Jump to content

This IP gets blocked every single day...


Recommended Posts

Hello, i have been using malwarebyes and norton for a long time. For many days now this ip have been getting blocked (loggs):

2012/12/25 15:47:24 +0100 ALEKSANDER-PC Aleksander MESSAGE Starting protection

2012/12/25 15:47:24 +0100 ALEKSANDER-PC Aleksander MESSAGE Protection started successfully

2012/12/25 15:47:24 +0100 ALEKSANDER-PC Aleksander MESSAGE Starting IP protection

2012/12/25 15:47:26 +0100 ALEKSANDER-PC Aleksander MESSAGE IP Protection started successfully

2012/12/25 16:02:31 +0100 ALEKSANDER-PC Aleksander IP-BLOCK 82.208.40.8 (Type: outgoing, Port: 49818, Process: ccsvchst.exe)

2012/12/25 16:19:11 +0100 ALEKSANDER-PC Aleksander IP-BLOCK 82.208.40.8 (Type: outgoing, Port: 50263, Process: ccsvchst.exe)

2012/12/25 16:26:34 +0100 ALEKSANDER-PC Aleksander IP-BLOCK 82.208.40.8 (Type: outgoing, Port: 50639, Process: ccsvchst.exe)

Anoyone have any idea what the ip "82.208.40.8" is used for and why its outgoing? i have done a full scan with malwarebytes and norton whitout any results.. (except tracking cookies).apperantly the ip is known as many things "ns1.dns-domainserver.com --> mx2.dns-domainserver.com --> 82.208.40.8". Its not blacklisted anywhere so i do not even know why malwarebytes has it blacklsited?

Link to post
Share on other sites

I have reason to belive the server is not a norton update server, as stated by their support "We are not able to verify thats a norton server just by looking at the IP"

I tried to check the certificate of the norton program (ccsvchst.exe) its valid... however i tested another program i know the certificate is expired on for two years ago, thats too valid? maybe im wrong, but i do not think the computer should count it as valid when its 2 year after it has expired.

Maybe the norton framework is infected and the virus has hidden itself by making all invalid certificates valid?

i do not see any indication that i am infected, nor do i see anything when i scan... this is all just strange.

Heres a pic or the "expired" certificate: http://i.imgur.com/VqIa2.png

(sorry for it not being in english, no easy way to change Windows language)

Link to post
Share on other sites

  • Root Admin

Well it certainly does not have an obvious Norton system linked to it or an obvious Content Delivery Network

IP address: 82.208.40.8

Host name: mx2.dns-domainserver.com

Alias: ns2.dns-domainserver.com

82.208.40.8 is from Czech Republic(CZ) in region Eastern Europe

Netcom Limited

CZ

Casablanca INT

Vinohradska 184, Prague 3 - 130 52

I would follow the advice to either have one of the Experts assist you in the HJT forum or open a ticket on the Help Desk and have someone there assist you.

Thank you.

post-2065-0-37752500-1357039372.jpg

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.