A ton of outgoing ip's being blocked.

[clayton128]

I keep getting ip ... was blocked, the ip as well as the port differs daily. It doesn't say a process in the logs btw.

Today.

2012/08/24 16:30:31 -0700 REDDITMACHINE Clayton IP-BLOCK 60.190.222.187 (Type: outgoing, Port: 55475, Process: chrome.exe)

2012/08/24 16:36:34 -0700 REDDITMACHINE Clayton IP-BLOCK 60.190.222.187 (Type: outgoing, Port: 8)

2012/08/24 16:36:34 -0700 REDDITMACHINE Clayton IP-BLOCK 60.190.222.187 (Type: outgoing, Port: 8)

2012/08/24 16:36:34 -0700 REDDITMACHINE Clayton IP-BLOCK 60.190.222.187 (Type: outgoing, Port: 8)

2012/08/24 16:36:34 -0700 REDDITMACHINE Clayton IP-BLOCK 60.190.222.187 (Type: outgoing, Port: 8)

2012/08/24 16:49:44 -0700 REDDITMACHINE Clayton IP-BLOCK 199.21.148.89 (Type: outgoing, Port: 56172, Process: chrome.exe)

2012/08/24 16:49:44 -0700 REDDITMACHINE Clayton IP-BLOCK 199.21.148.89 (Type: outgoing, Port: 56173, Process: chrome.exe)

2012/08/24 16:49:44 -0700 REDDITMACHINE Clayton IP-BLOCK 199.21.148.89 (Type: outgoing, Port: 56174, Process: chrome.exe)

yesturday

2012/08/22 22:05:56 -0700 REDDITMACHINE Clayton IP-BLOCK 199.21.148.89 (Type: outgoing, Port: 56059, Process: chrome.exe)

2012/08/22 22:05:56 -0700 REDDITMACHINE Clayton IP-BLOCK 199.21.148.98 (Type: outgoing, Port: 56060, Process: chrome.exe)

2012/08/22 22:05:56 -0700 REDDITMACHINE Clayton IP-BLOCK 199.21.148.88 (Type: outgoing, Port: 56061, Process: chrome.exe)

2012/08/22 22:54:37 -0700 REDDITMACHINE Clayton IP-BLOCK 199.21.148.89 (Type: outgoing, Port: 57001, Process: chrome.exe)

2012/08/22 22:54:37 -0700 REDDITMACHINE Clayton IP-BLOCK 199.21.148.89 (Type: outgoing, Port: 57002, Process: chrome.exe)

2012/08/22 22:54:37 -0700 REDDITMACHINE Clayton IP-BLOCK 199.21.148.89 (Type: outgoing, Port: 57003, Process: chrome.exe)

2012/08/22 23:58:20 -0700 REDDITMACHINE Clayton IP-BLOCK 199.21.148.89 (Type: outgoing, Port: 58307, Process: chrome.exe)

a few days ago.

2012/08/19 00:46:08 -0700 REDDITMACHINE Clayton IP-BLOCK 98.142.249.216 (Type: outgoing, Port: 39926, Process: utorrent.exe)

2012/08/19 01:44:21 -0700 REDDITMACHINE Clayton IP-BLOCK 146.185.18.98 (Type: incoming, Port: 39926, Process: utorrent.exe)

2012/08/19 02:15:09 -0700 REDDITMACHINE Clayton IP-BLOCK 89.28.47.163 (Type: outgoing, Port: 39926, Process: utorrent.exe)

2012/08/19 02:32:05 -0700 REDDITMACHINE Clayton IP-BLOCK 222.65.215.90 (Type: outgoing, Port: 39926, Process: utorrent.exe)

2012/08/19 02:32:46 -0700 REDDITMACHINE Clayton IP-BLOCK 212.117.183.19 (Type: outgoing, Port: 39926, Process: utorrent.exe)

[clayton128]

Oh yeah, i scanned many times with different av's and nothing ever comes up.

[daledoc1]

Hello and welcome to MBAM forum, clayton128:

IP blocks can indicate a number of things:

• They could indicate that MBAM is doing its job of blocking bad content on websites.
  

• -->They can also occur when running Skype and certain P2P programs, such as torrents.. For example, please see this help desk topic about Skype and this one about P2P.
  

• In some cases the blocks are a false positive.
  

• However, they can also be a sign of infection, especially if the blocks are outgoing and they occur when no browsers are open.
  

--> There is more information about the IP blocking module in the FAQ - Section G (and in the Helpdesk topics HERE and HERE).

They also contain instructions on how to determine what process might be trying to make the connections.

You may also research the IP in question at www.ip-lookup.net or a similar site.

On the other hand, if you think the IP blocks might be a false positive, then please read this article before starting a new topic in the False Positives forum.

Alternatively, if you think you might be infected, based on the IP blocks and/or other suspicious computer behavior, then please read the following to begin the cleaning process.

---> Given that some of your blocks do not have a known process associated with them and the IPs are located in China, I'd strongly suggest you have one of the malware experts take a look.

• Please print out, read and carefully follow the instructions in the "I'm Infected - What Do I Do Now?" article.
  
• Then please start a new post in the Malware Removal forum.
  
• An authorized, trained malware expert will provide free, one-on-one assistance as soon as one becomes available.
  

• Please be patient - it may be 48 hours or more before a helper can assist you, especially when the forum is very busy.
  
• Please do NOT "bump" your topic or reply back to it for at least 48 hours.
  
• Doing so may cause your topic to be overlooked, as it will appear that you are already being helped.
  

Please be patient - someone will assist you as soon as possible.

Thanks!

daledoc1