Skip to content
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Donate
Collapse

Plutonium

  1. Home
  2. Launcher Support
  3. Can Someone explain me this ?

Can Someone explain me this ?

Scheduled Pinned Locked Moved Launcher Support
12 Posts 5 Posters 422 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • PepeRitrosoundefined Offline
    PepeRitrosoundefined Offline
    PepeRitroso
    wrote on last edited by PepeRitroso
    #1

    https://imgur.com/a/OMSpxQk
    i need to be worried ?
    there is a lot of malicious activity here!

    1 Reply Last reply
    0
    • mxveundefined Offline
      mxveundefined Offline
      mxve VIP
      wrote on last edited by
      #2

      Now explain whats malicious about this.

      1 Reply Last reply
      0
      • PepeRitrosoundefined Offline
        PepeRitrosoundefined Offline
        PepeRitroso
        wrote on last edited by
        #3

        Cattura.PNG Cattura2.PNG Cattura3.PNG
        and i am only taking those three as an example but there is a lot more

        Dss0undefined 1 Reply Last reply
        0
        • Dss0undefined Offline
          Dss0undefined Offline
          Dss0 Plutonium Staff
          replied to PepeRitroso on last edited by Dss0
          #4

          PepeRitroso which software is that? i find it highly unlikely that the updater contacts "xred . mooo . com", whatever that is supposed to be. Most of those detections are generic ("suspicious", "bad reputation") so they are meaningless, you'll get that on unsigned applications.

          1 Reply Last reply
          1
          • PepeRitrosoundefined Offline
            PepeRitrosoundefined Offline
            PepeRitroso
            wrote on last edited by
            #5

            i am using virus total in graph mode

            Resxtundefined 1 Reply Last reply
            0
            • Resxtundefined Offline
              Resxtundefined Offline
              Resxt Plutonium Staff
              replied to PepeRitroso on last edited by Resxt
              #6

              PepeRitroso and do you know how the graph mode works and what data it shows? Doesn't look like it
              Plutonium is safe otherwise it wouldn't have lasted for 5 years, hosted tournaments with big youtubers, have so much players (3 million accounts on the forum) and so on.

              This is either a false positive or in the case of what you're showing, unrelated.
              I could find the same data about the official Minecraft launcher or Epic Games launcher.
              Here is an example with the official and latest Steam installer executable file
              2a600391-29e8-4f62-85cb-28ced58af814-image.png

              As you can see it looks like a virus but it's not.
              Made very simple it just means that some virus are bundling the official Steam exe in their virus and so that Steam is ""related"" to those virus. But obviously Steam is not doing anything actively on their side.

              Cybersecurity is way more complex than just seeing numbers and red colors and deducing stuff.
              Those data/information are here for those who can read it

              If after reading what I said you go in the "Relations" tab on VT and hover your mouse on the little information icon you will see that it explains what I just said
              d61f36fa-db77-4ec6-a25d-dbf9680679e9-image.png
              c03f4cd5-686c-4b62-811c-7a8c509078f8-image.png

              I hope this is clearer for you now 🙂

              PepeRitrosoundefined 1 Reply Last reply
              1
              • PepeRitrosoundefined Offline
                PepeRitrosoundefined Offline
                PepeRitroso
                replied to Resxt on last edited by
                #7

                Resxt thanks for the quick answer!

                On virustotal it is explicit that there are calls to ip addresses with which files are transferred (exe, apk, zip, etc)
                Among these files are

                1. multiple copies of a TJprojMain.exe
                2. multiple files with Windows system file names which, however, have internally calls to unknown ip addresses or untrustworthy ddns

                can you please explain me also this ?

                Resxtundefined 1 Reply Last reply
                0
                • Resxtundefined Offline
                  Resxtundefined Offline
                  Resxt Plutonium Staff
                  replied to PepeRitroso on last edited by
                  #8

                  PepeRitroso it's the same thing again, you're looking at what "fake" exes are doing and treating it as if it was Plutonium.
                  Relations means that there other files from random people that use plutonium.exe, doesn't mean plutonium.exe has anything to do with it.

                  Again, scan the Steam installer and you will find similar results because Steam is bundled with malwares by some people but the Steam installer itself has nothing to do with it, it was just re-used by other people in other app.

                  These are the domains contacted by plutonium.exe itself
                  e9ce0858-ae8e-41dd-9311-1a8403176156-image.png

                  1 Reply Last reply
                  1
                  • PepeRitrosoundefined Offline
                    PepeRitrosoundefined Offline
                    PepeRitroso
                    wrote on last edited by
                    #9

                    hi! thank you in advance for your time!
                    i know but if you scrolled down more you can see this
                    26564e50-737e-47bc-ad8c-532cc6f3e70d-image.png
                    one of those ip adresses is found in a list wrote in an article here
                    https://medium.com/walmartglobaltech/state-of-the-rat-part-1-cfec6c967e2f

                    and towards that ip malware was found by virustotal including the malware "TJprojMain"

                    Thanks to your analysis and to the people who are helping me digging this out it certainly seems less tragic to me 😁
                    however at the same time it seems clear to me that there are strange relationships between plutonium and certain ip addresses explicit within plutonium itself.

                    5b12870a-d812-4681-ae6e-978a5ffbbad8-image.png
                    hope you can clear my mind about this
                    thanks as always for the detailed and polite answer to my question and doubts!

                    1 Reply Last reply
                    0
                    • PepeRitrosoundefined Offline
                      PepeRitrosoundefined Offline
                      PepeRitroso
                      wrote on last edited by
                      #10

                      can someone explain me this ?

                      Resxtundefined Xerxesundefined 2 Replies Last reply
                      0
                      • Resxtundefined Offline
                        Resxtundefined Offline
                        Resxt Plutonium Staff
                        replied to PepeRitroso on last edited by
                        #11

                        PepeRitroso I'm not wasting my time saying the same thing over and over
                        You're trying to analyze data that you don't understand and keep saying the same thing over and over

                        If you think Plutonium is unsafe just don't play it.
                        I took my time to explain quite a lot but I don't have patience anymore and I don't think anyone is really willing to take the time to explain again and again.

                        What are you even looking for as an answer?
                        It looks like no matter what is said you keep asking the same thing over and over
                        If you don't trust it because you keep misreading random data then simply don't use it idk

                        1 Reply Last reply
                        0
                        • Xerxesundefined Offline
                          Xerxesundefined Offline
                          Xerxes Plutonium Staff
                          replied to PepeRitroso on last edited by
                          #12

                          PepeRitroso said in Can Someone explain me this ?:

                          can someone explain me this ?

                          Your lack of knowledge does explain this.
                          Google what CloudFlare is and how it works. (Hint: It's a free proxy service used by million of websites to protect themselves.)

                          You are clearly not here for logical answers but trying to start a witch hunt out of thin air.

                          1 Reply Last reply
                          0

                          • Login

                          • Don't have an account? Register

                          • Login or register to search.
                          • First post
                            Last post
                          0
                          • Recent
                          • Tags
                          • Popular
                          • Users
                          • Groups
                          • Donate