Jump to content

Recommended Posts

I know that MBAM Pro has malicious IP blocking features, and that a lot of programs trigger it "normally", without being a problem. I've seen hl2.exe outgoing connections blocked a lot, when I'm playing Team Fortress 2.

 

Today, I noticed something odd though, which I've never seen before. I was in a game of TF2, on a server that does not have the IP that's listed in the log file as being blocked, at the current time that it was blocking the IP.

 

2014/02/05 02:50:44 -0500 PC IP-BLOCK 93.188.163.34 (Type: outgoing, Port: 51369, Process: hl2.exe)
2014/02/05 02:50:44 -0500 PC IP-BLOCK 93.188.163.34 (Type: outgoing, Port: 51369, Process: hl2.exe)
2014/02/05 02:53:16 -0500 PC IP-BLOCK 93.188.163.34 (Type: outgoing, Port: 52167, Process: hl2.exe)
2014/02/05 02:53:16 -0500 PC IP-BLOCK 93.188.163.34 (Type: outgoing, Port: 52167, Process: hl2.exe)
2014/02/05 02:53:32 -0500 PC IP-BLOCK 74.91.112.146 (Type: outgoing, Port: 52167, Process: hl2.exe)
2014/02/05 02:53:40 -0500 PC IP-BLOCK 46.21.150.220 (Type: outgoing, Port: 52167, Process: hl2.exe)
2014/02/05 02:53:40 -0500 PC IP-BLOCK 46.21.150.220 (Type: outgoing, Port: 52167, Process: hl2.exe)

 

OK, all that looks weird since I wasn't on those servers, but not unexpected, when TF2 is actually ON.

 

Here's what's kind of freaking me out:

 

2014/02/05 04:42:54 -0500 PC IP-BLOCK 93.188.163.34 (Type: outgoing, Port: 137)
2014/02/05 04:42:54 -0500 PC IP-BLOCK 93.188.163.34 (Type: outgoing, Port: 137)
2014/02/05 04:43:02 -0500 PC IP-BLOCK 93.188.163.34 (Type: outgoing, Port: 137)
2014/02/05 04:43:02 -0500 PC IP-BLOCK 93.188.163.34 (Type: outgoing, Port: 137)
2014/02/05 04:43:02 -0500 PC IP-BLOCK 93.188.163.34 (Type: outgoing, Port: 137)
2014/02/05 04:43:02 -0500 PC IP-BLOCK 93.188.163.34 (Type: outgoing, Port: 137)

 

These occurred while not in game, when hl2.exe shouldn't be doing ANYTHING. In addition to that, they're on port 137 from one of the earlier Ukranian IP's, which looks weird to me, but I'm not a networking expert and I need one!

 

I always Google the IP's I see my PC connect to, and I came up with something bizarre when I did. I get a bunch of stuff for a Ukranian TF2 server, and I also got this, which has something about a DNS changer in it, back from 2010:

 

http://answers.microsoft.com/en-us/windows/forum/windows_other-windows_update/the-device-or-resource-downloadmicrosoftcom-is-not/0a2c2ef4-da77-46df-9e6a-e0dcef6895fb

 

Can anyone shed some light on this subject?

Link to post
Share on other sites

Hi, blackdove83: :)

IP blocks can indicate a number of things:

  • They could indicate that MBAM is doing its job of blocking bad content on websites.
  • In some cases the blocks are a false positive.
  • However, they can also be a sign of infection, especially if the blocks are outgoing and they occur when no browsers are open.

--> There is more information about the IP blocking module in the in the Help Desk topics HERE and HERE and HERE, and in the FAQ - Section G.
They also contain instructions on how to determine what process might be trying to make the connections.

On the other hand, if you think the IP blocks might be a false positive, then please read this pinned topic before starting a new topic in the Website Blocking False Positives sub-forum.

>>>>>>Alternatively, if you think you might be infected, based on the IP blocks and/or other suspicious computer behavior, then please read the following for the available options to have a malware expert assist you with the cleaning process Available Assistance For Possibly Infected Computers.

You mentioned that some of the blocks are for IPs in the Ukraine & that they are happening even when NOT playing the game.

And it has already been suggested to you multiple times by several staff & others in multiple threads (including your previous thread in this section) to have an expert assist you with looking into this.

The thing is, the staff/experts are not permitted to run the tools and scans needed to sort this out and clean the computer in this section of the forum.

Without running those tools, there's no way to no for sure.

As such, having an expert help you over in the malware removal section would be the safest course of action for you at this time.

They will be more than happy to assist you for free, one-on-one, to make sure your system is clean.

 

Thanks,

daledoc1

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.