Strange issue with cafiine_server.exe ... Ransomware.

Discussion in 'Wii U - Hacking & Backup Loaders' started by Phantom64, May 15, 2016.

  1. Phantom64
    OP

    Phantom64 Banned

    Banned
    581
    460
    Aug 18, 2015
    Saint Kitts and Nevis
    I have Malwarebytes anti-ransomware installed on my PC, when i try to launch cafiine_server.exe (needed for using cafiine without the SD method), MBAR says (A ransomware activity has been found in "cafiine_server.exe")
    I'm using MrRean's cafiine.

    No, none of my files has been crypted lol
     
  2. Deck of Noobs

    Deck of Noobs Politically Incorrect

    Member
    773
    1,126
    Apr 9, 2016
    United States
    3ds.guide
    false alarm
     
  3. Phantom64
    OP

    Phantom64 Banned

    Banned
    581
    460
    Aug 18, 2015
    Saint Kitts and Nevis
    yeah it is, but why. D:
     
  4. Deck of Noobs

    Deck of Noobs Politically Incorrect

    Member
    773
    1,126
    Apr 9, 2016
    United States
    3ds.guide
    Maybe because of how it affects files
     
  5. Phantom64
    OP

    Phantom64 Banned

    Banned
    581
    460
    Aug 18, 2015
    Saint Kitts and Nevis
  6. VinsCool

    VinsCool Disgusted

    Member
    GBAtemp Patron
    VinsCool is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    11,981
    28,950
    Jan 7, 2014
    Canada
    An Alternate Reality
    Simply because it allows your wiiu to remotely access files on your pc.
     
  7. Phantom64
    OP

    Phantom64 Banned

    Banned
    581
    460
    Aug 18, 2015
    Saint Kitts and Nevis
    It makes sense, thank you!
     
    Subtle Demise likes this.
  8. MrRean

    MrRean WiiU Helper / Hacker

    Member
    422
    1,500
    Jan 21, 2013
    United States
    It opens a port
     
    loco365 and Phantom64 like this.
  9. greenlanternx

    greenlanternx Advanced Member

    Newcomer
    57
    12
    Sep 16, 2012
    Chile
    with that logic any ftp and web server should be detected (even samba services a.k.a. windows filesharing)
     
  10. VinsCool

    VinsCool Disgusted

    Member
    GBAtemp Patron
    VinsCool is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    11,981
    28,950
    Jan 7, 2014
    Canada
    An Alternate Reality
    Like mr rean explained above, caffine opens a port.
     
  11. greenlanternx

    greenlanternx Advanced Member

    Newcomer
    57
    12
    Sep 16, 2012
    Chile
    I know, but apache opens the 80, ftp open 21, mysql 3306, and the list continues, maybe has a binary signature similar to a ransom...