XWidgetSoft Forum
https://www.bbs.xwidget.com/

WARNING: XWidget Attempting Connection cnrdn 42.156.140.191
https://www.bbs.xwidget.com/viewtopic.php?f=3&t=6903		 Page 1 of 1
Author:  XWUser [ June 24th, 2018, 1:21 pm ]
Post subject:  WARNING: XWidget Attempting Connection cnrdn 42.156.140.191
I've been a Pro member for about a year now.
Recently, I've been getting warnings from MalwareBytes that XWidget.exe is trying to establish an outgoing connection with cnrdn.com at IP address 42.156.140.191.
This entity is apparently based in Eastern China & the IP address has been associated with threat events (malware, phishing) according to various sources.
Why is XWidget.exe trying to establish this unauthorized connection?
Author:  Tony [ June 24th, 2018, 2:41 pm ]
Post subject:  Re: WARNING: XWidget Attempting Connection cnrdn 42.156.140.
Hi,
Thanks for you report,This is an abandoned feature of China-online-update-users-statistics that has been removed long time ago and only for Chinese-Language-Users ,Other language versions of XWidget do not have this feature . this IP address is xwidget chinese-online-update-users-statistics server powerby famous chinese statistics provider http://www.cnzz.com/, xwidget connect this link to get new Chinese-Version information and record the Chinese users number of online upgrade users , please upgrad to the last version of XWidget without this function. Thank you.

Tony
Author:  XWUser [ June 24th, 2018, 3:34 pm ]
Post subject:  Re: WARNING: XWidget Attempting Connection cnrdn 42.156.140.
I have never installed a Chinese language version. Don't speak Chinese, so there can be no doubt of that fact.
I find this very disturbing.
Have XWidget v1.9.14.618 installed, but I'll be uninstalling it & running numerous anti-malware tools to ensure it is actually gone.
I purchased & used XWidget in good faith, but in light of this situation, I feel my trust was misplaced.
How disappointing and shameful.
Author:  Tony [ June 24th, 2018, 3:41 pm ]
Post subject:  Re: WARNING: XWidget Attempting Connection cnrdn 42.156.140.
I am sorry for this old problem,but I reiterate that this is a statistical function that has been removed long time ago. only in old version of xwidget.

XWidget is 100% clean,this is the report that scan by all famous AniVirus engine : https://www.virustotal.com/#/file/d3659 ... /detection


Attachment:
false_positive.png
false_positive.png [ 90.62 KiB | Viewed 14051 times ]


XWUser wrote:
I have never installed a Chinese language version. Don't speak Chinese, so there can be no doubt of that fact.
I find this very disturbing.
Have XWidget v1.9.14.618 installed, but I'll be uninstalling it & running numerous anti-malware tools to ensure it is actually gone.
I purchased & used XWidget in good faith, but in light of this situation, I feel my trust was misplaced.
How disappointing and shameful.
Author:  XWUser [ June 24th, 2018, 4:05 pm ]
Post subject:  Re: WARNING: XWidget Attempting Connection cnrdn 42.156.140.
Malwarebytes appears to feel differently. Here's a report concerning the attempt to make this outgoing connection today:
Quote:
-Log Details-
Protection Event Date: 6/24/18
Protection Event Time: 8:23 AM
Log File: 8975c378-77c2-11e8-aea0-d8cb8af3c1a5.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.374
Update Package Version: 1.0.5611
License: Premium

-System Information-
OS: Windows 10 (Build 17134.112)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: RiskWare
Domain: cnrdn.com
IP Address: 42.156.140.191
Port: [52377]
Type: Outbound
File: D:\XWidget\xwidget.exe
(end)


In addition to MalwareBytes considering cnrdn 42.156.140.191 "riskware", a quick search for that IP address brings up the following, which also report this as an unsafe entity:
http://www.herdprotect.com/domain-cnrdn.com.aspx
https://cymon.io/42.156.140.191

Regardless, it's clear that I can no longer trust XWidget. Had I not been running an anti-malware program, there would've been nothing to stop this unauthorized connection from being made without my knowledge/permission.

I enjoyed using XWidget. I felt I should support the effort & did so by purchasing a Pro license.
Sadly, I don't feel I can support XWidget any longer. This is very disheartening.
I'll not bother you further.
Good luck to current users.


Tony wrote:
I reiterate that this is a statistical function that has been removed long time ago. only in old version of xwidget.

XWidget is 100% clean,this is the report that scan by all famous AniVirus engine : https://www.virustotal.com/#/file/d3659 ... /detection


XWUser wrote:
I have never installed a Chinese language version. Don't speak Chinese, so there can be no doubt of that fact.
I find this very disturbing.
Have XWidget v1.9.14.618 installed, but I'll be uninstalling it & running numerous anti-malware tools to ensure it is actually gone.
I purchased & used XWidget in good faith, but in light of this situation, I feel my trust was misplaced.
How disappointing and shameful.
Author:  Tony [ June 24th, 2018, 4:11 pm ]
Post subject:  Re: WARNING: XWidget Attempting Connection cnrdn 42.156.140.
This is a false positive, you can check other ALL famous Anti-virus engine scan report are 100% : https://www.virustotal.com/#/file/d3659 ... /detection


Image
Author:  Jimking [ June 25th, 2018, 2:08 am ]
Post subject:  Re: WARNING: XWidget Attempting Connection cnrdn 42.156.140.
Some antivirus software are very sensitive to false alarms. Antiviruses or antimalware with false alarms exist for years. But this does not mean that there is something to worry about at all cost. Even malawarebytes that you reported confirms it.
As you can see from above from the official scannings, XWidget is 100% CLEAN!
More than that..
Page 1 of 1 All times are UTC - 8 hours
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/