Jump to content

therealex

Honorary Members
  • Posts

    22
  • Joined

  • Last visited

Everything posted by therealex

  1. Thanks, I'll give it a try. But I don't know - MBAM was always the gold standard, as far as I was concerned. Now it seems they're so busy "making improvements" that there are more issues than ever. I sure hope they get their act together. I recommend MBAM to everyone (and as a tech, I meet a LOT of people.) Now I'm getting calls from clients understandably upset that there are problems. I sure don't need the extra work! MBAM - you changed to a yearly subscription. Get it working, make it stable, and stop making us play whack-a-mole with things like protection turning off or icons not appearing or false alerts about updates! Thanks, Porthos. I'll try the beta.
  2. Hi, I have the latest version of MBAM Premium, running on WIn 10 Pro. The tray icon is suddenly missing. I went to Settings, and it doesn't even show up as an option in "Select which icons appear in the taskbar" or "Turn system icons on or off". In the MBAM settings page, it's checked to start with Windows, but I don't see a system tray option. It was there last time I checked, probably a few days ago. Is this yet ANOTHER update "improvement"? It's version 3.0.6.1469, Component package 1.0.103, Update package version 1.0.1856. It's set for automatic update. Thanks for your help! - Russ
  3. I've been having this issue, on and off, since December. There's an upgrade, it may (or may not) go away, then comes back. Now, at least once a day, I get an alert saying a component of Real TIme Protection is turned off. If I click "turn on", it's fine. I've already done the "uninstall using MBAM uninstaller" and re-installed, sometime in January. Right now I'm using ver 3.06.1469, component version 1.0.0, update package 1.0.1508. I've used MBAM for years and recommend it to all of my clients (I'm a tech). I don't know what the heck is going on here, but this isn't the kind of quality I expect from the "gold standard" of anti-malware programs. The only thing that has changed on my computer is I'm using Backblaze for backups, having switched from Acronis. There is absolutely no reason there should be a connection there, but in the interest of solving this, I'm mentioning it. - Russ
  4. Thanks for your help. I did as you suggested concerning the exclusions, so it should all be good!
  5. Hi, I know this has been covered, but I must be a bit dense here. I just upgraded from Win7 32 bit to Win7 64 bit (yay, finally have access to the additional 4 gigs of memory!) I have MBAM pro, and re-installed Avast free. I did a custom install and de-selected ALL of the optional software choices. Now, I have three things running: File System Shield, Web Shield, and Mail Shield. I'm using Outlook 2007 for my mail. Do any of these interfere with MBAM, as in having two malware protection programs running at once? If so, is there a way to shut off the malware part of Avast? Finally, do I need the Mail protection running? Thanks! - Russ
  6. Just checking - I haven't gotten the new upgrade yet. But, I'll still need an anti-virus, right?
  7. Thanks for the help. I'll finish checking things out, and if I can't figure it out I'll certainly take advantage of the malware removal section!
  8. Thank you for the reply. I uninstalled Avast! and it revealed that Firefox was, as the article said, initiating the attempts. I reinstalled Avast! and MBAM again cited it as the source. I have a number of pages open in Firefox, so I'm not sure what's causing it. I've closed a few at a time, and will continue until I figure out which one is doing it. Odd though - it attempts to make that connection as soon as Firefox opens, BEFORE it's loaded any of the pages (that is, when the "restore previous session" screen is open). I'm wondering if it's possible that Firefox itself is compromised.
  9. Hi, I followed the instructions and downloaded TCPView. I've been running it for about a day now. Roughly every hour, "avastsvc.exe" (yes, I have avast) tried to connect to 78.138.104.155 and MBAM blocks it. The remote address does not show up in TCPView, so I can't confirm if it's really Avast. The IP address is somewhere in Poland, so it's suspicious that Avast would be contacting it. Since TCPView isn't working, is there any other way to determine what process is actually initiating this request? Thanks for your help!
  10. I have been dealing with this problem for months. In my case, the random voices were caused by iexplore.exe running in the background (no actual window) and connecting to various sites, then disconnecting again. When I say "dealing with this" for months, I really mean it. I've been working with two people on Geeks To Go. I have the full version of MBAM, which has not found anything even though it scans every night. I use Process Blocker to stop IE from running, and failing that I've blocked it in Comodo. Teatimer has apparently blocked all of the sites it tries to go to, because when I disable Process Blocker and allow it to run, Comodo shows that it's trying reach a loopback (127.0.0.1) address. When I don't want it to run at all, I rename it (in Safe Mode, as it regenerates in Normal mode) to iexplore.bad. I've used: MBAM (of course) Combofix OTL Bootkit Remover MBR Check Reanimator GMER Regrun Warrior Rootkit Revealer Root Repeal RK Unhooker Super Anti-spyware Hitman Pro 3.5 TDSS Killer ESET Online Scanner to name a few, all under request by various experts. I've used Process Monitor and Process Explorer to try and "catch" the process that's initiating this - it doesn't do it in Safe Mode, so it's definitely something that's loading at startup. You may notice that it also makes the attempts hourly, at just about the same time within a second or two, and that there are multiple instances running that start within a second of each other. That is, if you're situation is the same as mine. I have NOT found the answer yet. Every other instance of this that I've seen written about has resulted in the end user wiping the system, but I'm a stubborn coot and refuse to do so. Why should these creeps win against all the experts out here? - Russ
  11. I rarely use IE, so I don't think that's it. I usually use Firefox (don't get me started...) - Russ
  12. FYI - I installed the newer version of Avast! (5) and the entire problem stopped dead in its tracks! Weird, but at least it's a solution if anyone else has this problem. In fact, ALL blocked IPs stopped appearing. Thanks again for your help. - Russ
  13. Yes, I couldn't catch the 67.213.214.178 block, but I'll set it up to try and get it. However, MBAM definitely is block the 208 IP: :48:59 Russell Alexander IP-BLOCK 208.73.210.27 It seems to try and access it four or five times in a row, and MBAM blocks it each time. Here's a quote from another thread about that address: antispywarepro.net 208.73.210.27 parkinglot.information.com Rogue Antivirus Bogdan Pankiv / software@fabrica.net.ua 2009-04-28 This is one line from just one report on IP 208.73.210.27 - I hope it will give you a basic idea why it is blocked - McAfee also Red Lists it - QUOTE clef.ca, wzbt.org, pal9.com, mlbk.com, azais.net and at least 100 other hosts point to 208.73.210.27. It is blacklisted in two lists. So, the question is, it seems to be Avast! that's trying to access it (which can't be true). MBAM does a scan every night and has not found anything, but SOMETHING is trying to access this site. I'm sorry that I don't know more about packets, but I gather that there wasn't anything there that would help in pinning it down. Any suggestions on how I might find this rogue program would be appreciated. I realize this is not the correct forum, as this is for false positives. I've already posted in the general forum prior to this. Thanks!
  14. Got it (finally!) it's for a different address, 208.73.210.27, which I posted about in the general forum. I've uploaded the files - they're only 1kb each, but I also included the full capture in case there was something else you wanted to see, bringing the size up to 4.2 megs. I also uploaded just the 1kb files, as "208 files small". This is really driving me nuts, as it's something that's pretending to be Avast! and keeps trying to access that IP (and others, too.) Any help would be greatly appreciated! - Russ
  15. If it comes up again, I'll attach it. there are other instances that are attributed to Avast, so I'll attach the next one as it happens. Thanks!
  16. It showed. And it's... Avast?!? Yup, it seems to be Avast! that's trying to access the site. WT heck?
  17. Thanks, I'm running it now. It actually showed a false positive - MB flagged Avast! as trying to connect to banned IP address. Still waiting for that 208.73.210.27 to show its face again! Thanks for the tip, this seems like a great program.
  18. I'm using C-Port to find out what's going on with some reported blocks. This one came up, and here's the info: ashWebSv.exe 3244 TCP 2388 192.168.1.2 80 http 67.213.214.178 178-host199440.midphase.com Sent C:\Program Files\Alwil Software\Avast4\ashWebSv.exe avast! Antivirus avast! Web Scanner 4, 8, 1367, 0 ALWIL Software 3/9/2010 20:37:19 NT AUTHORITY\SYSTEM avast! Web Scanner A 3/9/2010 21:12:10 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe It seems to be blocking Avast! from contacting midphase.com. Any idea if this is a mistake? Thanks.
  19. Yes, I saw that. I understand why it's blocked, but what I don't understand is which program keeps trying to access it. Am I being dense here (not unusual)?
  20. Okay, as Clint Eastwood once said: "A man's got to know his limitations". I found the reference to a couple of the attempts in Wireshark, but don't know how to proceed to find the offending program! Here's what I got: 90317 21:39:57.941489 192.168.1.2 192.168.1.1 DNS Standard query A filmfreephotos.com This lines up with malwarebytes' log: 21:39:57 Russell Alexander IP-BLOCK 208.73.210.27 Although the log goes on to find more: 21:40:00 Russell Alexander IP-BLOCK 208.73.210.27 21:40:06 Russell Alexander IP-BLOCK 208.73.210.27 21:40:18 Russell Alexander IP-BLOCK 208.73.210.27 21:40:21 Russell Alexander IP-BLOCK 208.73.210.27 21:40:27 Russell Alexander IP-BLOCK 208.73.210.27 And Wireshark finds this oddity: 90382 21:40:25.238093 192.168.1.2 192.168.1.1 DNS Standard query A cornersnackbar.com "cornersnackbar.com"? Anyway, I don't expect you kind folks to babysit me through figuring out what it all means, but a gentle push in the right direction would be greatly appreciated!
  21. Thanks for the responses. I don't usually run P2P software, although I have occasionally run bitpump. I stop the process, though, when it's done. It isn't running now. Rebooting does not prevent the attempted IP access. I ran tcpview, but since you can't create a log file it didn't help track down which program was trying to access the address. I downloaded wireshark and created a filter for that address, so I'll see what happens. When I get it determined, I'll post the result! - Russ
  22. Hi, I see that MB keeps blocking 208.73.210.27. I can't seem to figure out which program is trying to access it, though. I saw in other posts that it isn't a false positive, so how can I determine what keeps trying to access it? Thanks!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.