Jump to content

Many same IP blocks


Recommended Posts

Hello! Would like to start by saying I think of Malwarebytes as a savior I would not like to part with at any time. In a situation like this, it's saved my life. This situation in particular is very annoying. Since I have Windows 8, I cannot tell much of what is going on, but two IPs have been showing up frequently as warnings. Malwarebytes blocked them each time but this morning was especially stressful. The same two showed up very rapidly, and the anti-virus did its job of keepnig them out. However, this is gotten to the point of very worrying and scary. I'm already very paranoid, so seeing three block bubbles at a time was quite terrifying. Is there any sort of way to make these things leave me alone for good?

 

The two ips that were blocked were:

64.150.230.144

64.150.231.226

 

The latter being the more prominent. They also appeared when I had no browser open. I'm not very good with computer knowledge, so I'm not sure what to do. Any help would be appreciated.

Link to post
Share on other sites

Hello and welcome, NeonC: :)

 

FYI: Those particular IPs are located in the Bahamas, but the IP alone isn't enough info to go on.

 

IP blocks can indicate a number of things:

  • They could indicate that MBAM is doing its job of blocking bad content on websites.
  • In some cases the blocks are a false positive.
  • However, they can also be a sign of infection, especially if the blocks are outgoing and they occur when no browsers are open.

--> There is more information about the IP blocking module in the in the Help Desk topics HERE and HERE and HERE, and in the FAQ - Section G.
They also contain instructions on how to determine what process might be trying to make the connections.
You may also research the IP in question at www.ip-lookup.net or a similar site.

On the other hand, if you think the IP blocks might be a false positive, then please read this pinned topic before starting a new topic in the Website Blocking False Positives sub-forum.

Alternatively, if you think you might be infected, based on the IP blocks and/or other suspicious computer behavior, then please read the following for the available options to have a malware expert assist you with the cleaning process Available Assistance For Possibly Infected Computers.

>>>Under the circumstances, this is probably the safest course of action for you. :)

Thanks,

daledoc1

 

Link to post
Share on other sites

Thank you very much, especially for the very fast response! I don't believe I have any torrents, but I'll leave Skype open to see if it happens. Malwarebytes is also set to do full scans hourly and has realtime updating turned on, I am unsure if I'm infected or not because it always says I'm clean of malicious or infected files. I don't think false positives would assault me this way either.

 

I'm not sure if I can pinpoint the problem myself. Trying to get in touch with customer support seems to be my best bet. Again, thank you.

Link to post
Share on other sites

Thank you very much, especially for the very fast response! I don't believe I have any torrents, but I'll leave Skype open to see if it happens.

If it were Skype, you would see it listed as the process being blocked in the MBAM protection log.

 

Malwarebytes is also set to do full scans hourly

Whoa!!!!

That's neither necessary nor recommended.

That will cause a lot of unnecessary wear and tear on your hard drive.

With MBAM PRO running alongside your anti-virus (AV), a daily Quick scan should be more than sufficient.

What is the difference between the three scan types in Malwarebytes Anti-Malware?

Does Malwarebytes Anti-Malware replace antivirus software?

 

and has realtime updating turned on,

That's certainly an option, but it's not entirely necessary either (hourly is sufficient in most cases).

 

I am unsure if I'm infected or not because it always says I'm clean of malicious or infected files. I don't think false positives would assault me this way either.

 

A false positive for IP blocking occurs rarely.  My previous post explains how to proceed if you think that is the case, as seems unlikely in your case.

 

I'm not sure if I can pinpoint the problem myself. Trying to get in touch with customer support seems to be my best bet. Again, thank you.

 

Yes, I would suggest that you please follow the recommendations in this pinned topic: Available Assistance For Possibly Infected Computers.

A malware analyst will guide you through the scanning and cleanup process.

Thanks,

daledoc1

Link to post
Share on other sites

I apologize in advance for double posting but I think I have found the source after sitting down and thoroughly going through the protection logs(which were a bit confusing to read).

 

2013/09/29 10:24:02 -0400    FAMILY    T    IP-BLOCK    64.150.231.226 (Type: incoming, Port: 57718, Process: pmb.exe)
2013/09/29 10:24:10 -0400    FAMILY    T    IP-BLOCK    64.150.230.144 (Type: outgoing, Port: 64566, Process: pmb.exe)
2013/09/29 10:24:10 -0400    FAMILY    T    IP-BLOCK    64.150.231.226 (Type: incoming, Port: 57718, Process: pmb.exe)
2013/09/29 10:24:42 -0400    FAMILY    T    IP-BLOCK    64.150.231.226 (Type: incoming, Port: 57718, Process: pmb.exe)
2013/09/29 10:24:50 -0400    FAMILY    T    IP-BLOCK    64.150.231.226 (Type: incoming, Port: 57718, Process: pmb.exe)
2013/09/29 10:24:50 -0400    FAMILY    T    IP-BLOCK    64.150.230.144 (Type: outgoing, Port: 65155, Process: pmb.exe)
2013/09/29 10:24:58 -0400    FAMILY    T    IP-BLOCK    64.150.230.144 (Type: incoming, Port: 57718, Process: pmb.exe)
2013/09/29 10:24:58 -0400    FAMILY    T    IP-BLOCK    64.150.230.144 (Type: outgoing, Port: 65378, Process: pmb.exe)

 

This appears to be Pando Media Booster, I think. I'm not entirely sure what it's for or when it got there, but I'm assuming I don't need it and I can safely uninstall it? I would like to know if Malwarebytes has personally found something wrong with the program.

Link to post
Share on other sites

Do a web search for Pando Media Booster. It has something to do with downloading games. If you decide to uninstall it, I would get Revo Uninstaller Free. It does a better job than just using the Windows uninstall especially junk in the Registry.

Link to post
Share on other sites

@ AdvancedSetup:

 

Thanks for getting back to the OP with that info (while I was sleeping soundly ;) ).

 

@ NeonC:

 

Glad you solved the mystery of the source of the IP blocks. :)

Please let us know if you have any further questions or issues with IP blocks after removing Pando Media Booster, or with any other feature of MBAM PRO.

 

Cheers,

 

daledoc1

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.