Jump to content

trying to determine the source of an offending malwarebytes-blocked IP


Recommended Posts

I recently had malware removed with the help of this forum (thread here: https://forums.malwarebytes.org/index.php?showtopic=140513) and have had no problems since (except for a very minor one which I will address in a separate thread or in a PM to a moderator or the person who helped me?). What's prompting me to post this is these messages I'm getting from malwarebytes software today:

 

2014/03/07 14:43:12 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53501, Process: chrome.exe)
2014/03/07 14:43:28 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53522, Process: chrome.exe)
2014/03/07 14:43:28 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53523, Process: chrome.exe)
2014/03/07 14:43:28 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53524, Process: chrome.exe)
2014/03/07 14:43:28 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53536, Process: chrome.exe)
2014/03/07 14:43:28 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53537, Process: chrome.exe)
2014/03/07 14:43:28 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53538, Process: chrome.exe)
2014/03/07 14:43:28 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53540, Process: chrome.exe)
2014/03/07 14:43:28 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53541, Process: chrome.exe)
2014/03/07 14:43:28 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53542, Process: chrome.exe)
2014/03/07 14:43:28 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53543, Process: chrome.exe)
2014/03/07 14:43:28 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53544, Process: chrome.exe)
2014/03/07 14:43:28 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53545, Process: chrome.exe)
2014/03/07 14:43:28 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53546, Process: chrome.exe)
2014/03/07 14:43:28 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53547, Process: chrome.exe)
2014/03/07 14:43:36 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53551, Process: chrome.exe)
2014/03/07 14:43:36 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53552, Process: chrome.exe)
2014/03/07 14:43:36 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53553, Process: chrome.exe)
2014/03/07 14:43:36 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53554, Process: chrome.exe)
2014/03/07 14:43:37 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53555, Process: chrome.exe)
2014/03/07 14:43:37 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53556, Process: chrome.exe)
2014/03/07 14:43:37 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53557, Process: chrome.exe)
2014/03/07 14:43:37 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53558, Process: chrome.exe)
2014/03/07 14:43:37 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53559, Process: chrome.exe)
2014/03/07 14:43:37 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53560, Process: chrome.exe)
2014/03/07 14:43:37 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53562, Process: chrome.exe)
2014/03/07 14:43:37 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53563, Process: chrome.exe)
2014/03/07 14:43:37 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53564, Process: chrome.exe)
2014/03/07 14:43:37 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53565, Process: chrome.exe)
2014/03/07 14:43:37 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53566, Process: chrome.exe)
2014/03/07 14:43:37 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53567, Process: chrome.exe)
2014/03/07 14:43:37 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53568, Process: chrome.exe)
2014/03/07 14:43:37 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53569, Process: chrome.exe)
2014/03/07 14:43:37 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53571, Process: chrome.exe)
2014/03/07 14:43:37 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53572, Process: chrome.exe)
2014/03/07 14:47:45 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53830, Process: chrome.exe)
2014/03/07 14:47:45 -0500 CLONG-PC clong IP-BLOCK 174.137.132.45 (Type: outgoing, Port: 53831, Process: chrome.exe)
 
I think I determined which chrome tab was the offender, so I guess this is more of a feature request (or question of how to enable, if it exists): can the logs also include PID? I have 10 chrome tabs open, so "Process: chrome.exe" is not really enough. By trial and error, I was able to figure it out, but often I have 20+ tabs open so that would be almost impossible.
 
Thanks!
Link to post
Share on other sites

Hi: :)

 

Until the staff arrive to weigh in, you can use a website such as ip-lookup.net to research the IP - see the attached screen shot.

And you can follow the tutorial >>HERE<< to use TCPView to determine the process (it doesn't work in all cases).

 

Having said all that, if you think the IP block might be a False Positive, you may wish to please report it in the Website FP section >>HERE<< for the MBAM researchers to investigate.

 

OTOH, if you are getting a LOT of these blocks -- and you aren't using Skype, torrents or other P2P programs -- then you might want to head over to the malware removal section to have the experts assist you with this.  In that case, please start with the advice here: Available Assistance for Possibly Infected Computers.

 

Thanks,

 

daledoc1

 

post-29793-0-12869600-1394224332_thumb.p

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.