Jump to content

Concerning matter.


Recommended Posts

Recently I had a redirect issue with my computer. When we'd click to go to certain known websites it would direct us other places. I did a system restore and scanned with Malwarebytes and that doesn't seem to be an issue anymore. However, Malwarebytes keeps saying that it has blocked a potentially harmful incoming intrusion. I looked up the IP and it says it's from China. However, after running more scans there are no results coming back. This intrusion will occur even if we aren't at the computer so it has flagged some concern on my end. Here's the log from the last block. Also, It never shows anything as outgoing.

2012/03/28 11:59:53 -0400 RAD MESSAGE Starting protection

2012/03/28 12:00:31 -0400 RAD Owner MESSAGE Protection started successfully

2012/03/28 12:00:34 -0400 RAD Owner MESSAGE Starting IP protection

2012/03/28 12:01:30 -0400 RAD Owner MESSAGE IP Protection started successfully

2012/03/28 12:01:57 -0400 RAD Owner MESSAGE Executing scheduled update: Daily

2012/03/28 12:03:14 -0400 RAD Owner MESSAGE Scheduled update executed successfully: database updated from version v2012.03.26.04 to version v2012.03.28.05

2012/03/28 12:03:14 -0400 RAD Owner MESSAGE Starting database refresh

2012/03/28 12:03:14 -0400 RAD Owner MESSAGE Stopping IP protection

2012/03/28 12:03:14 -0400 RAD Owner MESSAGE IP Protection stopped

2012/03/28 12:03:21 -0400 RAD Owner MESSAGE Database refreshed successfully

2012/03/28 12:03:21 -0400 RAD Owner MESSAGE Starting IP protection

2012/03/28 12:03:23 -0400 RAD Owner MESSAGE IP Protection started successfully

2012/03/28 13:20:07 -0400 RAD Owner IP-BLOCK 221.192.199.49 (Type: incoming)

Link to post
Share on other sites

Hello and welcome to the Malwarebytes support forum. Thank you for choosing Malwarebytes' Anti-Malware as your malware security solution, my name is Oscar Rubio and I'll be assisting you today.

Please click on the link below for more information on our IP Protection Module.

Section G

http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162100entry162100

Link to post
Share on other sites

Hello KingRad and welcome to the Malwarebytes forums!

If you had a redirect issue that you were able to resolve but you are still getting IP blocks that are NOT caused by you surfing the net and happen even when you are not using the computer then there is a chance that you are still infected.

If you think you are infected, here are the steps needed to get your computer cleaned....

Please read the following so that you can begin the cleaning process:

Don't use any temporary file cleaners unless requested - this can cause data loss and make recovery difficult

You have 3 Options that you can choose from as listed below:

  • Option 1 —— Free Expert advice in the Malware Removal Forum
  • Option 2 —— Paying customer -- Contact Support via email
  • Option 3 —— Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in the
General Malwarebytes Anti-Malware Forum
, you need to start a topic in the

Malware Removal forum
so a qualified helper can help you fix any malware related problems/infections you may have.

  • Please read and follow the
    , skipping any steps you are unable to complete.

  • After posting your new post, make sure under
    options
    , you select
    Track this topic
    and choose
    Immediate Email Notification
    ,

    so that you're alerted when someone has replied to your post.

NOTE:
Please do not post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies.

If you reply to your own post helpers may think that you're already being helped and thus overlook your post.
    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.

      Or

    • You may send a Private Message to a Moderator asking for assistance.


OPTION 2

Alternatively, as a paying customer, you can contact the help desk by filling out the form
.

OPTION 3

If you would like to use our
Malwarebytes Premium Services
, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our
support site.

Please be patient, someone will assist you as soon as possible.

PS: Please use the "Add Reply" Add-Reply.png button not the Reply button when you start replying.

Link to post
Share on other sites

Hello and welcome to MBAM:

Just to add to what orubio has already posted....

IP blocks can indicate that MBAM is doing its job of blocking bad content on websites.

They can also occur when running certain P2P and other programs, such as Skype.

For example, please see this recent post by forum Admin AdvancedSetup about IP blocks and Skype.

See this post explaining the issue from a SKYPE support member regarding IP alerts:

http://forums.malwarebytes.org/index.php?showtopic=83655&view=findpost&p=424248

Until SKYPE is fully uninstalled, these will continue to appear. However there should not be any reduced functionality in SKYPE.

In some cases the blocks are a false positive.

However, they can also be a sign of infection, especially if the blocks are outgoing and they occur when no browsers are open.

There is more information about the IP blocking module in the FAQ - Section G.

It includes instructions on how to set MBAM to ignore a particular IP, if you wish to do so.

It also contains instructions on how to determine what process might be trying to make the connections.

And you may also research the IP in question at www.ip-lookup.net or a similar site.

On the other hand, if you think the IP blocks might be a false positive, then please read this article before starting a new topic in the False Positives forum.

Alternatively, if you think you might be infected, based on the IP blocks and/or other suspicious computer behavior, then please read the following to begin the cleaning process.

  • Please print out, read and carefully follow the instructions in the "I'm Infected - What Do I Do Now?" article.
  • If the infection has so crippled the computer that you cannot complete some or all of the steps, then just do the best you can and start a new topic as described below.

  • Then please start a new post in the Malware Removal forum.
  • When starting your new post, please note the following:
  • Please do NOT post in a topic started by someone else, even if their problem sounds similar.
  • Please COPY/PASTE the requested logs into your post, rather than attaching them.
  • Under options, please be sure to select "track this topic" and "immediate email notification", so you'll know when a helper responds.

  • Please be patient - it may be 48 hours or more before a helper can assist you, especially when the forum is very busy.
  • Please do NOT "bump" your topic or reply back to it for at least 48 hours.
  • Doing so may cause your topic to be overlooked, as it will appear that you are already being helped.

Please be patient - someone will assist you as soon as possible.

Thanks!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.