Search the Community
Showing results for tags 'Malicious Website Block'.
I get the Malicious website blocked pop up every few minutes. same IP Outbound SVCHOST changing port numbers Win7 64bit happens when no browser is running I have never had any P2P sw on my laptop Always had Mcafee as AV Have Malwarebytes preimum for a while Prior to posting I did the following - which did not find any infection Mcafee scans - run Malwarebytes scan - run Malwarebytes rootkit beta - run Hitmanpro purchased and run Malwarebytes anti-exploit premium purchased - not yet activated Farbar installed, run and files attached concerned because of outbound, no browser running and changing port number attempted. Thx in advance for your help Barb Addition.txt FRST.txt
Hi I'm trying to clean a machine that I'm pretty sure is infected - the reason I believe it's infected is that an (unknown) application keeps attempting to connect to one of three IP addresses (each IP address is that of a broadband provider so it appears to be trying to connect to a remote machine). The pop-up message that MalwareBytes shows just tells me the IP address, and that it's outgoing - there's no detail telling me what process/application/service is trying to connect. A quick scan using the trial of the MB Pro version doesn't show an infection, the machine is currently undergoing a full scan but that's going to take some time as the disks are pretty large etc. To try and pinpoint the location of the process attempting to make that remote (outgoing) connection I've used TCPWatch, Sniffer, Wireshark - none of which are showing an outgoing connection to the IP addresses shown by MB, so I assume that MB is stopping the connection attempt before any of those tools "see" the connection attempt. That's fine, but is there any way of finding out what process/service is doing this? I've checked the process list and all appears to be ok there (although I could have missed something of course). Hopefully the full scan will reveal the issue, but just in case it doesn't - is there any way of tracking what application/process is attempting these connections (other than closing MB and letting the connection get caught by Wireshark or similar - which obviously I want to avoid as I have no idea what data it's going to attempt to transmit, or what it'll try to download onto the machine)? Thanks in advance Martin