Jump to content

Constantly Getting IP Blocks After An Update...


Recommended Posts

Hello to all and thanx for taking time to read and hopefully help we with my dilemna.

 

On 6-28 Malwarebytes had updated itself from version v2013.06.23.01 to v2013.06.28.06 and afterwards, I've been constantly being bombarded with pop ups from Malwarebytes relating to outgoing IP blocks from different ports.  Avast is being shown as the process but I've looked around in the forum for any related issues and had seen in another post where Avast wasn't the process but had actually made the block before Malwarebytes did and is now showing up as the process in the logs and pop ups.  Here's a snippet of the log where the update had occured and my problems begain.

 

2013/06/28 16:06:18 -0400    THE-SOURCE    D    MESSAGE    Executing scheduled update:  Daily
2013/06/28 16:06:38 -0400    THE-SOURCE    D    MESSAGE    Scheduled update executed successfully:  database updated from version v2013.06.23.01 to version v2013.06.28.06
2013/06/28 16:06:38 -0400    THE-SOURCE    D    MESSAGE    Starting database refresh
2013/06/28 16:06:38 -0400    THE-SOURCE    D    MESSAGE    Stopping IP protection
2013/06/28 16:06:39 -0400    THE-SOURCE    D    MESSAGE    IP Protection stopped successfully
2013/06/28 16:06:49 -0400    THE-SOURCE    D    MESSAGE    Database refreshed successfully
2013/06/28 16:06:49 -0400    THE-SOURCE    D    MESSAGE    Starting IP protection
2013/06/28 16:07:04 -0400    THE-SOURCE    D    MESSAGE    IP Protection started successfully
2013/06/28 16:07:12 -0400    THE-SOURCE    D    IP-BLOCK    111.111.111.111 (Type: outgoing, Port: 49220, Process: avastsvc.exe)
2013/06/28 16:07:12 -0400    THE-SOURCE    D    IP-BLOCK    111.111.111.111 (Type: outgoing, Port: 49365, Process: avastsvc.exe)
2013/06/28 16:07:13 -0400    THE-SOURCE    D    IP-BLOCK    111.111.111.111 (Type: outgoing, Port: 49366, Process: avastsvc.exe)
2013/06/28 16:07:13 -0400    THE-SOURCE    D    IP-BLOCK    111.111.111.111 (Type: outgoing, Port: 49239, Process: avastsvc.exe)
2013/06/28 16:07:13 -0400    THE-SOURCE    D    IP-BLOCK    111.111.111.111 (Type: outgoing, Port: 49376, Process: avastsvc.exe)
2013/06/28 16:07:21 -0400    THE-SOURCE    D    IP-BLOCK    111.111.111.111 (Type: outgoing, Port: 49417, Process: avastsvc.exe)
2013/06/28 16:07:21 -0400    THE-SOURCE    D    IP-BLOCK    111.111.111.111 (Type: outgoing, Port: 49480, Process: avastsvc.exe)
2013/06/28 16:07:29 -0400    THE-SOURCE    D    IP-BLOCK    111.111.111.111 (Type: outgoing, Port: 49491, Process: avastsvc.exe)
2013/06/28 16:08:09 -0400    THE-SOURCE    D    IP-BLOCK    111.111.111.111 (Type: outgoing, Port: 49870, Process: avastsvc.exe)
2013/06/28 16:08:09 -0400    THE-SOURCE    D    IP-BLOCK    111.111.111.111 (Type: outgoing, Port: 49871, Process: avastsvc.exe)
2013/06/28 16:09:06 -0400    THE-SOURCE    D    IP-BLOCK    111.111.111.111 (Type: outgoing, Port: 50436, Process: avastsvc.exe)
2013/06/28 16:09:06 -0400    THE-SOURCE    D    IP-BLOCK    111.111.111.111 (Type: outgoing, Port: 50437, Process: avastsvc.exe)
2013/06/28 16:10:10 -0400    THE-SOURCE    D    IP-BLOCK    111.111.111.111 (Type: outgoing, Port: 50832, Process: avastsvc.exe)
2013/06/28 16:10:10 -0400    THE-SOURCE    D    IP-BLOCK    111.111.111.111 (Type: outgoing, Port: 50833, Process: avastsvc.exe)
2013/06/28 16:10:43 -0400    THE-SOURCE    D    IP-BLOCK    111.111.111.111 (Type: outgoing, Port: 51100, Process: avastsvc.exe)

 

Any help with this will surely be appreciated.

Link to post
Share on other sites

Hello and :welcome:

IP blocks can indicate a number of things:

  • They could indicate that MBAM is doing its job of blocking bad content on websites.
  • In some cases the blocks are a false positive.
  • However, they can also be a sign of infection, especially if the blocks are outgoing and they occur when no browsers are open.
--> There is more information about the IP blocking module in the in the Help Desk topics HERE and HERE and HERE, and in the FAQ - Section G.

They also contain instructions on how to determine what process might be trying to make the connections.

You may also research the IP in question at www.ip-lookup.net or a similar site.

On the other hand, if you think the IP blocks might be a false positive, then please read this pinned topic before starting a new topic in the Website False Positives sub-forum.

Alternatively, if you think you might be infected, based on the IP blocks and/or other suspicious computer behavior, then please read the following for the available options to have a malware expert assist you with the cleaning process Available Assistance For Possibly Infected Computers.

Thanks!

Link to post
Share on other sites

Hello Wide Glide and thanks....  I've uninstalled Malwarebytes and re-installed it plus updated it and I'm still getting the same results.  I do have Utorrent installed but it is not running, I only get blocks concerning Utorrent while I'm using it.  I'll give Firefox's instructions a go and see what happens.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.