Hello, this has never ever happened to me, but I randomly received a Botnet report/threat secured from Avast, reported that it was coming from Roguekiller antimalware. I have it installed as an antimalware program. Is this a false positive? I suppose it is.
I am uploading a screenshot from Avast.
My current Avast version is 23.9.6082 - build 23.9.8494.798 and virus definitions are 231019-6.
Threat is: Botnet:Blacklisted
Report is: TCP://188.114.96.9:443
This is what this website says about this ip:
https://www.abuseipdb.com/check/188.114.96.9Website says that IP comes from credible sources, therefore there it is whitelisted there, but there are many reports for bad stuff regarding this IP as well.
Edit: I updated avast to newer version/build, and I still keep getting these reports. I started getting them only today for the first time. I even updated Roguekiller to newer version and I still get them. Reported as bad file is either Roguekiller64.exe or RogueKillerSvc.exe.
What I suspect is that I get these reports because of the Ads for upgrading the Roguekiller to Roguekiller premium that pop up here and there, so instead of that pop up I get this Avast report/threat blocked window today. That is my theory only.
Edit2: Same thing happens on another computer on same network, exactly same IP is being reported and also botnet. Another computer too has Roguekiller and Avast installed. Too for the first time.
Edit 3: What triggers this sometimes is Clicking on "Check for Updates" button on Roguekiller, and sometimes this threat pops up when running a scan. Also it happens randomly when not doing anything.
Edit 4: Same thing happened on completely new third computer on same network. I installed avast, malwarebytes yesterday and it was ok. Today, just to verify whether it will pop up on third one, I also installed Roguekiller for the first time there, and the moment installation finished and program launched, the same thing popped up on Avast.
1. Is this false positive please?
2. Are you familiar with this new Avast behaviour and does IP shown in the screenshot belong to your server?
3. Supposedly IP shown on screenshot is related to CloudFlare. Does Roguekiller actually use it for something (Virus Definitions,pop up ads,etc.) or has roguekiller been infected in some way?
4. Can you try to replicate this by running Avast and Roguekiller at the same time and perhaps doing scans, updates etc while both are running at the same time?
Thanks
Topic: False positive? Botnet reported coming from Roguekiller antimalware (Read 929 times)
