Jump to content

Recommended Posts

The problem here, is this specific /24 was re-allocated and is no longer NRIP (Non-routable IP (internal use only)).

 

In short, because of the association with P2P Zeus, I'd urge you have the machines checked.

 

To clarify, whilst not an F/P, the block has obviously been removed, due to it's being the default range for a lot of routers etc.

Link to post
Share on other sites

You guys are starting to seriously shake my faith in the product. Last year's fiasco caught my biggest problem client and destroyed her system completely. None of the recovery tools you gave me worked, and I spent about 20 hours rebuilding and recovering data from backups.

 

I thought you had some testing in place to prevent this kind of screwup from happening again. What's the story?

 

At this point I'm seriously considering finding some other alternative.

Link to post
Share on other sites
  • Staff

The file false positives were a separate issue and filtering is in place for that. Every def set is scanned against 10 separate installs along with other new safeguards in place. Every file we false positive on gets added to these installs.

 

 

As far as the blocklist that isnt as easy. This was a judgement call and as malware is using this address now being it was reassigned publicly. Because so many people use this address in their default router configuration we had no choice but to remove it and attack the malware from the file standpoint.

Link to post
Share on other sites

So is this a false positive or not? I'm getting the exact same problem: 192.168.1.255, my router's address, showing up as outgoing blocked. Do I need to follow the procedures outlined by "goldhound," or can I simply ignore this or put it on the exclusion list?

Link to post
Share on other sites
  • Staff

You can for piece of mind in the malware removal forum. The chances are low of having the malware at this point but cant hurt to have someone look over.

 

If your network is configured with a 192.168 address then it was probably a fp in your situation.

 

If you want to display your IP address you can do this:
Click on Start -> Run -> type in "cmd" without the quotes in the box and press Enter.
This will open a box. then type "ipconfig" (again without the quotes) and press enter.
This will display your ip configuration.

 

if you see 192.168.1.xxx then this false positived on your network. (xxx) being any # between 0-255

Link to post
Share on other sites

I had the same experience/problem - MBAM issuing recurring reports of potential malware from 192.168.1.255 on ports 137 and 138.

My router address is in the address range 192.168.1.xxx, so it is a false positive.

I uploaded the updated MBAM database, and the MBAM reports stopped.

I then ran a quick virus check (MS Security Essentials) and an MBAM Quick Scan - just in case.

 

Many thanks for such a rapid response.   :-)

Link to post
Share on other sites

One of my clients has an XP machine that runs the PRO version and sits on the 192.168.1.xxx network. The computer was rendered useless because Malwarebytes not only blocked the broadcast address, but also all other connections to the local domain server, Exchange and file servers - and this is with today's newest deffinitions may I mind you! This is terrible! There are no viruses, malware, roots or trojans present on that machine or on the servers and that's confirmed by not just one antivirus program. This F/P is getting out of hand. I'm going to suggest to all my clients to just delete Malwarebytes from their computers. I'm not going to go through the same hell you put me through last year, no sir! This is likely my last post on this forum. Auf Wiedersehen!

Link to post
Share on other sites
  • Root Admin

@Croatian

There was certainly something else going on there at that client. Blocking that address would not produce those results. There was either something else going on or you really need to look at how their network is setup and look at fixing it.

Please post the protection logs from yesterday if you like and we can review it. If you would like to review the real issue I'd be more than happy to assist you.

Thanks

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.