Jump to content

Malwarebytes has blocked connection to a potentially malicious website.


Recommended Posts

I'm new here and I've had MAWB for nearly a week now and so far; the results have been stellar. It eliminated plenty of malware and PUPs I had no idea were in my PC. That's besides the point. Today, MAWB began blocking IPs from malicious websites in a huge number within the span of one hour. This has happened three times during three different hours.

 

2013/10/23 12:44:02 +0200 IP-BLOCK 109.236.82.186 (Type: outgoing, Port: 52981, Process: chrome.exe)
2013/10/23 12:44:02 +0200 IP-BLOCK 109.236.82.186 (Type: outgoing, Port: 52982, Process: chrome.exe)
2013/10/23 12:44:02 +0200 IP-BLOCK 109.236.82.186 (Type: outgoing, Port: 52983, Process: chrome.exe)
2013/10/23 12:44:02 +0200 IP-BLOCK 94.242.251.103 (Type: outgoing, Port: 52984, Process: chrome.exe)
2013/10/23 12:44:02 +0200 IP-BLOCK 94.242.251.103 (Type: outgoing, Port: 52985, Process: chrome.exe)
2013/10/23 12:44:02 +0200 IP-BLOCK 94.242.251.103 (Type: outgoing, Port: 52986, Process: chrome.exe)
2013/10/23 12:44:02 +0200 IP-BLOCK 94.242.251.103 (Type: outgoing, Port: 52987, Process: chrome.exe)
2013/10/23 12:44:02 +0200 IP-BLOCK 94.242.251.103 (Type: outgoing, Port: 52989, Process: chrome.exe)
2013/10/23 12:44:02 +0200 IP-BLOCK 94.242.251.103 (Type: outgoing, Port: 52988, Process: chrome.exe)
2013/10/23 12:45:55 +0200 IP-BLOCK 94.242.251.103 (Type: outgoing, Port: 53043, Process: chrome.exe)
2013/10/23 12:45:55 +0200 IP-BLOCK 94.242.251.103 (Type: outgoing, Port: 53044, Process: chrome.exe)
2013/10/23 12:45:55 +0200 IP-BLOCK 94.242.251.103 (Type: outgoing, Port: 53045, Process: chrome.exe)
2013/10/23 12:45:55 +0200 IP-BLOCK 94.242.251.103 (Type: outgoing, Port: 53046, Process: chrome.exe)
2013/10/23 12:45:55 +0200 IP-BLOCK 94.242.251.103 (Type: outgoing, Port: 53052, Process: chrome.exe)
2013/10/23 12:45:55 +0200 IP-BLOCK 94.242.251.103 (Type: outgoing, Port: 53056, Process: chrome.exe)
2013/10/23 12:45:55 +0200 IP-BLOCK 94.242.251.103 (Type: outgoing, Port: 53057, Process: chrome.exe)
2013/10/23 12:45:55 +0200 IP-BLOCK 94.242.251.103 (Type: outgoing, Port: 53058, Process: chrome.exe)
2013/10/23 17:10:09 +0200 IP-BLOCK 77.95.229.44 (Type: outgoing, Port: 63692, Process: chrome.exe)
2013/10/23 17:10:10 +0200 IP-BLOCK 94.242.251.103 (Type: outgoing, Port: 63700, Process: chrome.exe)
 
Should I be concerned that it's multiple IP addresses that have attempted this? I know this means that MAWB is just doing its job and it's blocking malicious IP from websites and I know for sure that this has only occurred when my browser was open and while I was surfing the web. What concerns me is that it's coming from multiple IPs. Does this just mean that some of the sites I go to have different IPs trying to connect to my PC via ads or something? Last time I did a recent full scan which was last night, there haven't been any threats, trojans, PUPs, ect. My PC is also showing no symptoms of funny behavior or being hacked. I'm a little concerned is all. If anybody can, please enlighten me on the subject.
Link to post
Share on other sites

Thanks for the reply. What's difficult to tell by an IP block alone?

An IP block from different IPs that are outgoing isn't exactly a final nail in the coffin that my PC is infected, right? They've only happened when my browser was in use.

My pc hasn't received any symptoms either. I'm running a new Full scan with the latest ver of MAWB. I'll post the results when it finishes.

Link to post
Share on other sites

  • Root Admin

Exactly - that is what is meant by an IP block alone does not mean the computer is infected.  However for us to verify for certain then you'd need to post some logs in the other forum as we don't do actual malware detection and removal in this forum is all.

 

Thank you

Link to post
Share on other sites

Thanks for the clarification. My newest Full Scan isn't finished yet but I just have some questions I want clarified involving IP Blocks. I've read the FAQs but there are things I want to make sure that I understand.

 

Firstly...does an "outgoing" IP block mean that I may have been on one website with ads that have malicious coding in it? I just want some rationale behind it because I read somewhere that an outgoing IP block was concerning so I got a little scared. I know it doesn't equivalent to infection as you've said but when an IP is blocked from an outgoing source, what does that mean exactly? That I went to one website and a few ads or potential browser hijackers were blocked?

Link to post
Share on other sites

When you visit a site that has an ad or is malicious and you encounter a block it would be "Incoming" Being that you are getting outgoing blocks means that something on your computer is trying to communicate with something on the outside and its being blocked by Malwarebytes so its trying to talk to something that Malwarebytes does not like. So it needs to be addressed. It could be a toolbar in chrome, and add on within chrome, but again its hard to tell without running some tools as Ron already mentioned above.

Link to post
Share on other sites

I have two applications installed. One blocks websites and the other is just McAfee's safeweb extension. I'll try and disable the extension that blocks websites and see what happens. 

 

In addition, I did something stupid. I got curious and I copy/pasted one of the IPs listed and put it on the Google Chrome address bar to see if anybody else had information involving it. I didn't think it would lead me anywhere. Bad mistake and it led me to a blank page where Malwarebytes blocked it again thank goodness. Problem is said IP address is stuck in my Chrome web history and everytime I type 94.242, the entire malicious IP address shows up in the search results. I tried deleting my history but it didn't do anything. Is there anything I can do? Or is it harmless because MAWB blocked it anyways.

Link to post
Share on other sites

Here is the thing, the more you try to self medicate the worst things can get. It would be best if you have one of the experts help you fix all your issues and they can also answer all your questions in regards to what was causing the blocks and how to remove such items. They can also help you clear your cache and history for you. Please follow the instructions provided by Ron in post # 2 above.

Link to post
Share on other sites

I know...I'll just wait until the Full Scan finishes.

 

MAWB managed to block the malicious IP again but it won't do any further harm, right? Because of my stupid mistake, it's now stuck in my web history. Even when I delete caches, cookies, web history, ect, the IP address shows up in the result when i type the first three numbers. Do I have to uninstall chrome and then install it again? Or is there no need for concern?

Link to post
Share on other sites

I apologize for the double post. Turns out the malicious IP address was in my Google Chrome's web history the entire time because whatever caused it had attempted to connect into that network hours ago. False alarm, I ended up panicking over nothing. It was never a big deal to begin with. It's because I only deleted cache/history coming from the last hour. I'll post the Full Scan results when they're finished. As for the helpdesk services, I'll consider it if something comes up.

Link to post
Share on other sites

Apologize about the triple post but my full scan finished. MAWB detected nothing at all. Perhaps it's caused by some of the extensions I installed for Chrome recently but like what Firefox said, I don't want to self medicate. Or perhaps it's just a false positive. Should I run any other tools besides MAWB?

Link to post
Share on other sites

There is no charge it is entirely free, simply go to the link in post #2 above and choose one of the options (you can not use the email support since you have the free version) in your case you would want option 1 so its free.

As for running any other tools, those tools need to be run in the correct section, hence why we want you to follow the instructions in post #2 above so that you post in the correct section.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.