Jump to content
alwaysthinking

"Successfully blocked access to a potentially malicious website"?

Recommended Posts

The only items of possible concern are from Chrome outgoing. 

 

Please backup your bookmarks for Chrome and if you're using the online Sync disable it.

 

Then restart the computer and run the AdwCleaner, JRT, and MBAM with both PUP and PUM set to treat as malware and run them all.

Then restart the computer again and see if you still get an out going block or not and let me know.

Share this post


Link to post
Share on other sites

Files in quarantine are okay to leave there.  Typically I'd recommend leaving for at least a few days just to make sure none were removed as a false positive.

 

Please follow my last steps and post back the new logs when ready.

Share this post


Link to post
Share on other sites

Because if the issue remains we will be fully removing Chrome.

 

So how is the computer now?  Are  you still having any blocks or other signs of an infection?

Share this post


Link to post
Share on other sites

Here are the past 5 days' logs:

 

2014/04/27 02:12:58 -0500 TIM-PC Timothy IP-BLOCK 80.82.78.105 (Type: incoming, Port: 53, Process: svchost.exe)
2014/04/27 03:56:25 -0500 TIM-PC Timothy IP-BLOCK 222.186.56.18 (Type: incoming, Port: 8084, Process: svchost.exe)
2014/04/27 03:56:25 -0500 TIM-PC Timothy IP-BLOCK 222.186.56.18 (Type: incoming, Port: 8084, Process: svchost.exe)
2014/04/27 13:18:18 -0500 TIM-PC Timothy IP-BLOCK 80.82.78.105 (Type: incoming, Port: 53, Process: svchost.exe)
2014/04/27 15:54:54 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 29641, Process: svchost.exe)
2014/04/27 15:54:54 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 29641, Process: svchost.exe)
2014/04/27 16:45:01 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 25374, Process: svchost.exe)
2014/04/27 16:45:01 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 25374, Process: svchost.exe)
2014/04/27 17:02:55 -0500 TIM-PC Timothy IP-BLOCK 94.102.49.168 (Type: incoming, Port: 53, Process: svchost.exe)
2014/04/27 17:02:55 -0500 TIM-PC Timothy IP-BLOCK 94.102.49.168 (Type: incoming, Port: 53, Process: svchost.exe)
2014/04/27 22:48:16 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 50842, Process: svchost.exe)
2014/04/27 22:48:16 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 50842, Process: svchost.exe)
 
 
2014/04/28 03:14:01 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 808, Process: svchost.exe)
2014/04/28 12:07:19 -0500 TIM-PC Timothy MESSAGE Executing scheduled update:  Daily
2014/04/28 12:07:33 -0500 TIM-PC Timothy MESSAGE Scheduled update executed successfully:  database updated from version v2014.04.26.03 to version v2014.04.28.06
2014/04/28 12:07:33 -0500 TIM-PC Timothy MESSAGE Starting database refresh
2014/04/28 12:07:33 -0500 TIM-PC Timothy MESSAGE Stopping IP protection
2014/04/28 12:07:34 -0500 TIM-PC Timothy MESSAGE IP Protection stopped successfully
2014/04/28 12:07:38 -0500 TIM-PC Timothy MESSAGE Database refreshed successfully
2014/04/28 12:07:38 -0500 TIM-PC Timothy MESSAGE Starting IP protection
2014/04/28 12:07:41 -0500 TIM-PC Timothy MESSAGE IP Protection started successfully
2014/04/28 12:13:32 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 9928, Process: svchost.exe)
2014/04/28 17:32:35 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 20499, Process: svchost.exe)
2014/04/28 18:09:14 -0500 TIM-PC Timothy IP-BLOCK 80.82.78.105 (Type: incoming, Port: 53, Process: svchost.exe)
2014/04/28 18:09:14 -0500 TIM-PC Timothy IP-BLOCK 80.82.78.105 (Type: incoming, Port: 53, Process: svchost.exe)
2014/04/28 19:32:45 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 3128, Process: svchost.exe)
 
 
2014/04/29 18:13:33 -0500 TIM-PC Timothy IP-BLOCK 94.102.49.168 (Type: incoming, Port: 80, Process: svchost.exe)
2014/04/29 20:48:05 -0500 TIM-PC Timothy IP-BLOCK 222.186.50.186 (Type: incoming, Port: 2222, Process: svchost.exe)
2014/04/29 20:48:05 -0500 TIM-PC Timothy IP-BLOCK 222.186.50.186 (Type: incoming, Port: 2222, Process: svchost.exe)
2014/04/29 22:13:04 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 8786, Process: svchost.exe)
2014/04/29 22:13:04 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 8786, Process: svchost.exe)
2014/04/29 22:13:04 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 8786, Process: svchost.exe)
 
 
2014/04/30 00:10:56 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 25531, Process: svchost.exe)
2014/04/30 01:13:52 -0500 TIM-PC (null) MESSAGE Starting protection
2014/04/30 01:13:52 -0500 TIM-PC (null) MESSAGE Protection started successfully
2014/04/30 01:13:52 -0500 TIM-PC (null) MESSAGE Starting IP protection
2014/04/30 01:13:54 -0500 TIM-PC (null) MESSAGE IP Protection started successfully
2014/04/30 01:54:03 -0500 TIM-PC Timothy IP-BLOCK 218.8.41.30 (Type: incoming, Port: 8)
2014/04/30 01:54:03 -0500 TIM-PC Timothy IP-BLOCK 218.8.41.30 (Type: incoming, Port: 8, Process: svchost.exe)
2014/04/30 01:54:03 -0500 TIM-PC Timothy IP-BLOCK 218.8.41.30 (Type: incoming, Port: 8, Process: svchost.exe)
2014/04/30 12:06:49 -0500 TIM-PC Timothy MESSAGE Executing scheduled update:  Daily
2014/04/30 12:07:11 -0500 TIM-PC Timothy MESSAGE Scheduled update executed successfully:  database updated from version v2014.04.28.06 to version v2014.04.30.07
2014/04/30 12:07:11 -0500 TIM-PC Timothy MESSAGE Starting database refresh
2014/04/30 12:07:11 -0500 TIM-PC Timothy MESSAGE Stopping IP protection
2014/04/30 12:07:11 -0500 TIM-PC Timothy MESSAGE IP Protection stopped successfully
2014/04/30 12:07:13 -0500 TIM-PC Timothy MESSAGE Database refreshed successfully
2014/04/30 12:07:13 -0500 TIM-PC Timothy MESSAGE Starting IP protection
2014/04/30 12:07:15 -0500 TIM-PC Timothy MESSAGE IP Protection started successfully
2014/04/30 19:13:19 -0500 TIM-PC Timothy IP-BLOCK 94.102.49.168 (Type: incoming, Port: 443, Process: svchost.exe)
2014/04/30 21:15:29 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 7366, Process: svchost.exe)
 
 
2014/05/01 01:07:29 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 52926, Process: svchost.exe)
2014/05/01 01:07:29 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 52926, Process: svchost.exe)
2014/05/01 01:57:03 -0500 TIM-PC Timothy IP-BLOCK 218.9.45.228 (Type: incoming, Port: 23, Process: svchost.exe)
2014/05/01 01:57:03 -0500 TIM-PC Timothy IP-BLOCK 218.9.45.228 (Type: incoming, Port: 23, Process: svchost.exe)
2014/05/01 01:57:11 -0500 TIM-PC Timothy IP-BLOCK 218.9.45.228 (Type: incoming, Port: 23, Process: svchost.exe)
2014/05/01 01:57:27 -0500 TIM-PC Timothy IP-BLOCK 218.9.45.228 (Type: incoming, Port: 23, Process: svchost.exe)
2014/05/01 03:32:31 -0500 TIM-PC Timothy IP-BLOCK 94.102.53.154 (Type: incoming, Port: 5666, Process: svchost.exe)
2014/05/01 10:41:05 -0500 TIM-PC Timothy IP-BLOCK 80.82.70.150 (Type: incoming, Port: 8088, Process: svchost.exe)
2014/05/01 12:17:26 -0500 TIM-PC Timothy MESSAGE Executing scheduled update:  Daily
2014/05/01 12:17:40 -0500 TIM-PC Timothy MESSAGE Starting database refresh
2014/05/01 12:17:40 -0500 TIM-PC Timothy MESSAGE Stopping IP protection
2014/05/01 12:17:40 -0500 TIM-PC Timothy MESSAGE IP Protection stopped successfully
2014/05/01 12:17:40 -0500 TIM-PC Timothy MESSAGE Scheduled update executed successfully:  database updated from version v2014.04.30.07 to version v2014.05.01.11
2014/05/01 12:17:42 -0500 TIM-PC Timothy MESSAGE Database refreshed successfully
2014/05/01 12:17:42 -0500 TIM-PC Timothy MESSAGE Starting IP protection
2014/05/01 12:17:44 -0500 TIM-PC Timothy MESSAGE IP Protection started successfully
2014/05/01 14:21:43 -0500 TIM-PC Timothy IP-BLOCK 80.82.64.171 (Type: incoming, Port: 22, Process: svchost.exe)
 

 

Share this post


Link to post
Share on other sites

All of those are INCOMING which means they do not exist on or inside your computer but are externally coming into the system and being blocked.

 

Please take a look at this tutorial to see what is running under the svchost.exe program and that might help to determine where or why you computer continues to get probed externally.

 

http://www.bleepingcomputer.com/tutorials/list-services-running-under-svchostexe-process/

 

This will show you the different processes that are being run under that one program.

Share this post


Link to post
Share on other sites

The last two times I received a large amount of outgoing alerts was April 22 and late March. So it's not happening every day, they're happening weeks apart.

Share this post


Link to post
Share on other sites

I'm reasonably sure we've cleaned up the causes for the outgoing IP blocks.  The incoming there is probably nothing we can do about.  You can enable a 3rd party firewall to help block them and you can review your SVCHOSTS file as I linked to above and let me know what it finds. 

Share this post


Link to post
Share on other sites

Please click on START and type in CMD.EXE and when it shows on the Start menu right click over it and choose "Run as administrator" then type the following in the code box below exactly and press the Enter key. It will create a file named:  "MySVCHOST.txt" on your desktop.  Please attach this file on your next reply.
Type the following exactly and press the Enter key.

tasklist /svc /fi "imagename eq svchost.exe" >"%USERPROFILE%\Desktop\MySVCHOST.txt"

 
Thanks

Share this post


Link to post
Share on other sites

Those all look like legit programs to me in general. At this point all I can suggest is possibly installing a 3rd party firewall product to help manage incoming threats better.

Our program helps but is not a replacement for a good firewall.

Share this post


Link to post
Share on other sites

Did you download that file 3 times, or are there others downloading the file too? What 3rd party firewall products would you suggest?

Share this post


Link to post
Share on other sites

Thank you. The file that I uploaded "MySVCHOST.txt" has 3 downloads next to it. Did you download the file 3 times or is there someone else looking at this thread downloading the files I'm uploading?

Share this post


Link to post
Share on other sites

All posts and attachments are available to download by anyone. Often users download other files looking for a fix themselves without having to post looking for help. Unless you're a highly skilled technician working for some Government agency and have you listed as a target the information is safe meaning that one is going to use it to remotely attack you. Unless you have a billion dollars or something else of value on your computer the people with that sort of skill set cannot waste their time trying to remotely attack your computer.

Share this post


Link to post
Share on other sites

It is a pretty good firewall but you just don't easily have access to see and make changes to it like you do with other 3rd party tools.

Share this post


Link to post
Share on other sites

No, it does not. You can only run 1 firewall at a time. The built-in firewall works very well but if you want to manage it then you need to either find a shell for it or use command line codes to manage it. You can do some from the GUI but it's not very intuitive for most users is all. That is where 3rd party firewall products do a much better job by making a difficult operation a little more easy to run and understand.

Share this post


Link to post
Share on other sites

Should I be concerned that my mouse pointer occasionally shows the "Working in Background" symbol even when there are not any programs open besides my web browser (which is not loading anything)?

Share this post


Link to post
Share on other sites

I have no idea what is causing that. If you're really concerned about the issues and it were my computer I would backup all the data and do a destructive Factory Restore or fdisk, format, and reinstall Windows. That's the only way you're ever going to have the computer work the way did when you first got it.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.