gdiloren
-
Posts
18 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by gdiloren
-
-
I use Malwarebytes beta 2 and the detections data bases were thhose of today and yesterday 4 th of March 2014!
-
I have at least 24 detections of PrivDog extension in browser (like Google) that belongs to the Comodo Internet Security Beta 7 v. 4101 and I think this is FALSE POSITIVE FP. Can you please fix it???
-
This is FP and MBAM is the only one to detect it on Virus Total on 40 engines!
-
Bump. Site does not appear exempt from malignous activity. Previously, when surfing sandboxed, you would be redirected on some porn sites. Then it seems to be searching for open ports, and on and on. Nothing is "free", for sure!
-
Sandboxed I get this kind of log:
2012/11/26 11:49:31 -0500 IP-BLOCK 94.242.251.165 (Type: outgoing, Port: 49978, Process: firefox.exe)
2012/11/26 11:49:31 -0500 IP-BLOCK 94.242.251.165 (Type: outgoing, Port: 49981, Process: firefox.exe)
2012/11/26 11:49:31 -0500 IP-BLOCK 94.242.251.165 (Type: outgoing, Port: 49982, Process: firefox.exe)
2012/11/26 11:49:31 -0500 IP-BLOCK 94.242.251.165 (Type: outgoing, Port: 49983, Process: firefox.exe)
2012/11/26 11:49:31 -0500 IP-BLOCK 94.242.251.165 (Type: outgoing, Port: 49984, Process: firefox.exe)
2012/11/26 11:49:31 -0500 IP-BLOCK 94.242.251.165 (Type: outgoing, Port: 49985, Process: firefox.exe)
etc... until I close my browser.
I'm told it's a MBAM FP because streamiz is OK for WOT, SiteAdvisor, TrafficLight etc...
Can you check???
This is where it is discussed in the Norton Forum:http://community.norton.com/t5/Norton-Internet-Security-Norton/NIS-2012-and-Malwarebytes/td-p/819582/page/2
-
Sandboxed I get this kind of log:
2012/11/26 11:49:31 -0500 IP-BLOCK 94.242.251.165 (Type: outgoing, Port: 49978, Process: firefox.exe)
2012/11/26 11:49:31 -0500 IP-BLOCK 94.242.251.165 (Type: outgoing, Port: 49981, Process: firefox.exe)
2012/11/26 11:49:31 -0500 IP-BLOCK 94.242.251.165 (Type: outgoing, Port: 49982, Process: firefox.exe)
2012/11/26 11:49:31 -0500 IP-BLOCK 94.242.251.165 (Type: outgoing, Port: 49983, Process: firefox.exe)
2012/11/26 11:49:31 -0500 IP-BLOCK 94.242.251.165 (Type: outgoing, Port: 49984, Process: firefox.exe)
2012/11/26 11:49:31 -0500 IP-BLOCK 94.242.251.165 (Type: outgoing, Port: 49985, Process: firefox.exe)
etc... until I close my browser.
I'm told it's a MBAM FP because streamiz is OK for WOT, SiteAdvisor, TrafficLight etc...
Can you check???
-
Does it conflict in any way with real-time MBAM protection. My browsing seems slower with real-time WD protection.
-
No, it's not Live Messenger since I exited and I have the same Malaysian IPs. I don't use P2Ps for fear of infections. I'm going to investigate this!
Looks like to be Crawler Spyware Terminator MBAM in AVAST FORUM GENERAL
-
Yes I'm logged on my Live Messenger permanently. I'll try to close it down. Also I have to tell Windows Security Center wasn't recognizing Comodo FW and Defense + as activated although they were. They were set too high and I put it back to normal. It solved the problem with Windows Security Center.
No, it's not Live Messenger since I exited and I have the same Malaysian IPs. I don't use P2Ps for fear of infections. I'm going to investigate this!
-
Any chance you're running a P2P program? (every single IP you've listed is involved in malicious activity, so whilst I still suspect an infection, especially given the presence of 124.217.225.37 (Piradius IP), I thought I'd ask).
If not, a packet capture would help track this down (you can use Wireshark for packet captures)
Yes I'm logged on my Live Messenger permanently. I'll try to close it down. Also I have to tell Windows Security Center wasn't recognizing Comodo FW and Defense + as activated although they were. They were set too high and I put it back to normal. It solved the problem with Windows Security Center.
-
Ok. What do I do know. I'm getting many IP blocking pop-ups of various kinds, even with no browser on, and I scanned my PC for virus and malware thoroughly (use Avast 5.0.418 on acces and MBAM on access, have ST, SAS WD, SB). Here are the latest IP blocks today and yesterday:
IP-BLOCK 94.96.74.35
IP-BLOCK 117.199.5.104 I have Web Shield and Network Shield ON for all files scanning in RP of AVAST 5 + Comodo FW Defense + and a router secured. Should I be concerned? Haven't suffered
IP-BLOCK 58.241.135.86 any damage to this day.
IP-BLOCK 58.241.132.74
IP-BLOCK 222.67.69.186
IP-BLOCK 212.95.211.165
IP-BLOCK 89.28.31.95
IP-BLOCK 94.96.80.14
IP-BLOCK 94.96.106.73
IP-BLOCK 81.23.121.126
IP-BLOCK 81.23.121.126
IP-BLOCK 81.23.121.126
IP-BLOCK 81.23.121.126
IP-BLOCK 81.23.121.126
IP-BLOCK 117.198.207.153
IP-BLOCK 81.23.121.126
IP-BLOCK 81.23.121.126
IP-BLOCK 81.23.121.126
IP-BLOCK 117.198.133.54
IP-BLOCK 124.217.225.37
IP-BLOCK 117.200.58.143
IP-BLOCK 117.197.16.18
IP-BLOCK 218.10.62.179
IP-BLOCK 117.199.118.171
Only potential program I can see malicious on this PC is Screenshot Captor which is a freeware advertised in the avast forum!
-
I'm not familiar with "Link Extent" as I don't use Firefox, but whether it's safe or not is irrelevant I'm afraid. 88.214.203.109 is on an IP range that is well known for malicious content.
Ok. What do I do know. I'm getting many IP blocking pop-ups of various kinds, even with no browser on, and I scanned my PC for virus and malware thoroughly (use Avast 5.0.418 on acces and MBAM on access, have ST, SAS WD, SB). Here are the latest IP blocks today and yesterday:
IP-BLOCK 94.96.74.35
IP-BLOCK 117.199.5.104 I have Web Shield and Network Shield ON for all files scanning in RP of AVAST 5 + Comodo FW Defense + and a router secured. Should I be concerned? Haven't suffered
IP-BLOCK 58.241.135.86 any damage to this day.
IP-BLOCK 58.241.132.74
IP-BLOCK 222.67.69.186
IP-BLOCK 212.95.211.165
IP-BLOCK 89.28.31.95
IP-BLOCK 94.96.80.14
IP-BLOCK 94.96.106.73
IP-BLOCK 81.23.121.126
IP-BLOCK 81.23.121.126
IP-BLOCK 81.23.121.126
IP-BLOCK 81.23.121.126
IP-BLOCK 81.23.121.126
IP-BLOCK 117.198.207.153
IP-BLOCK 81.23.121.126
IP-BLOCK 81.23.121.126
IP-BLOCK 81.23.121.126
IP-BLOCK 117.198.133.54
IP-BLOCK 124.217.225.37
IP-BLOCK 117.200.58.143
IP-BLOCK 117.197.16.18
IP-BLOCK 218.10.62.179
IP-BLOCK 117.199.118.171
-
I think that the extension LINK EXTENT 1.0.7 in FF v. 3.6 is not harmful, in anyway by uninstalling it you don't get pop-ups about 88.214.203.109 anymore.
I may add I use Vista SP2 and have absolutely no annoyance with the IP protection feature with IE8 or Google Chrome Beta v.5.0.322.2
-
I think that the extension LINK EXTENT 1.0.7 in FF v. 3.6 is not harmful, in anyway by uninstalling it you don't get pop-ups about 88.214.203.109 anymore.
I may add I use Vista SP2 and have absolutely no annoyance with the IP protection feature with IE8 or Google Chrome Beta v.5.0.322.2
-
I think that the extension LINK EXTENT 1.0.7 in FF v. 3.6 is not harmful, in anyway by uninstalling it you don't get pop-ups about 88.214.203.109 anymore.
-
Since about a week, whenever I update Malwarebytes, it shows that the date definition is always for tomorrow (as if it was in China). I live in Canada. Do you have an explanation???
-
C:/Windows/ACER_NORMAL/Install_Flash_Player_9_AX_9.0.28.0.exe, a 1.12 Mo file should be a FP, detected since the 2008-08-15 definitions
PUP.Optional PrivDog FP
in File Detections
Posted
Thanks for this very fast action on my request! Much appreciated!
