tonyenkiducx

Hi Again, I spoke to my ISP and after managing to get a real engineer he said he's has similar issues and it was down to forwarded ports. I disabled the RDP access I had enabled and sure enough the alerts stopped. I suspect this is an issue with Malwarebytes now, once I knew what to look for I monitored the traffic a bit more closely and it all seems perfectly normal attempts to hack into my RDP, but all on port 3389, not the ports I'm being alerted to. I'm going to do a bit more testing over the next few days and I'll report back. I'll also try the beta version to see if that fixes the issue.

I own a hosting company, so got a bit of experience But I shall wait to hear from my ISP support first, just in case they have some info. If that doesn't work I'll try the beta software and report back. Ta again!

That's my local firewall, it's usually off so I don't bother with it, however the one on my router is enabled and only had RDP open(Which I use for work).

The thing is, with the firewall activated it's impossible for anyone to be probing my computers ports. Never mind the fact that on a NAT enabled network it's impossible to directly address a local PC without some sort of port forwarding or a DMZ(None of which I have enabled). I'm going to push this to my ISP and get them to check there isn't anything dodgy going on. Then I'll come back.

I have one on the router, and one local. The local one I only activated to test, but have turned it off again. The OpenDHCP Server was on purpose, to open shares to XBMC on the xbox. And the custom hosts are also on purpose, temporarily for development.

That's the thing, I have two firewalls(One added for testing) and both are set to block. I've tried opening up a port and connecting externally, but they are blocked and do not respond. If I open the firewall and then try to make a connection it does work. These connection requests are not coming from outside of my network.

Hi Kevin, Yes they are still happening. Logs attached as requested. 02.txt 03.txt 01.txt

No worries, ready to wait, thanks for the confirmation!

Ahh well this is a general chunk of licenses I bought through Digital River for my company, but I also use some of them at home, as I often work from here. It says "Malware bytes premium 4.1.0", you're quite right that it was phased out, so I'm just a regular premium user. I'm not trying to be a Karen or anything, just very wary of wasting volunteers time

Hi Kevin, It's an at home computer, but I use it for both business and work. I feel like maybe I'm in the wrong section here, I'm just looking to find out why Malware bytes is bringing up these warnings and what they mean. I'm a paying customer, and this seems to be a volunteer led forum. Should I be looking elsewhere?

Thanks for the reply. I am running malware bytes premium corporate, and it's been active and up to date for years. The alerts I am getting are from Malware bytes, that's why I came here to ask I ran adware cleaner, it's picked up nothing to concern me, log attached. Same from Farbar, looks clean, attached. Addition.txt FRST.txt AdwCleaner[C01].txt

I just recently added a fixed IP to my broadband with HyperOptic in the UK, which has now made me appear to the outside world when previously we were hidden by an ISP based NAT system. Since then I am getting a lot of RTP Detection events from russian bot networks, but I'm not sure how or why. I have a firewall on the router, tested externally to be working, and I activated the windows firewall just to test and I am still getting the warnings. Any ideas? Any further data I need to supply?