Can Someone explain me this ?
-
https://imgur.com/a/OMSpxQk
i need to be worried ?
there is a lot of malicious activity here! -
Now explain whats malicious about this.
-
and i am only taking those three as an example but there is a lot more -
PepeRitroso which software is that? i find it highly unlikely that the updater contacts "xred . mooo . com", whatever that is supposed to be. Most of those detections are generic ("suspicious", "bad reputation") so they are meaningless, you'll get that on unsigned applications.
-
i am using virus total in graph mode
-
PepeRitroso and do you know how the graph mode works and what data it shows? Doesn't look like it
Plutonium is safe otherwise it wouldn't have lasted for 5 years, hosted tournaments with big youtubers, have so much players (3 million accounts on the forum) and so on.This is either a false positive or in the case of what you're showing, unrelated.
I could find the same data about the official Minecraft launcher or Epic Games launcher.
Here is an example with the official and latest Steam installer executable file
As you can see it looks like a virus but it's not.
Made very simple it just means that some virus are bundling the official Steam exe in their virus and so that Steam is ""related"" to those virus. But obviously Steam is not doing anything actively on their side.Cybersecurity is way more complex than just seeing numbers and red colors and deducing stuff.
Those data/information are here for those who can read itIf after reading what I said you go in the "Relations" tab on VT and hover your mouse on the little information icon you will see that it explains what I just said
I hope this is clearer for you now
-
Resxt thanks for the quick answer!
On virustotal it is explicit that there are calls to ip addresses with which files are transferred (exe, apk, zip, etc)
Among these files are- multiple copies of a TJprojMain.exe
- multiple files with Windows system file names which, however, have internally calls to unknown ip addresses or untrustworthy ddns
can you please explain me also this ?
-
PepeRitroso it's the same thing again, you're looking at what "fake" exes are doing and treating it as if it was Plutonium.
Relations means that there other files from random people that use plutonium.exe, doesn't mean plutonium.exe has anything to do with it.Again, scan the Steam installer and you will find similar results because Steam is bundled with malwares by some people but the Steam installer itself has nothing to do with it, it was just re-used by other people in other app.
These are the domains contacted by plutonium.exe itself
-
hi! thank you in advance for your time!
i know but if you scrolled down more you can see this
one of those ip adresses is found in a list wrote in an article here
https://medium.com/walmartglobaltech/state-of-the-rat-part-1-cfec6c967e2fand towards that ip malware was found by virustotal including the malware "TJprojMain"
Thanks to your analysis and to the people who are helping me digging this out it certainly seems less tragic to me
however at the same time it seems clear to me that there are strange relationships between plutonium and certain ip addresses explicit within plutonium itself.
hope you can clear my mind about this
thanks as always for the detailed and polite answer to my question and doubts! -
can someone explain me this ?
-
PepeRitroso I'm not wasting my time saying the same thing over and over
You're trying to analyze data that you don't understand and keep saying the same thing over and overIf you think Plutonium is unsafe just don't play it.
I took my time to explain quite a lot but I don't have patience anymore and I don't think anyone is really willing to take the time to explain again and again.What are you even looking for as an answer?
It looks like no matter what is said you keep asking the same thing over and over
If you don't trust it because you keep misreading random data then simply don't use it idk -
PepeRitroso said in Can Someone explain me this ?:
can someone explain me this ?
Your lack of knowledge does explain this.
Google what CloudFlare is and how it works. (Hint: It's a free proxy service used by million of websites to protect themselves.)You are clearly not here for logical answers but trying to start a witch hunt out of thin air.