Malwarebytes warnings for what reason?? | Project Zomboid | Page 1

sharp fable Apr 17, 2026, 10:59 AM

#

I had to fully wipe my whole pc after the whole malware thing with workshop, I finished setting up my pc a few days ago and decided to reinstall zomboid today. 0 mods, newest version and I keep getting these every time zomboid is open???

what-is-even-going-on-at-this-point-v0-ghjj8htfcqvg1.webp

split heart Apr 17, 2026, 11:09 AM

#

○ Port: 16261
○ Direction: Outbound Connection

This is just your game pinging the servers for query data, such as the server info, mods, player numbers and so on.

Malwarebytes is the only antivirus doing this, it seems like Malwarebytes is misconfigured to recognize standard pings as being malicious.

I would suggest reporting this to Malwarebytes to for further investigation, but from a standard look at it, it just seems like its blocking query pings for no reason.

sharp fable Apr 17, 2026, 11:12 AM

#

Is the port 20019 the same thing?

lime brook Apr 17, 2026, 11:13 AM

#

Most likely, you can check if the IP and port are actual servers, not every server uses 16261 as their port, since servers can use any port for the query and connection

#

Can easily search the server IPs here:
https://www.battlemetrics.com/servers/zomboid

#

I have sent a report to Malwarebytes to look into it and flag it as a false positive if they do not find any issues.

sharp fable Apr 17, 2026, 11:16 AM

#

I cant search by IP in battlemetrics. Searching the search bar by the IP with that port I found basically nothing, meanwhile other ones were labeled as malware in a few sites

lime brook Apr 17, 2026, 11:18 AM

#

Which ones? Are they relay servers?

sharp fable Apr 17, 2026, 11:20 AM

#

212.68.34.175 was labeled as malware in some malware analysis report, though it seems to be a server too, atleast according to servertracer

#

Ill have to pull up the other ones

#

https://www.socdefenders.ai/threats/cebfb448-2104-429b-a982-f7febcb53e7f

#

Apparently I cant post more links, I just got timed out for it

lime brook Apr 17, 2026, 11:35 AM

#

It seems to just be some sort of home IP, China Telecom

#

If a player is hosting a coop server, that is what would happen

#

Since it is stil just the 16261 outbound port, it means you are sending data to that IP, it is not that IP attacking you

#

"sending data" in this case means a query request

#

Basically you ask the IP if the server is running and what the server info is

#

I have recieved a reply from Malwarebytes, supposedly they will remove the marked IPs from the next database update

#Malwarebytes warnings for what reason??