Jump to content

Search the Community

Showing results for tags 'inbound'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 17 results

  1. MalBytes keeps giving me multiple "inbound" and "outbound" trojan notices usually in "bursts" only minutes apart. Two of the most recent: -------------------------------------------------------------------------------------------------------------------------- Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 1/3/20 Protection Event Time: 12:24 PM Log File: 514d7710-2e56-11ea-8896-000272c7c0d0.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.785 Update Package Version: 1.0.17183 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Trojan Domain: IP Address: 176.113.161.71 Port: 49161 Type: Outbound File: C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe (end) -------------------------------------------------------------------------------- Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 1/3/20 Protection Event Time: 12:20 PM Log File: c88c3dd1-2e55-11ea-8ea3-000272c7c0d0.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.785 Update Package Version: 1.0.17183 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Trojan Domain: IP Address: 176.113.161.91 Port: 49161 Type: Inbound File: C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe (end) ----------------------------------------------------------------------- I have quite a lot more if needed.
  2. Have an odd situation. My MalwareBytes Premium is repeatedly showing blocks for an inbound IP address (we'll call it 199.99.9.9 for example) on port 53. I am running this on a personal 2008 server that does have MS DNS running and the server is behind a Cisco router that has an explicit ACL deny for 199.99.9.0/24. I've scanned the inbound connections on both the router and the server and do NOT see that IP address connected nor does the access-list show any matches for that IP being denied. Still, MalwareBytes is repeatedly blocking that IP about 50 times every 15 minutes. Any ideas where I should be digging deeper?
  3. Sometimes your program shows me the notification a connection is was blocked by it. The program spams the notification. If It starts, It would not stop for a period of some minutes. I have tried to look at your log files and detect the process what does this. Unfortunately, the program doesn't report process's Id, only the Process's file, which is, in my case, svchost.exe Please help me remove this spyware (I pretty sure it is a spyware). Thanks in Advance, Mizaro
  4. Hello, new to the site and the program. Currently running on a trial version, though really pleased by the program thus far. Anyway, today just past I noticed Malwarebytes was informing me about an ip address getting blocked making both inbound & outbound connections. I checked the logs, it had been doing so since 12:00 am, so far about 50 times, maybe more. at times when I noticed, I tried turning off my browser, and all programs that communicate with the internet, but they continued, so I unplugged my ethernet cable, which stopped it. When I plugged it back in about, it started again about 10 minutes after. I checked the ip addresses, and they show up as coming from various foreign countries. 185.98.24.5:59094 87.116.189.55:59094 185.98.24.5:59094 I tried doing a malware scan with Malwarebytes, which found a bunch of minor stuff, though the problem persisted. Then I reset my ip address and went offline for a few hours, and haven't gotten any blocked connection notifications for about 3 hours now, but I doubt that resolved the problem completely I looked this problem up online, and saw that many people have had the same thing happen to them, though I hadn't been able to find a generalized guide, so I figured i'd seek help here. I've attached the scan by FRST, as suggested in this forum. FRST.txt Addition.txt
  5. Hi Attached pop-up occuring constantly. IP' is not always the same. Is there something wrong with svchost.exe or ...?
  6. I recently installed Malwarebytes after some suspicions due to slow computer running speed in order to run a scan (which turned up 2 entries), and activated a trial for the enhanced protection services. A few days later, I began to receive repeated notifications that a malicious website was blocked, trying to access Skype and svchost. I promptly closed Skype and disconnected my computer from the internet for a bit as I deleted my stored passwords and cache and ran a scan, which turned up nothing. As of reconnecting my computer to the internet after closing Skype, I have not received any more notifications. Included below is the scan log from the first scan and today's protection log which includes the malicious website attack attempts. Please advise! Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/10/2016 Scan Time: 12:26 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.10.10.06 Rootkit Database: v2016.09.26.02 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: bananaman Scan Type: Threat Scan Result: Completed Objects Scanned: 422870 Time Elapsed: 15 min, 12 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.MyStart, HKLM\SOFTWARE\WOW6432NODE\mystarttb, Quarantined, [e2ac6136900a80b63aced6d715eee41c], Registry Values: 0 (No malicious items detected) Registry Data: 1 Broken.OpenCommand, HKCR\regfile\shell\open\command, "regedit.exe" "Good: (regedit.exe "Bad: ("regedit.exe" "%1"),Replaced,[ffffffffffffffffffffffffffffffff]")", %4, %5 Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) ------------------------------------------------------------------- Malwarebytes Anti-Malware www.malwarebytes.org Update, 10/13/2016 1:45 AM, SYSTEM, ORLANDO-PC, Scheduler, Malware Database, 2016.10.13.2, 2016.10.13.3, Protection, 10/13/2016 1:45 AM, SYSTEM, ORLANDO-PC, Protection, Refresh, Starting, Protection, 10/13/2016 1:45 AM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, Stopping, Protection, 10/13/2016 1:45 AM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, Stopped, Protection, 10/13/2016 1:45 AM, SYSTEM, ORLANDO-PC, Protection, Refresh, Success, Protection, 10/13/2016 1:45 AM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, Starting, Protection, 10/13/2016 1:45 AM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, Started, Protection, 10/13/2016 11:57 AM, SYSTEM, ORLANDO-PC, Protection, Malware Protection, Starting, Protection, 10/13/2016 11:57 AM, SYSTEM, ORLANDO-PC, Protection, Malware Protection, Started, Protection, 10/13/2016 11:57 AM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, Starting, Protection, 10/13/2016 11:57 AM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, Started, Update, 10/13/2016 11:58 AM, SYSTEM, ORLANDO-PC, Scheduler, Domain Database, 2016.10.13.1, 2016.10.13.5, Update, 10/13/2016 11:58 AM, SYSTEM, ORLANDO-PC, Scheduler, Malware Database, 2016.10.13.3, 2016.10.13.9, Protection, 10/13/2016 11:58 AM, SYSTEM, ORLANDO-PC, Protection, Refresh, Starting, Protection, 10/13/2016 11:58 AM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, Stopping, Protection, 10/13/2016 11:58 AM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, Stopped, Protection, 10/13/2016 11:58 AM, SYSTEM, ORLANDO-PC, Protection, Refresh, Success, Protection, 10/13/2016 11:58 AM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, Starting, Protection, 10/13/2016 11:58 AM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, Started, Update, 10/13/2016 12:01 PM, SYSTEM, ORLANDO-PC, Scheduler, Domain Database, 2016.10.13.5, 2016.10.13.6, Protection, 10/13/2016 12:01 PM, SYSTEM, ORLANDO-PC, Protection, Refresh, Starting, Protection, 10/13/2016 12:01 PM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, Stopping, Protection, 10/13/2016 12:01 PM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, Stopped, Protection, 10/13/2016 12:01 PM, SYSTEM, ORLANDO-PC, Protection, Refresh, Success, Protection, 10/13/2016 12:01 PM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, Starting, Protection, 10/13/2016 12:01 PM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, Started, Scan, 10/13/2016 12:12 PM, SYSTEM, ORLANDO-PC, Context, Start:10/13/2016 11:58 AM, Duration:14 min 24 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Detection, 10/13/2016 2:26 PM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, IP, 182.74.246.226, 52214, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 10/13/2016 2:26 PM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, IP, 182.74.246.226, 52214, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 10/13/2016 2:26 PM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, IP, 182.74.246.226, 36043, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 10/13/2016 3:21 PM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, IP, 179.96.17.142, 36043, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 10/13/2016 3:21 PM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, IP, 179.96.17.142, 36043, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 10/13/2016 3:21 PM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, IP, 179.96.17.142, 36043, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 10/13/2016 3:21 PM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, IP, 179.96.17.142, 36043, Inbound, C:\Windows\System32\svchost.exe, Detection, 10/13/2016 3:21 PM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, IP, 179.96.17.142, 36043, Inbound, C:\Windows\System32\svchost.exe, Detection, 10/13/2016 3:21 PM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, IP, 179.96.17.142, 36043, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 10/13/2016 3:21 PM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, IP, 179.96.17.142, 36043, Inbound, C:\Windows\System32\svchost.exe, Detection, 10/13/2016 3:21 PM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, IP, 179.96.17.142, 36043, Inbound, C:\Windows\System32\svchost.exe, Detection, 10/13/2016 3:21 PM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, IP, 179.96.17.142, 36043, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 10/13/2016 3:21 PM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, IP, 179.96.17.142, 36043, Inbound, C:\Windows\System32\svchost.exe, Detection, 10/13/2016 3:21 PM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, IP, 179.96.17.142, 36043, Inbound, C:\Windows\System32\svchost.exe, Detection, 10/13/2016 3:22 PM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, IP, 179.96.17.142, 36043, Inbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, Detection, 10/13/2016 3:22 PM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, IP, 179.96.17.142, 36043, Inbound, C:\Windows\System32\svchost.exe, Detection, 10/13/2016 3:22 PM, SYSTEM, ORLANDO-PC, Protection, Malicious Website Protection, IP, 179.96.17.142, 36043, Inbound, C:\Windows\System32\svchost.exe, Update, 10/13/2016 3:23 PM, SYSTEM, ORLANDO-PC, Manual, Failed, No Internet connection detected, Scan, 10/13/2016 3:37 PM, SYSTEM, ORLANDO-PC, Manual, Start:10/13/2016 3:23 PM, Duration:13 min 21 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Update, 10/13/2016 3:45 PM, SYSTEM, ORLANDO-PC, Scheduler, Failed, No Internet connection detected, (end)
  7. While watching a YouTube video, I noticed Malwarebytes starting to go insane with notifications blocking both inbound and outbound connections from the IP 121.54.58.246 to Skype. I never have any ads in Skype and while Malwarebytes does randomly block IP's inbound to skype at times, its never been anything like this before. A quick google search of this IP address reveals that it is listed in the StopForumSpam database as well as project honeypot who states it is used in dictionary attacks (see attached image). I have attached the Malwarebytes protection log, should I be concerned about this? malwarebytes.txt
  8. Hi, Today I noticed an inbound connection that was blocked by malwarebytes. C:\Windows\System32\svchost.exe Port 123 I checked yesterdays protection log and noticed the same block, however from different IP address. I checked logs from rest of the week, and found no sings from it. The detection from today seems to come from Netherlands, and the yesterdays one from Lithuania. Since these were inbound instead of outbound that means that Malwarebytes is doing its job right? But I don't think that its normal to be "under attack" like this. And i'm kinda paranoid when it comes to pc viruses so better to be safe than sorry. I did a clean install for Windows 10 about 2 weeks ago, formatted my drives. I moved some files over, from my old PC, such as pictures, text documents, music and skype chat history. Among the first things I installed on this PC were Avira antivirus (free) and Malwarebytes premium. I have avira and malwarebytes set for daily scans. I have attached the protection logs from today and yesterday and a full scan report of malwayrebytes which came up with nothing. Are these random attacks? Should I be worried? Am I under attack? Am I infected? Am I just paranoid? Thank you very much for your help in advance. Really appreciate what you are doing here. Full disclosure: I had p2p software "Deluge" installed, but I uninstalled it since the rules say so. I added skype.exe to process exclusions. Protectionlog 30.1.2016.txt Protectionlog 31.1.2016.txt scanlog 31.1.2016.txt
  9. Hello! I'm making this new topic to get some help with my PC. I just got a popup from MBAM Premium saying that an inbound connection was blocked from svchost.exe. Detection, 2/21/2015 3:52:58 PM, SYSTEM, J-PC, Protection, Malicious Website Protection, IP, 93.174.93.20, 1900, Inbound, C:\Windows\System32\svchost.exe, Detection, 2/21/2015 3:52:59 PM, SYSTEM, J-PC, Protection, Malicious Website Protection, IP, 93.174.93.20, 1900, Inbound, C:\Windows\System32\svchost.exe, Please help whenever possible. Thank you in advance.
  10. Hello! Malwarebyes Anti-Malware has recently started to block this IP: 94.102.56.231 This IP keeps showing again and again pretty often while I am browsing around the web or even when I am not using my PC. (Desktop idle, no applications running) Shows as this: Detection, 4/21/2015 9:28:36 PM, SYSTEM, , Protection, Malicious Website Protection, IP, 94.102.56.231, 0, Inbound, (I've removed my system name from the above line) Can you please check this IP and do some sort of research on it? Is it false or not? 94.102.56.231#sthash.N3U1Md2y.dpuf94.102.56.231#sthash.N3U1Md2y.dpuf
  11. I have this environment: - router with firewall enabled. SPI is not enabled. I enabled it after the fact. - host machine running Windows 7 SP1 x64. Firewall set to reject all inbound connections on all profiles (public, private and domain) as I don't transfer data between PCs. - guest OS Windows XP SP3 running in Virtualbox connected via NAT interface. No ports open in virtual NAT; - vm firewall also set to ignore exceptions. Virtual machine is in place to run somewhat risky applications in an attempt to keep my system clean: - Cool TV Online app is a Sopcast based TV online app. So it is P2P based. It also displays ads from adcash in pop-up everytime you click on something; - Hola Better Internet VPN extension for Firefox. Another P2P based app. Because both programs are P2P based I am expecting to see outbound connections blocked at host level on Virtualbox.exe which by way it happens sometimes, but inbound connections. This is odd, I'd like someone to explain me how this is possible. The alerts are not frequent, there are days when they don't happen. It mostly depends on how long either of them are running. I have some wild guesses about how this can happen, but I'd like a professional explanation: - Server to which I was connected informed of an IP change; that new IP is flagged as malicious in MBAM db; - Server #1 requested that Server #2 to take over (This is a P2P connection, so take overs seams to happen a lot), Server #2 IP is flagged as malicious so it wasn't allowed to check if I am still online. protection-log.txt
  12. Hello, Im very new to this software so please forgive me, but im constantly recieving "Malicious Website Blocked" notifications one after the other. Here are the details: The Type is Inbound The proccess is C:\Windows\System32\svchost.exe The IP address is 187.217.198.114 The port is 52150 These details are the same everytime. I have disconnect myself from the internet, stopped MBAM, ran MBAR as administrator then re-enabled everything. Everything is coming back clean though? Any ideas?
  13. Getting inbound/outbound detections for a couple of IP addresses. All within the last two days. These show as being from China: Detection, 9/20/2014 7:18:48 PM, SYSTEM, MY-VAIO, Protection, Malicious Website Protection, IP, 218.9.30.102, 50427, Inbound, C:\Windows\System32\svchost.exe, Detection, 9/20/2014 7:18:48 PM, SYSTEM, MY-VAIO, Protection, Malicious Website Protection, IP, 218.9.30.102, 50427, Outbound, C:\Windows\System32\svchost.exe, Outbound Detection for an this IP. Shows from Egypt: Detection, 9/19/2014 11:43:50 AM, SYSTEM, MY-VAIO, Protection, Malicious Website Protection, IP, 41.35.122.179, 60852, Outbound, C:\Windows\System32\svchost.exe All were blocked but wondered if there was anything to be concerned about (especially if they are outbound) like a trojan or anything malicious? Also, have a Comcast (Cisco) Wireless Gateway so don't know if I can block these individual ports or is that kine of useless anyway?Thanks!
  14. Getting inbound/outbound detections for a couple of IP addresses. All within the last two days. These show as being from China: Detection, 9/20/2014 7:18:48 PM, SYSTEM, MY-VAIO, Protection, Malicious Website Protection, IP, 218.9.30.102, 50427, Inbound, C:\Windows\System32\svchost.exe, Detection, 9/20/2014 7:18:48 PM, SYSTEM, MY-VAIO, Protection, Malicious Website Protection, IP, 218.9.30.102, 50427, Outbound, C:\Windows\System32\svchost.exe, Outbound Detection for an this IP. Shows from Egypt: Detection, 9/19/2014 11:43:50 AM, SYSTEM, MY-VAIO, Protection, Malicious Website Protection, IP, 41.35.122.179, 60852, Outbound, C:\Windows\System32\svchost.exe All were blocked but wondered if there was anything to be concerned about (especially if they are outbound) like a trojan or anything malicious? Also, have a Comcast (Cisco) Wireless Gateway so don't know if I can block these individual ports or is that kine of useless anyway?Thanks!
  15. Hello ! Introduction: My name's Cristian and I'm new to the forum and also new to Malwarebytes. I've recently installed Malwarebytes because I noticed that there are some processes eating up my CPU in Task Mananger and thought that I am most certainly virused. (I was right) I had no other option but to try Malwarebyes - a friend recommended it to me. Here's the problem: I've installed Malywarebytes Free. Checked almost all boxes to make sure it searches everywhere. Finally after an hour of scanning it found 3 viruses and added them to quarantine. Copy from the scan log: Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 2 Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SVKP, , [2e6b80499fdc1f1731dbc42950b3f50b], PUP.Optional.Softonic.A, HKU\S-1-5-21-1547161642-484763869-1343024091-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [f9a0be0b9be01c1aae0ea574c0436d93], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 Trojan.Agent, C:\WINDOWS\system32\SVKP.sys, , [2e6b80499fdc1f1731dbc42950b3f50b], Physical Sectors: 0 (No malicious items detected) After adding these 3 viruses to quarantine, I restarted my PC (Malwarebytes told me to restart). The problem is that I am not sure if I am done with those viruses and if there are others which Malwarebytes did NOT detect during the full scan. After the PC restarted I left my PC alone for like 30 minutes, no applications were running, only empty desktop with desktop icons. After some minutes Malwarebytes detected and it said that blocked these IPs: Protection, 9/9/2014 8:59:18 PM, SYSTEM, EAGLE, Protection, Malicious Website Protection, Starting, Protection, 9/9/2014 9:00:08 PM, SYSTEM, EAGLE, Protection, Malicious Website Protection, Started, Detection, 9/9/2014 9:25:12 PM, SYSTEM, EAGLE, Protection, Malicious Website Protection, IP, 89.248.171.34, 0, Inbound, Protection, 9/9/2014 9:51:16 PM, SYSTEM, EAGLE, Protection, Malicious Website Protection, Stopping, Protection, 9/9/2014 9:51:16 PM, SYSTEM, EAGLE, Protection, Malicious Website Protection, Stopped, Protection, 9/9/2014 9:51:16 PM, SYSTEM, EAGLE, Protection, Malicious Website Protection, Starting, Protection, 9/9/2014 9:51:45 PM, SYSTEM, EAGLE, Protection, Malicious Website Protection, Started, Detection, 9/9/2014 10:04:31 PM, SYSTEM, EAGLE, Protection, Malicious Website Protection, IP, 46.246.111.77, 0, Inbound, Detection, 9/9/2014 10:18:15 PM, SYSTEM, EAGLE, Protection, Malicious Website Protection, IP, 93.174.93.51, 0, Inbound, I don't know whether I am being attacked or what is happening. Can someone from Malwarebytes check these IPs? I don't know what is going on. Please help me with these IPs. These are the only IPs that have been blocked until now. Help would be very appreciated ! Thank you Cristian.
  16. Hello there, While using the newest MBAM Pro version I keep getting warnings and log files like "Malicious Website Protection IP, 219.146.8.78, 5060 Inbound, C:\Windows\System32\svchost.exe." The IP addresses and ports are changing. I made scans with Norton Antivirus, MBAM, and many adware/junkware removal tools but only tracking cookies were found. I even checked with regedit the names of all of the about 110 services that could be hosted by svchost.exe, and all of them were genuine Windows services. Finally I decided to restore my laptop totally to factory settings and reinstall all the programmes. After restoring to factory settings I first updated Windows 7, installed Norton Antivirus, and MS Silverlight that was needed for watching the help video. Then I installed MBAM 2.0 and Adobe Reader X. I made a new user account and enabled Guest account, too. Then, before starting to reinstall more programs, I took a look at MBAM History and there it was again: "Malicious Website Protection IP, 195.39.196.50, 22 Inbound, C:\Windows\System32\svchost.exe." What could this be all about? Please, note. Before writing to you I had to reinstall MS Office, too, to get my email working. Then I made a new FRST scan. Unfortunately I first deleted the first logs and it appeared that the additional log cannot be made again. So, please find the FRST.txt log attached only because it is all I have.. FRST.txt Regards, Hannu
  17. I haven't had MalwareBytes on forever, but I recently activated the free trial and have been getting constant pop-ups informing of certain IP addresses (mostly from China) being blocked. The connection is inbound and the process used is svchost.exe Here are a few of the logs from MalwareBytes: Protection, 6/26/2014 9:56:28 PM, SYSTEM, MO, Protection, Malware Protection, Starting, Protection, 6/26/2014 9:56:28 PM, SYSTEM, MO, Protection, Malware Protection, Started, Protection, 6/26/2014 9:56:28 PM, SYSTEM, MO, Protection, Malicious Website Protection, Starting, Protection, 6/26/2014 9:56:56 PM, SYSTEM, MO, Protection, Malicious Website Protection, Started, Detection, 6/26/2014 10:04:15 PM, SYSTEM, MO, Protection, Malicious Website Protection, IP, 85.234.173.195, 64932, Inbound, C:\Windows\System32\svchost.exe, Detection, 6/26/2014 10:04:15 PM, SYSTEM, MO, Protection, Malicious Website Protection, IP, 85.234.173.195, 64932, Inbound, C:\Windows\System32\svchost.exe, Detection, 6/26/2014 10:10:58 PM, SYSTEM, MO, Protection, Malicious Website Protection, IP, 222.186.19.3, 64932, Inbound, C:\Windows\System32\svchost.exe, Detection, 6/26/2014 10:10:58 PM, SYSTEM, MO, Protection, Malicious Website Protection, IP, 222.186.19.3, 64932, Inbound, C:\Windows\System32\svchost.exe, Detection, 6/26/2014 10:18:04 PM, SYSTEM, MO, Protection, Malicious Website Protection, IP, 81.198.148.128, 64932, Inbound, C:\Windows\System32\svchost.exe, Detection, 6/26/2014 10:18:04 PM, SYSTEM, MO, Protection, Malicious Website Protection, IP, 81.198.148.128, 64932, Inbound, C:\Windows\System32\svchost.exe, Detection, 6/26/2014 10:19:19 PM, SYSTEM, MO, Protection, Malicious Website Protection, IP, 220.248.169.189, 64932, Inbound, C:\Windows\System32\svchost.exe, Detection, 6/26/2014 10:19:19 PM, SYSTEM, MO, Protection, Malicious Website Protection, IP, 220.248.169.189, 64932, Inbound, C:\Windows\System32\svchost.exe, (end)I'm not sure how long I've had this going on for, but everything runs normal. Any idea on what might be causing this and how I can find out what is the source? Rootkit scans via MalwareBytes Anti-Rootkit and Kaspersky TDSS both came back clean. MalwareBytes Anti-Malware also came back clean. I just want to make sure that it is nothing serious. Please let me know what further information is necessary and what the next step is. Thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.