Jump to content

ip-block 67.213.222.18 type: incoming


Recommended Posts

My Malwarebytes has been blocking many attempts to access harmful websites for incoming requests via svchost.exe. Here's an example from the log file:

2012/04/28 00:09:18 -0600 BETHANDKEN Beth and Ken MESSAGE Executing scheduled update: Flash Scan | Daily

2012/04/28 00:09:28 -0600 BETHANDKEN Beth and Ken MESSAGE Scheduled update executed successfully: database updated from version v2012.04.27.02 to version v2012.04.28.01

2012/04/28 00:09:28 -0600 BETHANDKEN Beth and Ken MESSAGE Starting database refresh

2012/04/28 00:09:28 -0600 BETHANDKEN Beth and Ken MESSAGE Stopping IP protection

2012/04/28 00:09:28 -0600 BETHANDKEN Beth and Ken MESSAGE IP Protection stopped

2012/04/28 00:09:31 -0600 BETHANDKEN Beth and Ken MESSAGE Executing scheduled scan: Flash Scan | -terminate

2012/04/28 00:09:31 -0600 BETHANDKEN Beth and Ken MESSAGE Scheduled scan executed successfully

2012/04/28 00:09:32 -0600 BETHANDKEN Beth and Ken MESSAGE Database refreshed successfully

2012/04/28 00:09:32 -0600 BETHANDKEN Beth and Ken MESSAGE Starting IP protection

2012/04/28 00:09:34 -0600 BETHANDKEN Beth and Ken MESSAGE IP Protection started successfully

2012/04/28 01:58:27 -0600 BETHANDKEN Beth and Ken IP-BLOCK 67.43.237.147 (Type: incoming)

2012/04/28 02:32:49 -0600 BETHANDKEN Beth and Ken IP-BLOCK 213.186.119.82 (Type: incoming)

2012/04/28 07:11:56 -0600 BETHANDKEN Beth and Ken IP-BLOCK 219.152.120.21 (Type: incoming)

2012/04/28 11:14:15 -0600 BETHANDKEN Beth and Ken IP-BLOCK 67.213.222.18 (Type: incoming)

2012/04/28 11:15:19 -0600 BETHANDKEN Beth and Ken IP-BLOCK 67.213.222.18 (Type: incoming)

2012/04/28 11:16:23 -0600 BETHANDKEN Beth and Ken IP-BLOCK 67.213.222.18 (Type: incoming)

2012/04/28 11:17:27 -0600 BETHANDKEN Beth and Ken IP-BLOCK 67.213.222.18 (Type: incoming)

2012/04/28 11:18:31 -0600 BETHANDKEN Beth and Ken IP-BLOCK 67.213.222.18 (Type: incoming)

2012/04/28 11:19:35 -0600 BETHANDKEN Beth and Ken IP-BLOCK 67.213.222.18 (Type: incoming)

(the one outgoing listed above was I believe from an add on some website or something. All of the incoming requests are the more curious requests)

This has been going on since November 2011. A scan with Malwarebytes, TDSKiller, and ComboFix turns up nothing. I am not seeing any spikes in memory or CPU usage. This is my personal home PC running XPPro with all the latest updates and service packs. The boot time is a little long (but this machine has a lot of applications) and it seems to be running okay. I even had our contract IT guru from work check it out/clean it up and I still keep gettting these messages. I am not sure if I am safe or not. Are there any known fixes other than a system rebuild?

Many thanks

Link to post
Share on other sites

Hello Ken and welcome to MalwareBytes forums.

It is not un-expected that the bad guys are probing (not only you but just everywhere) for vulnerable systems. That is expected and you can't stop it. Just harden your defenses.

I assume your system is clean (you noted that your IT guru checked this system).

Tighten/harden your defenses.

If you have high-speed internet, use a hardware router between your incoming internet and your pc. A modern hardware router will do a great deal to mitigate these incoming "probes".

As to the " incoming block messages" from MBAM, they indicate MBAM is doing it's job to bar known bad IPs.

Apply these other measures. These will give some added layers for your web-surfing.

HTH

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.