume that temp file folder path will change periodically.

Yes that is not going to work as we already mentioned above, the file path will change every time you use the software....
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.