alekso

Update, now blocking another adress too "193.107.17.129": 2013/02/23 19:41:49 +0100 ******-PC ****** IP-BLOCK 193.107.17.129 (Type: outgoing, Port: 53970, Process: ccsvchst.exe) Stated in a chat (dont know what this means? gateway?): Not listed in hphpsts: http://hosts-file.net/default.asp?s=193.107.17.129

As a owner of a Packard Bell (acer-brand) laptop i strongly recommend you to burn your recovery DVDs now, it will be very hard to get a recovery-dvd when your pc does not open and you are unable to access recovery programs or the recovery partition can be damaged...

Techno - Dubstep - Trance - Electro here https://www.youtube....h?v=oG687PvMn8o When i grow old i am probably going to be listening to some "lame" music, but for now... this rocks! and @GT500: nice to see another yogscast fan here. http://www.youtube.com/watch?v=oG687PvMn8o

IP-BLOCK 82.208.40.8 (Type: outgoing, Port: 63826, Process: ccsvchst.exe) Contacted symated two times, seems questionable having a server on un.me/cz.cc domain server, but they told me that it was infact: symtac-related server... investigating why i get this block each day have been a pain for me, so i want this solved so nobody else have to do the same... NOT listed in hphosts: http://hosts-file.ne...p?s=82.208.40.8

I guess its ok since nothing has happened to my online accounts, it just worries me that it sometimes pops-up when i login to websites.

Logs wont tell me much, even searching for the ip in the logs returned no results.

Ok, how do i know what process that actualy get blocked in the first place?

Ok, so i was asked to post here to get more help.. here is my old topic: http://forums.malwar...howtopic=119987 I have two suspicious things happening: 82.208.40.8 (Type: outgoing, Port: 49607, Process: ccsvchst.exe) keeps getting blocked every day, not a norton server why is a norton program contacting it then? i checked the certificate of the norton program and its valid, then i decided to look at a program with expired certificate for whatever reason. and i found out that the 2 year-expired certificate is counted as valid, is this normal or not? pic: http://i.imgur.com/VqIa2.png I have attached some files according to this post: http://forums.malwar...?showtopic=9573 I am actualy very experienced with malware and run some programs like blockify for spotify in a sandbox since its unsigned, its very unlikely that i have a virus since i do not run unsigned software unless i make sure its 99% safe. Example of unsigned safe programs i have is k-lite codec pack/CCEnhancer. dds.txt attach.txt

I have reason to belive the server is not a norton update server, as stated by their support "We are not able to verify thats a norton server just by looking at the IP" I tried to check the certificate of the norton program (ccsvchst.exe) its valid... however i tested another program i know the certificate is expired on for two years ago, thats too valid? maybe im wrong, but i do not think the computer should count it as valid when its 2 year after it has expired. Maybe the norton framework is infected and the virus has hidden itself by making all invalid certificates valid? i do not see any indication that i am infected, nor do i see anything when i scan... this is all just strange. Heres a pic or the "expired" certificate: http://i.imgur.com/VqIa2.png (sorry for it not being in english, no easy way to change Windows language)

It appears that "82.208.40.8" is a norton update server, WOW they use suspicious servers with a strange rdns record "ns1.dns-domainserver.com ", anyone that can tell me why malwarebytes blocks this IP? its not listed in hpHosts http://hosts-file.net/default.asp?s=82.208.40.8 and is definitly not malware.

Hello, i have been using malwarebyes and norton for a long time. For many days now this ip have been getting blocked (loggs): 2012/12/25 15:47:24 +0100 ALEKSANDER-PC Aleksander MESSAGE Starting protection 2012/12/25 15:47:24 +0100 ALEKSANDER-PC Aleksander MESSAGE Protection started successfully 2012/12/25 15:47:24 +0100 ALEKSANDER-PC Aleksander MESSAGE Starting IP protection 2012/12/25 15:47:26 +0100 ALEKSANDER-PC Aleksander MESSAGE IP Protection started successfully 2012/12/25 16:02:31 +0100 ALEKSANDER-PC Aleksander IP-BLOCK 82.208.40.8 (Type: outgoing, Port: 49818, Process: ccsvchst.exe) 2012/12/25 16:19:11 +0100 ALEKSANDER-PC Aleksander IP-BLOCK 82.208.40.8 (Type: outgoing, Port: 50263, Process: ccsvchst.exe) 2012/12/25 16:26:34 +0100 ALEKSANDER-PC Aleksander IP-BLOCK 82.208.40.8 (Type: outgoing, Port: 50639, Process: ccsvchst.exe) Anoyone have any idea what the ip "82.208.40.8" is used for and why its outgoing? i have done a full scan with malwarebytes and norton whitout any results.. (except tracking cookies).apperantly the ip is known as many things "ns1.dns-domainserver.com --> mx2.dns-domainserver.com --> 82.208.40.8". Its not blacklisted anywhere so i do not even know why malwarebytes has it blacklsited?