coastalwanderer

This may be the wrong location to note this, but, MalwareBytes forum on Malware Removal seems like a good place. I have MalwareBytes Pro and started recieving a message that it was blocking Outgoing IP Address 46.229.165.2 yesterday afternoon. Thank you MalwareBytes, I do appreciate your detection and warning. However, I seemed to be detect who/what was causing the problem. The problem appeared in Firefox and after moving through any 3 pages, including google, yahoo, or on any site (including this forum), the message was going out to 49.229.165.2. Nothing was detected by MalwareBytes, AVG, Microsoft Essentials, Dr Web, TDKKiller, or 3 other tools I used. I am posting this because I did find a solution. I turned off add-ons in firefox and the problem went away. I turned my add-ons back in groups to isolate the culprit. I located the add-on causing the problem. It appears that sometime yesterday some software installed an add-on (perhaps I authorized it unwittingly or it installed itself as I browsed). The software was called ToolbarBrowser 1.3.2 by Trellian. Browsing the web, I found sites saying this was a "quality tool," a non-spamming provider of tools and the random sites offered great praise of this "tool." I found one site indicating this add-on was created by Trellian and does collect your browsing habits. Please be aware, I do not know if I had a virus attach itself to my addon or if the addon is designed to collect information. I do know that disabling it removed my problem. I have removed "ToolbarBrowser" 1.3.2 by Trellian from my add-ons. If you are having a problem with blocked outgoing IP Address 46.229.165.2 on Firefox, I would suggest you examine your add-ons and test disabling ToolbarBrowser.

I apologize for opening this post. Though I was having a problem, requesting update on Malwarebytes (today) seems to have eliminated the problem. Perhaps I had an incomplete data update yesterday, or perhaps I had some other strange condition occuring. The problem has vanished, this post should be closed. Thank you for your reply.

I am concerned. Suddenly, my malwarebytes updated its database and is now detecting Trojan-Banker in 2 files. These files are part of the "Uniform Server" package. I have quaranteed and deleted the files. The trojan was detected in the files Start_as_program.exe on version Coral_8_6_7.exe this evening. I deleted the entire directory, went to Uniform Server, retrieved a fresh version Coral_8_6_8.exe and files Start_as_server.exe and Start_as_program.exe are detected as infected with Trojan-Banker. It could be the Uniserver actually contains a Trojan, but, it seems strange ... I thought Uniform Server was a credible product. I need to contact them if they truly have a problem that they are distributing. How can I test to determine if it is their package infected or a mis-detection on the part of Malwarebytes?