Beck38

After the 'fun' of two weeks ago, after which everything was running perfectly with no problems or alerts, this morning while doing an update of Malwarebytes, a new version (1.51.1.1800) was downloaded and installed. Virtually immediately, the machine was re-infected by the Malwarebyes s/w, taking me back to something 'calling out' to that blocked IP address, 174.127.96.30. How did this happen? Is Malwarebytes spreading malware? Sure seems so to me. Will report back later.

I got some other sniffing programs to grab the packets, and they were a bit lean on info. Started up a support ticket, did some basic clean-ups (didn't do much if anything) and finally ran Combofix which dug deep and found the critter that was causing the problem. But in researching that Utah/UK posting company, found they had been on several black lists for several years for some of their 'bad practices'. So that's why Malwarebytes blocks the IP, my only question is what did I do to get the crud on my machine... I don't think I'll ever know, or did Malwarebytes add it to the ban list kinda out of the blue although it probably should have been on it for forever - but the latest on them from several sources is they were involved in a DOS attack just a couple weeks ago, which was when it started popping up on my Malwarebytes log. So it might have been there since who knows, but reared it's head when the address was added to the ban list. All clean now. Super service!

I've done TWO complete scans of my entire system with the most updated database, ZERO crud found, yet I still am getting the IP Block on "174.127.96.30" about every 5 minutes according to the log files. Where is this coming from? Why doesn't Malwarebytes give a full explanation anywhere (that I can find) as to why this (or anything else for that matter) is being blocked?

About two weeks ago, an update to Malwarebytes added an IP address to block, 174.127.96.30, which resolves to a hosting company in UTAH, USA. (Mormon terrorists? ) Exactly what in my system is attempting to 'call out' to this address has puzzled me, and in trying to run it down tried the 'TCPView' program which you suggest in your FAQ, but this program will not run on W2K. Is there some other program that will work on W2K? With absolutely nothing running on a freshly booted machine, it still is trying to 'call out'. Nothing is found after running a full scan on the machine. I have several programs that 'call home' to trigger updates and such, and some may indeed be going through this Utah hosting company. Sill would be nice to know. Is there a way to figure it out with W2K?