Jump to content

"Successfully blocked access to a potentially malicious website"?


Recommended Posts

  • Root Admin

The only items of possible concern are from Chrome outgoing. 

 

Please backup your bookmarks for Chrome and if you're using the online Sync disable it.

 

Then restart the computer and run the AdwCleaner, JRT, and MBAM with both PUP and PUM set to treat as malware and run them all.

Then restart the computer again and see if you still get an out going block or not and let me know.

Link to post
Share on other sites
  • Replies 155
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

Files in quarantine are okay to leave there.  Typically I'd recommend leaving for at least a few days just to make sure none were removed as a false positive.

 

Please follow my last steps and post back the new logs when ready.

Link to post
Share on other sites

Here are the past 5 days' logs:

 

2014/04/27 02:12:58 -0500 TIM-PC Timothy IP-BLOCK 80.82.78.105 (Type: incoming, Port: 53, Process: svchost.exe)
2014/04/27 03:56:25 -0500 TIM-PC Timothy IP-BLOCK 222.186.56.18 (Type: incoming, Port: 8084, Process: svchost.exe)
2014/04/27 03:56:25 -0500 TIM-PC Timothy IP-BLOCK 222.186.56.18 (Type: incoming, Port: 8084, Process: svchost.exe)
2014/04/27 13:18:18 -0500 TIM-PC Timothy IP-BLOCK 80.82.78.105 (Type: incoming, Port: 53, Process: svchost.exe)
2014/04/27 15:54:54 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 29641, Process: svchost.exe)
2014/04/27 15:54:54 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 29641, Process: svchost.exe)
2014/04/27 16:45:01 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 25374, Process: svchost.exe)
2014/04/27 16:45:01 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 25374, Process: svchost.exe)
2014/04/27 17:02:55 -0500 TIM-PC Timothy IP-BLOCK 94.102.49.168 (Type: incoming, Port: 53, Process: svchost.exe)
2014/04/27 17:02:55 -0500 TIM-PC Timothy IP-BLOCK 94.102.49.168 (Type: incoming, Port: 53, Process: svchost.exe)
2014/04/27 22:48:16 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 50842, Process: svchost.exe)
2014/04/27 22:48:16 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 50842, Process: svchost.exe)
 
 
2014/04/28 03:14:01 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 808, Process: svchost.exe)
2014/04/28 12:07:19 -0500 TIM-PC Timothy MESSAGE Executing scheduled update:  Daily
2014/04/28 12:07:33 -0500 TIM-PC Timothy MESSAGE Scheduled update executed successfully:  database updated from version v2014.04.26.03 to version v2014.04.28.06
2014/04/28 12:07:33 -0500 TIM-PC Timothy MESSAGE Starting database refresh
2014/04/28 12:07:33 -0500 TIM-PC Timothy MESSAGE Stopping IP protection
2014/04/28 12:07:34 -0500 TIM-PC Timothy MESSAGE IP Protection stopped successfully
2014/04/28 12:07:38 -0500 TIM-PC Timothy MESSAGE Database refreshed successfully
2014/04/28 12:07:38 -0500 TIM-PC Timothy MESSAGE Starting IP protection
2014/04/28 12:07:41 -0500 TIM-PC Timothy MESSAGE IP Protection started successfully
2014/04/28 12:13:32 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 9928, Process: svchost.exe)
2014/04/28 17:32:35 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 20499, Process: svchost.exe)
2014/04/28 18:09:14 -0500 TIM-PC Timothy IP-BLOCK 80.82.78.105 (Type: incoming, Port: 53, Process: svchost.exe)
2014/04/28 18:09:14 -0500 TIM-PC Timothy IP-BLOCK 80.82.78.105 (Type: incoming, Port: 53, Process: svchost.exe)
2014/04/28 19:32:45 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 3128, Process: svchost.exe)
 
 
2014/04/29 18:13:33 -0500 TIM-PC Timothy IP-BLOCK 94.102.49.168 (Type: incoming, Port: 80, Process: svchost.exe)
2014/04/29 20:48:05 -0500 TIM-PC Timothy IP-BLOCK 222.186.50.186 (Type: incoming, Port: 2222, Process: svchost.exe)
2014/04/29 20:48:05 -0500 TIM-PC Timothy IP-BLOCK 222.186.50.186 (Type: incoming, Port: 2222, Process: svchost.exe)
2014/04/29 22:13:04 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 8786, Process: svchost.exe)
2014/04/29 22:13:04 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 8786, Process: svchost.exe)
2014/04/29 22:13:04 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 8786, Process: svchost.exe)
 
 
2014/04/30 00:10:56 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 25531, Process: svchost.exe)
2014/04/30 01:13:52 -0500 TIM-PC (null) MESSAGE Starting protection
2014/04/30 01:13:52 -0500 TIM-PC (null) MESSAGE Protection started successfully
2014/04/30 01:13:52 -0500 TIM-PC (null) MESSAGE Starting IP protection
2014/04/30 01:13:54 -0500 TIM-PC (null) MESSAGE IP Protection started successfully
2014/04/30 01:54:03 -0500 TIM-PC Timothy IP-BLOCK 218.8.41.30 (Type: incoming, Port: 8)
2014/04/30 01:54:03 -0500 TIM-PC Timothy IP-BLOCK 218.8.41.30 (Type: incoming, Port: 8, Process: svchost.exe)
2014/04/30 01:54:03 -0500 TIM-PC Timothy IP-BLOCK 218.8.41.30 (Type: incoming, Port: 8, Process: svchost.exe)
2014/04/30 12:06:49 -0500 TIM-PC Timothy MESSAGE Executing scheduled update:  Daily
2014/04/30 12:07:11 -0500 TIM-PC Timothy MESSAGE Scheduled update executed successfully:  database updated from version v2014.04.28.06 to version v2014.04.30.07
2014/04/30 12:07:11 -0500 TIM-PC Timothy MESSAGE Starting database refresh
2014/04/30 12:07:11 -0500 TIM-PC Timothy MESSAGE Stopping IP protection
2014/04/30 12:07:11 -0500 TIM-PC Timothy MESSAGE IP Protection stopped successfully
2014/04/30 12:07:13 -0500 TIM-PC Timothy MESSAGE Database refreshed successfully
2014/04/30 12:07:13 -0500 TIM-PC Timothy MESSAGE Starting IP protection
2014/04/30 12:07:15 -0500 TIM-PC Timothy MESSAGE IP Protection started successfully
2014/04/30 19:13:19 -0500 TIM-PC Timothy IP-BLOCK 94.102.49.168 (Type: incoming, Port: 443, Process: svchost.exe)
2014/04/30 21:15:29 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 7366, Process: svchost.exe)
 
 
2014/05/01 01:07:29 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 52926, Process: svchost.exe)
2014/05/01 01:07:29 -0500 TIM-PC Timothy IP-BLOCK 93.174.93.51 (Type: incoming, Port: 52926, Process: svchost.exe)
2014/05/01 01:57:03 -0500 TIM-PC Timothy IP-BLOCK 218.9.45.228 (Type: incoming, Port: 23, Process: svchost.exe)
2014/05/01 01:57:03 -0500 TIM-PC Timothy IP-BLOCK 218.9.45.228 (Type: incoming, Port: 23, Process: svchost.exe)
2014/05/01 01:57:11 -0500 TIM-PC Timothy IP-BLOCK 218.9.45.228 (Type: incoming, Port: 23, Process: svchost.exe)
2014/05/01 01:57:27 -0500 TIM-PC Timothy IP-BLOCK 218.9.45.228 (Type: incoming, Port: 23, Process: svchost.exe)
2014/05/01 03:32:31 -0500 TIM-PC Timothy IP-BLOCK 94.102.53.154 (Type: incoming, Port: 5666, Process: svchost.exe)
2014/05/01 10:41:05 -0500 TIM-PC Timothy IP-BLOCK 80.82.70.150 (Type: incoming, Port: 8088, Process: svchost.exe)
2014/05/01 12:17:26 -0500 TIM-PC Timothy MESSAGE Executing scheduled update:  Daily
2014/05/01 12:17:40 -0500 TIM-PC Timothy MESSAGE Starting database refresh
2014/05/01 12:17:40 -0500 TIM-PC Timothy MESSAGE Stopping IP protection
2014/05/01 12:17:40 -0500 TIM-PC Timothy MESSAGE IP Protection stopped successfully
2014/05/01 12:17:40 -0500 TIM-PC Timothy MESSAGE Scheduled update executed successfully:  database updated from version v2014.04.30.07 to version v2014.05.01.11
2014/05/01 12:17:42 -0500 TIM-PC Timothy MESSAGE Database refreshed successfully
2014/05/01 12:17:42 -0500 TIM-PC Timothy MESSAGE Starting IP protection
2014/05/01 12:17:44 -0500 TIM-PC Timothy MESSAGE IP Protection started successfully
2014/05/01 14:21:43 -0500 TIM-PC Timothy IP-BLOCK 80.82.64.171 (Type: incoming, Port: 22, Process: svchost.exe)
 

 

Link to post
Share on other sites
  • Root Admin

All of those are INCOMING which means they do not exist on or inside your computer but are externally coming into the system and being blocked.

 

Please take a look at this tutorial to see what is running under the svchost.exe program and that might help to determine where or why you computer continues to get probed externally.

 

http://www.bleepingcomputer.com/tutorials/list-services-running-under-svchostexe-process/

 

This will show you the different processes that are being run under that one program.

Link to post
Share on other sites
  • Root Admin

I'm reasonably sure we've cleaned up the causes for the outgoing IP blocks.  The incoming there is probably nothing we can do about.  You can enable a 3rd party firewall to help block them and you can review your SVCHOSTS file as I linked to above and let me know what it finds. 

Link to post
Share on other sites
  • Root Admin

Please click on START and type in CMD.EXE and when it shows on the Start menu right click over it and choose "Run as administrator" then type the following in the code box below exactly and press the Enter key. It will create a file named:  "MySVCHOST.txt" on your desktop.  Please attach this file on your next reply.
Type the following exactly and press the Enter key.

tasklist /svc /fi "imagename eq svchost.exe" >"%USERPROFILE%\Desktop\MySVCHOST.txt"

 
Thanks

Link to post
Share on other sites
  • Root Admin

Those all look like legit programs to me in general. At this point all I can suggest is possibly installing a 3rd party firewall product to help manage incoming threats better.

Our program helps but is not a replacement for a good firewall.

Link to post
Share on other sites
  • Root Admin

All posts and attachments are available to download by anyone. Often users download other files looking for a fix themselves without having to post looking for help. Unless you're a highly skilled technician working for some Government agency and have you listed as a target the information is safe meaning that one is going to use it to remotely attack you. Unless you have a billion dollars or something else of value on your computer the people with that sort of skill set cannot waste their time trying to remotely attack your computer.

Link to post
Share on other sites
  • Root Admin

No, it does not. You can only run 1 firewall at a time. The built-in firewall works very well but if you want to manage it then you need to either find a shell for it or use command line codes to manage it. You can do some from the GUI but it's not very intuitive for most users is all. That is where 3rd party firewall products do a much better job by making a difficult operation a little more easy to run and understand.

Link to post
Share on other sites
  • Root Admin

I have no idea what is causing that. If you're really concerned about the issues and it were my computer I would backup all the data and do a destructive Factory Restore or fdisk, format, and reinstall Windows. That's the only way you're ever going to have the computer work the way did when you first got it.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.