Jump to content

MBAM Pro flagging IP supposedly by Avast - need help

Recommended Posts



I followed the instructions and downloaded TCPView.  I've been running it for about a day now.  Roughly every hour, "avastsvc.exe" (yes, I have avast) tried to connect to and MBAM blocks it.  The remote address does not show up in TCPView, so I can't confirm if it's really Avast.  The IP address is somewhere in Poland, so it's suspicious that Avast would be contacting it.


Since TCPView isn't working, is there any other way to determine what process is actually initiating this request?


Thanks for your help!

Link to post
Share on other sites

Hello and :welcome:

Take a look at this KB Article => HERE <= for an explanation as to what is happening....

That being said, if you want to have your computer checked to see what it is that is causing these blocks, follow the instructions below....

To make sure your not infected, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware.

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

Thank you

Link to post
Share on other sites

Thank you for the reply.  I uninstalled Avast! and it revealed that Firefox was, as the article said, initiating the attempts.  I reinstalled Avast! and MBAM again cited it as the source.  I have a number of pages open in Firefox, so I'm not sure what's causing it.  I've closed a few at a time, and will continue until I figure out which one is doing it.


Odd though - it attempts to make that connection as soon as Firefox opens, BEFORE it's loaded any of the pages (that is, when the "restore previous session" screen is open).  I'm wondering if it's possible that Firefox itself is compromised.

Link to post
Share on other sites



Until Firefox returns...


The IP blocks could indicate that MBAM PRO is doing its job of blocking bad content (e.g. banner ads) on those web sites.


However, if you are getting a lot of IP blocks and/or they are happening when no browsers are open, then it could be a sign of infection.

If that's the case, or if you want expert help to exclude the possibility of malware, then please follow Firefox's advice >>HERE<< to head over to the malware removal section for help.





Link to post
Share on other sites

Odd though - it attempts to make that connection as soon as Firefox opens, BEFORE it's loaded any of the pages


That sounds as if it could an extension phoning home.

Most Fx problem are in your profile, not the program itself.


You could try Mozilla safe mode OR creating a new, naked profile with no extensions and see if it still happens.

That would narrow it down to an extension.


Having said all that, it would probably be best to get expert help with this, as some malware hides well and requires powerful tools and guidance for complete removal.





Link to post
Share on other sites

  • 1 month later...

I know this is a couple of months old, but I wanted to mention that this specific IP address is now tied to the files-frog website.  If you have downloaded any software (particularly audio/video processing software) from their website, they will automatically load an update-checker executable.  It appears to be harmless and easily removed.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.