Is mujweb.cz safe download unexpectedly when looking at Macros

English
#1

Malware has warned me that Mujweb.cz is unsafe
Malwarebytes

-Log Details-
Protection Event Date: 02/07/2023
Protection Event Time: 13:32
Log File: 8c23c756-18d4-11ee-8259-40167e226995.json

-Software Information-
Version: 4.5.31.270
Components Version: 1.0.2047
Update Package Version: 1.0.71608
Licence: Premium

-System Information-
OS: Windows 10 (Build 19045.3086)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\LibreOffice\program\soffice.bin, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: RiskWare
Domain: mujweb.cz
IP Address: 46.255.231.129
Port: 80
Type: Outbound
File: C:\Program Files\LibreOffice\program\soffice.bin

(end)

Has any body any Knowledge

Should I be worried about AV warning re soffice.bin
Should I be worried about AV warning re soffice.bin
#2

What is the context here? How did you get to that error message? Did you try to open that link from a LibreOffice document? Were you using a downloaded spreadsheet from somewhere?

If you don’t give us any information, we can’t give you a sensible answer.

#3

I was doing two things on the day it first appeared.

  1. researching how to write a macro and
  2. installed the alternative search extension
    on that day I got a warning message from Malwarebytes but something seems to have attatched itself to Libreoffice because I have several warnings since including the one above which seems to indicate soffice.bin in the libreoffice folder has been corupted to go there. Since posting I have unistalled libreoffice and re-installed it in the hope that I have got rid of the problem. Certainly soffice.bin was deleted.
#4

The link tried to open when I opened Libreoffice today the first time since installing the alternative search

#5

Let’s hope that your reinstallation does the trick.

#6

https://extensions.libreoffice.org/en/extensions/show/alternative-dialog-find-replace-for-writer

It’s the extension that tries to access that URL. I’m sure that “soffice.bin in the libreoffice folder has been corupted” is wrong, and nothing was corrupted. But you might want to cntact the author of the extension on the extension page.

#7

Or, maybe, the OP got the extension from a dodgy location instead of the official extension site? I have had that extension for years, but I don’t remember how I got it initially.

#8

I took the risk, and opened mujweb.cz. It redirected me to https://volny.centrum.cz/. I see the http://www.volny.cz/macrojtb/ link mentioned on the extension page; so I don’t think it’s a “dodgy” extension, just maybe a false-detection by the antivirus of some Czech hoster.

#11

I think that you are right.

You would need to remove the relevant folder in order to clear everything. Be warned that you will lose all of your customisations.

Alternative Find & Replace is really old, and hasn’t been maintained, but it still seems to work well.

1 Like
#12

I think now that that address on volny.cz is set in the extension as the source for updates, which is queried now from time to time.

#9

Thank you for your comments. I can tell you that when I re-installed Libreoffice the extension was still there so I will wait to see what happens. Uninstall does not seem to uninstall everything.

#10

Indeed - it doesn’t touch your user profile, which is where your installed extensions are.

#13

mujweb.cz (in Czech: můj=my; = myweb) was popular free webhosting in Czech Republic before about 25 years :slight_smile: - I also had small blog on this server when I studied high school. But this server doesn’t exist many years.
I’m not sure I remembered well, mujweb.cz was bought by volny.cz that was popular provider of internet in that years. And then it was bought by centrum.cz that is news server.

2 Likes

Impressum (Legal Info) | Datenschutzerklärung (Privacy Policy)   Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.