MBAM Pro flagging IP supposedly by Avast - need help

[therealex]

Hi,

 

I followed the instructions and downloaded TCPView.  I've been running it for about a day now.  Roughly every hour, "avastsvc.exe" (yes, I have avast) tried to connect to 78.138.104.155 and MBAM blocks it.  The remote address does not show up in TCPView, so I can't confirm if it's really Avast.  The IP address is somewhere in Poland, so it's suspicious that Avast would be contacting it.

 

Since TCPView isn't working, is there any other way to determine what process is actually initiating this request?

 

Thanks for your help!

[Firefox]

Hello and

Take a look at this KB Article => HERE <= for an explanation as to what is happening....

That being said, if you want to have your computer checked to see what it is that is causing these blocks, follow the instructions below....

To make sure your not infected, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware.

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

Thank you

[therealex]

Thank you for the reply.  I uninstalled Avast! and it revealed that Firefox was, as the article said, initiating the attempts.  I reinstalled Avast! and MBAM again cited it as the source.  I have a number of pages open in Firefox, so I'm not sure what's causing it.  I've closed a few at a time, and will continue until I figure out which one is doing it.

 

Odd though - it attempts to make that connection as soon as Firefox opens, BEFORE it's loaded any of the pages (that is, when the "restore previous session" screen is open).  I'm wondering if it's possible that Firefox itself is compromised.

[daledoc1]

Hi:

 

Until Firefox returns...

 

The IP blocks could indicate that MBAM PRO is doing its job of blocking bad content (e.g. banner ads) on those web sites.

 

However, if you are getting a lot of IP blocks and/or they are happening when no browsers are open, then it could be a sign of infection.

If that's the case, or if you want expert help to exclude the possibility of malware, then please follow Firefox's advice >>HERE<< to head over to the malware removal section for help.

 

Cheers,

 

daledoc1

[therealex]

Thanks for the help.  I'll finish checking things out, and if I can't figure it out I'll certainly take advantage of the malware removal section!

[daledoc1]

Odd though - it attempts to make that connection as soon as Firefox opens, BEFORE it's loaded any of the pages

 

That sounds as if it could an extension phoning home.

Most Fx problem are in your profile, not the program itself.

 

You could try Mozilla safe mode OR creating a new, naked profile with no extensions and see if it still happens.

That would narrow it down to an extension.

 

Having said all that, it would probably be best to get expert help with this, as some malware hides well and requires powerful tools and guidance for complete removal.

 

Cheers,

 

daledoc1

[Shane_K]

I know this is a couple of months old, but I wanted to mention that this specific IP address is now tied to the files-frog website.  If you have downloaded any software (particularly audio/video processing software) from their website, they will automatically load an update-checker executable.  It appears to be harmless and easily removed.