Abnormal amount of IP Blocking

[mewnlite]

I've had the paid version of MBAM like forever. Maybe once or twice a Week I'll get a popup that an IP was blocked. I rarely run any torrents. The times that I do, I'll notice an increase in blocking activity. I haven't run any at all for several weeks.

Starting yesterday for no apparent reason, MBAM started blocking IP's right and left. It'll block a whole bunch of them back to back, and then rest for a while. Here's a log from the time since I rebooted last night about 1 AM.

-----------------------------------------------------------------------------------------------------------------------------

2012/04/05 00:52:24 -0500 MOHAWK MESSAGE Starting protection

2012/04/05 00:52:31 -0500 MOHAWK MESSAGE Protection started successfully

2012/04/05 00:52:34 -0500 MOHAWK MESSAGE Starting IP protection

2012/04/05 00:53:14 -0500 MOHAWK Ben MESSAGE IP Protection started successfully

2012/04/05 00:58:27 -0500 MOHAWK Ben IP-BLOCK 67.215.246.204 (Type: outgoing)

2012/04/05 00:58:30 -0500 MOHAWK Ben IP-BLOCK 67.215.246.204 (Type: outgoing)

2012/04/05 00:58:36 -0500 MOHAWK Ben IP-BLOCK 67.215.246.204 (Type: outgoing)

2012/04/05 01:08:24 -0500 MOHAWK Ben IP-BLOCK 212.117.178.202 (Type: incoming)

2012/04/05 01:25:46 -0500 MOHAWK Ben IP-BLOCK 121.125.244.115 (Type: outgoing)

2012/04/05 01:37:01 -0500 MOHAWK Ben IP-BLOCK 222.64.5.235 (Type: incoming)

2012/04/05 01:38:55 -0500 MOHAWK Ben IP-BLOCK 87.248.172.221 (Type: incoming)

2012/04/05 01:57:35 -0500 MOHAWK Ben IP-BLOCK 213.55.114.199 (Type: outgoing)

2012/04/05 02:02:35 -0500 MOHAWK Ben IP-BLOCK 87.248.172.221 (Type: incoming)

2012/04/05 02:11:18 -0500 MOHAWK Ben IP-BLOCK 188.130.177.6 (Type: incoming)

2012/04/05 02:43:04 -0500 MOHAWK Ben IP-BLOCK 58.240.199.169 (Type: outgoing)

2012/04/05 02:53:15 -0500 MOHAWK Ben IP-BLOCK 91.188.46.113 (Type: incoming)

2012/04/05 02:56:59 -0500 MOHAWK Ben IP-BLOCK 58.240.74.235 (Type: outgoing)

2012/04/05 02:57:03 -0500 MOHAWK Ben IP-BLOCK 89.28.45.214 (Type: outgoing)

2012/04/05 02:58:18 -0500 MOHAWK Ben IP-BLOCK 188.124.31.60 (Type: outgoing)

2012/04/05 02:58:19 -0500 MOHAWK Ben IP-BLOCK 89.28.61.225 (Type: outgoing)

2012/04/05 03:07:15 -0500 MOHAWK Ben IP-BLOCK 195.161.7.7 (Type: incoming)

2012/04/05 03:20:43 -0500 MOHAWK Ben IP-BLOCK 222.65.244.44 (Type: incoming)

2012/04/05 03:26:56 -0500 MOHAWK Ben IP-BLOCK 79.135.150.78 (Type: outgoing)

2012/04/05 03:35:08 -0500 MOHAWK Ben IP-BLOCK 89.28.121.186 (Type: incoming)

2012/04/05 03:57:38 -0500 MOHAWK Ben IP-BLOCK 218.8.10.31 (Type: outgoing)

2012/04/05 03:57:38 -0500 MOHAWK Ben IP-BLOCK 58.241.214.65 (Type: outgoing)

2012/04/05 03:58:53 -0500 MOHAWK Ben IP-BLOCK 222.71.134.249 (Type: incoming)

2012/04/05 04:11:10 -0500 MOHAWK Ben IP-BLOCK 87.248.172.221 (Type: incoming)

2012/04/05 04:12:15 -0500 MOHAWK Ben IP-BLOCK 195.161.7.29 (Type: outgoing)

2012/04/05 04:16:34 -0500 MOHAWK Ben IP-BLOCK 188.130.177.2 (Type: incoming)

2012/04/05 04:19:00 -0500 MOHAWK Ben IP-BLOCK 188.243.231.43 (Type: incoming)

2012/04/05 04:34:03 -0500 MOHAWK Ben IP-BLOCK 87.248.172.221 (Type: incoming)

2012/04/05 04:35:24 -0500 MOHAWK Ben IP-BLOCK 58.240.230.98 (Type: incoming)

2012/04/05 04:43:32 -0500 MOHAWK Ben IP-BLOCK 89.28.54.135 (Type: incoming)

2012/04/05 04:43:34 -0500 MOHAWK Ben IP-BLOCK 93.174.89.185 (Type: outgoing)

2012/04/05 04:51:18 -0500 MOHAWK Ben IP-BLOCK 213.55.114.199 (Type: incoming)

2012/04/05 04:52:03 -0500 MOHAWK Ben IP-BLOCK 98.142.251.24 (Type: incoming)

2012/04/05 04:55:59 -0500 MOHAWK Ben IP-BLOCK 87.248.172.221 (Type: incoming)

2012/04/05 04:57:49 -0500 MOHAWK Ben IP-BLOCK 89.28.101.38 (Type: incoming)

2012/04/05 05:05:58 -0500 MOHAWK Ben IP-BLOCK 58.240.39.205 (Type: incoming)

2012/04/05 05:12:49 -0500 MOHAWK Ben IP-BLOCK 58.240.189.22 (Type: outgoing)

2012/04/05 05:19:20 -0500 MOHAWK Ben IP-BLOCK 58.240.74.236 (Type: incoming)

2012/04/05 05:22:07 -0500 MOHAWK Ben IP-BLOCK 58.240.39.111 (Type: incoming)

2012/04/05 05:24:12 -0500 MOHAWK Ben IP-BLOCK 222.186.94.121 (Type: incoming)

2012/04/05 05:28:54 -0500 MOHAWK Ben IP-BLOCK 218.8.26.235 (Type: incoming)

2012/04/05 05:30:38 -0500 MOHAWK Ben IP-BLOCK 77.78.213.199 (Type: outgoing)

2012/04/05 05:34:25 -0500 MOHAWK Ben IP-BLOCK 194.165.0.6 (Type: incoming)

2012/04/05 05:39:36 -0500 MOHAWK Ben IP-BLOCK 87.248.172.221 (Type: incoming)

2012/04/05 05:39:53 -0500 MOHAWK Ben IP-BLOCK 87.248.190.121 (Type: incoming)

2012/04/05 05:48:03 -0500 MOHAWK Ben IP-BLOCK 89.28.104.30 (Type: incoming)

2012/04/05 06:11:18 -0500 MOHAWK Ben IP-BLOCK 89.28.103.11 (Type: incoming)

2012/04/05 06:29:17 -0500 MOHAWK Ben IP-BLOCK 213.55.114.199 (Type: outgoing)

2012/04/05 06:37:50 -0500 MOHAWK Ben IP-BLOCK 222.65.95.69 (Type: incoming)

2012/04/05 06:38:18 -0500 MOHAWK Ben IP-BLOCK 213.182.204.136 (Type: incoming)

2012/04/05 06:44:19 -0500 MOHAWK Ben IP-BLOCK 89.28.121.31 (Type: outgoing)

2012/04/05 06:48:59 -0500 MOHAWK Ben IP-BLOCK 87.248.172.221 (Type: incoming)

2012/04/05 06:52:16 -0500 MOHAWK Ben IP-BLOCK 212.113.47.219 (Type: incoming)

2012/04/05 06:55:13 -0500 MOHAWK Ben IP-BLOCK 222.71.201.145 (Type: incoming)

2012/04/05 06:59:05 -0500 MOHAWK Ben IP-BLOCK 222.65.164.207 (Type: outgoing)

2012/04/05 07:10:09 -0500 MOHAWK Ben IP-BLOCK 87.248.172.221 (Type: incoming)

2012/04/05 07:15:19 -0500 MOHAWK Ben IP-BLOCK 222.71.201.145 (Type: incoming)

2012/04/05 07:15:35 -0500 MOHAWK Ben IP-BLOCK 58.241.131.202 (Type: outgoing)

2012/04/05 07:17:46 -0500 MOHAWK Ben IP-BLOCK 121.10.234.120 (Type: incoming)

2012/04/05 07:27:59 -0500 MOHAWK Ben IP-BLOCK 89.28.28.121 (Type: outgoing)

2012/04/05 07:30:39 -0500 MOHAWK Ben IP-BLOCK 87.248.172.221 (Type: incoming)

2012/04/05 07:44:08 -0500 MOHAWK Ben IP-BLOCK 222.71.32.94 (Type: incoming)

2012/04/05 07:46:56 -0500 MOHAWK Ben IP-BLOCK 219.153.97.168 (Type: incoming)

2012/04/05 07:51:48 -0500 MOHAWK Ben IP-BLOCK 58.241.123.4 (Type: incoming)

2012/04/05 07:55:28 -0500 MOHAWK Ben IP-BLOCK 87.248.172.221 (Type: incoming)

2012/04/05 08:12:44 -0500 MOHAWK Ben IP-BLOCK 222.71.67.121 (Type: incoming)

2012/04/05 08:45:00 -0500 MOHAWK Ben IP-BLOCK 218.8.166.111 (Type: outgoing)

2012/04/05 08:45:54 -0500 MOHAWK Ben IP-BLOCK 89.28.22.187 (Type: incoming)

2012/04/05 08:46:04 -0500 MOHAWK Ben IP-BLOCK 83.128.87.173 (Type: outgoing)

2012/04/05 08:48:49 -0500 MOHAWK Ben IP-BLOCK 83.128.125.18 (Type: incoming)

2012/04/05 08:53:20 -0500 MOHAWK Ben IP-BLOCK 89.28.54.138 (Type: incoming)

2012/04/05 09:06:12 -0500 MOHAWK Ben IP-BLOCK 87.248.172.221 (Type: incoming)

2012/04/05 09:10:04 -0500 MOHAWK Ben IP-BLOCK 195.78.123.17 (Type: incoming)

2012/04/05 09:19:58 -0500 MOHAWK Ben IP-BLOCK 58.240.255.85 (Type: incoming)

2012/04/05 09:22:38 -0500 MOHAWK Ben IP-BLOCK 124.125.251.41 (Type: incoming)

2012/04/05 09:30:34 -0500 MOHAWK Ben IP-BLOCK 87.248.172.221 (Type: incoming)

2012/04/05 09:48:03 -0500 MOHAWK Ben IP-BLOCK 89.28.33.204 (Type: incoming)

2012/04/05 09:48:28 -0500 MOHAWK Ben IP-BLOCK 222.65.158.109 (Type: incoming)

2012/04/05 09:52:26 -0500 MOHAWK Ben IP-BLOCK 58.241.123.4 (Type: incoming)

-----------------------------------------------------------------------------------------------------------------------

So why the sudden increase?

I run XP Pro SP3 with free Avira and Malwarebyte's real time protection. I haven't done a full scan with either for a while, but when I do I never come up with anything. I am not having any symptoms of anything being awry.

Thanks for any insight.

[Firefox]

Hello and welcome to MBAM:

IP blocks can indicate that MBAM is doing its job of blocking bad content on websites.

They can also occur when running certain P2P and other programs, such as Skype. Also since you mentioned you run torrents, this will cause this as well.

For example, please see this recent post by forum Admin AdvancedSetup about IP blocks and Skype.

See this post explaining the issue from a SKYPE support member regarding IP alerts:

http://forums.malwarebytes.org/index.php?showtopic=83655&view=findpost&p=424248

Until SKYPE is fully uninstalled, these will continue to appear. However there should not be any reduced functionality in SKYPE.

In some cases the blocks are a false positive.

However, they can also be a sign of infection, especially if the blocks are outgoing and they occur when no browsers are open.

There is more information about the IP blocking module in the FAQ - Section G.

It includes instructions on how to set MBAM to ignore a particular IP, if you wish to do so.

It also contains instructions on how to determine what process might be trying to make the connections.

And you may also research the IP in question at www.ip-lookup.net or a similar site.

On the other hand, if you think the IP blocks might be a false positive, then please read this article before starting a new topic in the False Positives forum.

Alternatively, if you think you might be infected, based on the IP blocks and/or other suspicious computer behavior, then please read the following to begin the cleaning process.

• Please print out, read and carefully follow the instructions in the "I'm Infected - What Do I Do Now?" article.
  
• If the infection has so crippled the computer that you cannot complete some or all of the steps, then just do the best you can and start a new topic as described below.
  

• Then please start a new post in the Malware Removal forum.
  
• When starting your new post, please note the following:
  
• Please do NOT post in a topic started by someone else, even if their problem sounds similar.
  
• Please COPY/PASTE the requested logs into your post, rather than attaching them.
  
• Under options, please be sure to select "track this topic" and "immediate email notification", so you'll know when a helper responds.
  

• An authorized, trained malware expert will provide free, one-on-one assistance as soon as one becomes available.
  

• Please be patient - it may be 48 hours or more before a helper can assist you, especially when the forum is very busy.
  
• Please do NOT "bump" your topic or reply back to it for at least 48 hours.
  
• Doing so may cause your topic to be overlooked, as it will appear that you are already being helped.
  

Please be patient - someone will assist you as soon as possible.

Thanks!

[mewnlite]

Since I posted, I happened to notice that BitComet was running in my task manager.

It was *not* showing the the system tray as it usually does when I'm knowingly running it (which is rarely.)

I then checked msconfig and discovered it had been added to my startup list.

Anyway, I killed it and the problem went away. I wish I'd caught that before I posted!

Thanks for the reply.

[Firefox]

You are quite welcome, I appreciate the follow-up to let me know everything is working well for you.

If you have any other questions or issues arise in the future please do not hesitate to create a new topic describing your issue in detail. A friendly forum helper will be glad to assist you.

Thank you very much!