Jump to content

Recommended Posts

I found my computer to be a bit odd last night, didn't pay much attention, today i checked Mbam logs and  found that there were a bunch of scvshost.exe ip blocked, I ran a scan with malwarebytes but didnt find anything, doesnt seem to be happening today but i'm still worried. Any help would be appreciated, thanks in advance.

 

 

2014/03/03 13:18:07 -0800    ALTAIR    isai    IP-BLOCK    89.28.98.3 (Type: outgoing, Port: 33692, Process: azureus.exe)
2014/03/03 13:18:07 -0800    ALTAIR    isai    IP-BLOCK    89.28.98.3 (Type: outgoing, Port: 64767, Process: azureus.exe)
2014/03/03 13:18:07 -0800    ALTAIR    isai    IP-BLOCK    89.28.98.3 (Type: outgoing, Port: 33692, Process: azureus.exe)
2014/03/03 13:18:15 -0800    ALTAIR    isai    IP-BLOCK    89.28.98.3 (Type: outgoing, Port: 33692, Process: azureus.exe)
2014/03/03 13:21:03 -0800    ALTAIR    isai    IP-BLOCK    93.115.83.250 (Type: outgoing, Port: 51556, Process: svchost.exe)
2014/03/03 13:21:03 -0800    ALTAIR    isai    IP-BLOCK    93.115.83.250 (Type: outgoing, Port: 58499, Process: svchost.exe)
2014/03/03 13:21:11 -0800    ALTAIR    isai    IP-BLOCK    93.115.83.250 (Type: outgoing, Port: 51556, Process: svchost.exe)
2014/03/03 13:21:11 -0800    ALTAIR    isai    IP-BLOCK    93.115.83.250 (Type: outgoing, Port: 58499, Process: svchost.exe)
2014/03/03 13:21:11 -0800    ALTAIR    isai    IP-BLOCK    93.115.83.250 (Type: outgoing, Port: 51556, Process: svchost.exe)
2014/03/03 13:21:11 -0800    ALTAIR    isai    IP-BLOCK    93.115.83.250 (Type: outgoing, Port: 58499, Process: svchost.exe)
2014/03/03 13:21:11 -0800    ALTAIR    isai    IP-BLOCK    93.115.83.250 (Type: outgoing, Port: 51556, Process: svchost.exe)
2014/03/03 13:21:11 -0800    ALTAIR    isai    IP-BLOCK    93.115.83.250 (Type: outgoing, Port: 51556, Process: svchost.exe)
2014/03/03 13:21:11 -0800    ALTAIR    isai    IP-BLOCK    93.115.83.250 (Type: outgoing, Port: 58499, Process: svchost.exe)
2014/03/03 13:21:19 -0800    ALTAIR    isai    IP-BLOCK    93.115.83.250 (Type: outgoing, Port: 51556, Process: svchost.exe)
2014/03/03 13:21:19 -0800    ALTAIR    isai    IP-BLOCK    93.115.83.250 (Type: outgoing, Port: 58499, Process: svchost.exe)
2014/03/03 13:21:19 -0800    ALTAIR    isai    IP-BLOCK    93.115.83.250 (Type: outgoing, Port: 51556, Process: svchost.exe)
2014/03/03 13:21:19 -0800    ALTAIR    isai    IP-BLOCK    93.115.83.250 (Type: outgoing, Port: 58499, Process: svchost.exe)
2014/03/03 13:21:35 -0800    ALTAIR    isai    IP-BLOCK    93.115.83.250 (Type: outgoing, Port: 51556, Process: svchost.exe)
2014/03/03 13:21:35 -0800    ALTAIR    isai    IP-BLOCK    93.115.83.250 (Type: outgoing, Port: 58499, Process: svchost.exe)
2014/03/03 13:21:35 -0800    ALTAIR    isai    IP-BLOCK    93.115.83.250 (Type: outgoing, Port: 51556, Process: svchost.exe)
2014/03/03 13:21:35 -0800    ALTAIR    isai    IP-BLOCK    93.115.83.250 (Type: outgoing, Port: 58499, Process: svchost.exe)
2014/03/03 13:21:35 -0800    ALTAIR    isai    IP-BLOCK    93.115.83.250 (Type: outgoing, Port: 51556, Process: svchost.exe)
2014/03/03 13:21:35 -0800    ALTAIR    isai    IP-BLOCK    93.115.83.250 (Type: outgoing, Port: 58499, Process: svchost.exe)
2014/03/03 14:20:36 -0800    ALTAIR    isai    MESSAGE    Executing scheduled update:  Daily
2014/03/03 14:20:44 -0800    ALTAIR    isai    MESSAGE    Scheduled update executed successfully:  database updated from version v2014.03.02.10 to version v2014.03.03.06
2014/03/03 14:20:44 -0800    ALTAIR    isai    MESSAGE    Starting database refresh
2014/03/03 14:20:44 -0800    ALTAIR    isai    MESSAGE    Stopping IP protection
2014/03/03 14:20:45 -0800    ALTAIR    isai    MESSAGE    IP Protection stopped successfully
2014/03/03 14:21:13 -0800    ALTAIR    isai    MESSAGE    Database refreshed successfully
2014/03/03 14:21:13 -0800    ALTAIR    isai    MESSAGE    Starting IP protection
2014/03/03 14:21:15 -0800    ALTAIR    isai    MESSAGE    IP Protection started successfully
2014/03/03 22:20:40 -0800    ALTAIR    isai    IP-BLOCK    188.130.176.2 (Type: outgoing, Port: 33692, Process: azureus.exe)

Link to post
Share on other sites

Hello and :welcome: , alde

 

 

Given the location (Romania) & owner (Voxility) of that IP, and the computer process involved, svchost.exe, the blocks could indicate malware infection.

I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
A malware analyst will assist you with looking into your issue..

Thanks,

daledoc1

Link to post
Share on other sites

A quick google for " 93.115.83.250" shows that IP for Freevpn.me ... If you're using freevpn.me willingly then perhaps mbam's web filter needs to whitelist that IP. if you're not using that VPN knowingly, then you are indeed infected with something redirecting traffic through that VPN service.

Link to post
Share on other sites

Hi, alde:
 

Thanks you for quick response, here are the logs, also i removed the bittorrent client.

Thanks for the logs. :)

 

However, the experts who need to review them and assist you work in a special, dedicated section of the forum.

 

Please start a new post (with these same logs attached) in the malware removal section >>HERE<<.

An expert will assist you there as soon as possible.

 

Thanks!

 

daledoc1

Link to post
Share on other sites

Hi, alde:

 

Thanks for the logs. :)

 

However, the experts who need to review them and assist you work in a special, dedicated section of the forum.

 

Please start a new post (with these same logs attached) in the malware removal section >>HERE<<.

An expert will assist you there as soon as possible.

 

Thanks!

 

daledoc1

Oh really sorry, thanks, i didnt realize i posted it in the wrong forum.

Link to post
Share on other sites

A quick google for " 93.115.83.250" shows that IP for Freevpn.me ... If you're using freevpn.me willingly then perhaps mbam's web filter needs to whitelist that IP. if you're not using that VPN knowingly, then you are indeed infected with something redirecting traffic through that VPN service.

Yes i see that, but i am not using a vpn service. thanks for the heads up.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.