Highlighted
Virtuoso
Virtuoso

Re: Malwareebytes insists vmware-hostd.exe, even after whitelisting the vmware-folder

It looks like the alarm is because there is an inbound traffic request into vmware-hostd.exe and not necessarily because of vmware-hostd.exe code.

The source IP address requesting the inbound traffic is allocated to a hosting service in Russia.

https://apps.db.ripe.net/db-web-ui/query?searchtext=176.96.238.149

0 Kudos
3 Replies
Highlighted
Contributor
Contributor

It looks like the alarm is because there is an inbound traffic request into vmware-hostd.exe and not necessarily because of vmware-hostd.exe code.

The source IP address requesting the inbound traffic is allocated to a hosting service in Russia.

Thank you for the reply. That does not sound good. Not necessarily because of hostd. Russia. Those are not sounding great. Does anyone have any advise for what to do? So far I installed additional additional Malwarebytes software, and uninstalled the vmware program responsible for hostd.exe.

Thing is, I only hosted things downloaded from Ubuntu and Microsoft website on this thing, and from checking out some open source viruses, those things migrate from programs and services, its amazing really, just the other day I found a complete system takeover tier virus on github that was 12 days past being discovered by microsoft security.

I've blocked all incoming in firewall, as well. Really hoping to contain this before it elevated privilege through being a service and associating with system.

Thanks again for the reply and the site

0 Kudos
Highlighted
Contributor
Contributor

On a second read the in a much less stressed mode, I am interpreting as you speculating that it was false alarm? I can assure you one of them eventually slipped passed a trojan.

0 Kudos
Highlighted
Contributor
Contributor

bluefirestorm

My curiosity got the best if me, and at the expense of my math exam result I have gone and learned that you were right all along, there is nothing about hostd that is particularly attractive for attackers, despite its server-like features, other than being an averagely active service running.

Thank you for an interesting exchange, now I have some catching up to do in the math department.

0 Kudos