Jump to content

Search the Community

Showing results for tags 'moldova'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 3 results

  1. I discovered about 2-4 IP addresses in Web Exclusions on each of my two desktops and laptop. I think they had been there for a long time because honestly I did not check this settings earlier. IP addresses were from Nigeria, India, Moldova, Netherlands. I removed them immediately. I contacted support who said they are there by user action on purpose or by accident. I have looked at forum and surfed.Others have had this problem. My impression is that nobody know for sure how this happens. One poster suggest it might be an inadvertent response clicking on the Malwarebytes popups notifying a block. I saw also Escatel mentioned by others which came up with me. There is no signs that my systems have been taken over or passwords changed. I check Web Exclusions now several times a day over last week and no new IP addresses have appeared. My virus software (Norton on my main desktop) and Malwarebytes is not picking up anything. I am not an expert and am a bit worried. It would be nice to know how this could have happened, because certainly I did not add these IP addresses myself deliberately ! My main concern though is whether the websites of the IP addresses in question could have been accessing my computers and spying or adding code. Am I correct that Malwarebytes itself would have picked up any malicious code from these sites when a threat scan is carried out. Also would the appearance of an IP address in my Web Exclusions allow it to bypass firewalls or evade detection by my other virus software. I would be grateful for any feedback. Thanks. OwenS
  2. Good Afternoon from Eastern Europe. I will eventually get to the introduction forum but I have a more serious issue to deal with. Last night I noticed an *Allowed* IP in the Web Exclusions section which I checked out using network tools online, it led to an IP address originating from Moldova. I also noticed that I was not able to update my MBAM. Right away I took the following steps. 1. Strong MBAM password for everything. 2. Looked at all settings, some were changed, changed them back to *paranoid level*, update every 1 hour, if missed 2, scan every day. 3. Allowed custom scans. Changed ALL passwords on computer, I do not keep email ones on a Win box, those stay on encrypted thumbies that only touch *nix, and I only access email via my *nix machine. 4. Ran a lot of scans AdwCleaner, TDSS, Combofix, MBAM, MSSE, checked my hosts file, working on my services list now, going to check my registery next, all those scans came up empty by the way. 5. But how was someone able to insert an *allowed IP* into my MBAM, this is what REALLY worries me, is this common, do they have kernel access, should I just wipe the OS and start fresh, 10+ passes with DBAN is not really an option here >> SSD << Can anyone please help me, I am at your mercy. Also welcome from Eastern Europe where we have DE on one side and Russia on the other and Ukraine below us I will make an introduction post as soon as this is settled, I am just VERY stressed right now as you can imagine. I am going to start up wireshark via *nix and see my traffic for any UPX, RST, etc etc. Forgot to mention, I have IE turned off for good, I use current version of Firefox with needed plugins to stop scripts, wont mention which for obvious reasons, but this is my work computer so I need it to be *safe* , win7_64_SP1. What worries me is that I would not notice any real slowdowns as it is an overclocked fx-8350 :/. But I normally run @ around 60 processes, too much I know, but I have not noticed any new additions, but I am keeping an eye.
  3. MBAM has been giving me notifications steadily all night that it was blocking an outgoing connection by svchost.exe to 89.28.97.15:54512. I decided to look it up and found that it was an ISP in Moldova, so now my spidey sense is tingling. I've not been able to isolate the svchost instance yet but I'd be curious to know if I'm the only one getting blocks on this particular address/port. Thx.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.