Jump to content
mossman

192.168.1.255

Recommended Posts

The problem here, is this specific /24 was re-allocated and is no longer NRIP (Non-routable IP (internal use only)).

 

In short, because of the association with P2P Zeus, I'd urge you have the machines checked.

 

To clarify, whilst not an F/P, the block has obviously been removed, due to it's being the default range for a lot of routers etc.

Share this post


Link to post
Share on other sites

You guys are starting to seriously shake my faith in the product. Last year's fiasco caught my biggest problem client and destroyed her system completely. None of the recovery tools you gave me worked, and I spent about 20 hours rebuilding and recovering data from backups.

 

I thought you had some testing in place to prevent this kind of screwup from happening again. What's the story?

 

At this point I'm seriously considering finding some other alternative.

Share this post


Link to post
Share on other sites

The file false positives were a separate issue and filtering is in place for that. Every def set is scanned against 10 separate installs along with other new safeguards in place. Every file we false positive on gets added to these installs.

 

 

As far as the blocklist that isnt as easy. This was a judgement call and as malware is using this address now being it was reassigned publicly. Because so many people use this address in their default router configuration we had no choice but to remove it and attack the malware from the file standpoint.

Share this post


Link to post
Share on other sites

So is this a false positive or not? I'm getting the exact same problem: 192.168.1.255, my router's address, showing up as outgoing blocked. Do I need to follow the procedures outlined by "goldhound," or can I simply ignore this or put it on the exclusion list?

Share this post


Link to post
Share on other sites

it's not necessarily a F/P. All you'll need to do is update to the latest Malwarebytes AntiMalware database.

Share this post


Link to post
Share on other sites

To clarify.

 

This is most likely a false positive depending on your configuration.  There is also a minor chance there could be malware present also so i would recommend a quick scan to be sure.

Share this post


Link to post
Share on other sites

Experienced similar results here, and in addition it should be noted that this completely blocked all network connections between clients & servers as well.  The IT department was not happy!  Appreciate the rapid resolution.

Share this post


Link to post
Share on other sites

The quick scan is clean; just to fully understand, should I start a new topic and post the attach.txt and the dds.txt or not?

Share this post


Link to post
Share on other sites

You can for piece of mind in the malware removal forum. The chances are low of having the malware at this point but cant hurt to have someone look over.

 

If your network is configured with a 192.168 address then it was probably a fp in your situation.

 

If you want to display your IP address you can do this:
Click on Start -> Run -> type in "cmd" without the quotes in the box and press Enter.
This will open a box. then type "ipconfig" (again without the quotes) and press enter.
This will display your ip configuration.

 

if you see 192.168.1.xxx then this false positived on your network. (xxx) being any # between 0-255

Share this post


Link to post
Share on other sites

Look in the Ignore List, see if you have any uninvited IP addresses.

I found one and after deleting, the 192.168.1.255 disappeared and I can access my home network again.

Share this post


Link to post
Share on other sites

it's not necessarily a F/P. All you'll need to do is update to the latest Malwarebytes AntiMalware database.

Worked here. Updated and message stopped...thanks! 

Share this post


Link to post
Share on other sites

I had the same experience/problem - MBAM issuing recurring reports of potential malware from 192.168.1.255 on ports 137 and 138.

My router address is in the address range 192.168.1.xxx, so it is a false positive.

I uploaded the updated MBAM database, and the MBAM reports stopped.

I then ran a quick virus check (MS Security Essentials) and an MBAM Quick Scan - just in case.

 

Many thanks for such a rapid response.   :-)

Share this post


Link to post
Share on other sites

One of my clients has an XP machine that runs the PRO version and sits on the 192.168.1.xxx network. The computer was rendered useless because Malwarebytes not only blocked the broadcast address, but also all other connections to the local domain server, Exchange and file servers - and this is with today's newest deffinitions may I mind you! This is terrible! There are no viruses, malware, roots or trojans present on that machine or on the servers and that's confirmed by not just one antivirus program. This F/P is getting out of hand. I'm going to suggest to all my clients to just delete Malwarebytes from their computers. I'm not going to go through the same hell you put me through last year, no sir! This is likely my last post on this forum. Auf Wiedersehen!

Share this post


Link to post
Share on other sites

@Croatian

There was certainly something else going on there at that client. Blocking that address would not produce those results. There was either something else going on or you really need to look at how their network is setup and look at fixing it.

Please post the protection logs from yesterday if you like and we can review it. If you would like to review the real issue I'd be more than happy to assist you.

Thanks

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.