J_townSonny Posted March 18, 2014 ID:804748 Share Posted March 18, 2014 Hi folks. How's it going? I have an odd question that I cannot seem to find an answer for. I have MW Pro because I have found it to be the best software for what I need; and for the price; it Can't be beat. My question is: My Comcast cable service was interrupted for over 4 hours during the last snow storm. While the internet was out of service I disconnected my computer from the modem and ran MW full scan while I had the chance. As usual it found nothing, which means it's doing it's job. Now for the problem. During that 4 hour down time; I kept getting a MW pop-up balloon every so often as if I was surfing the net, stating that MW blocked a potentially harmful incoming attack/site. Why on Earth would That pop-up? I was not connected to the net and my desktop do not have any wi-fi connected to or installed. I do have Magic-Jack but it to was unplugged from the computer at that time. PC is an eMachines 1200, XP Home 2003. I little help or info would go a long way with this issue. It was quite annoying. Link to post Share on other sites More sharing options...
fivealive Posted March 18, 2014 ID:804750 Share Posted March 18, 2014 If you could post the protection logs for malwarebytes that would be greatly appreciated. Link to post Share on other sites More sharing options...
J_townSonny Posted March 18, 2014 Author ID:804755 Share Posted March 18, 2014 I got home at 4p that day, my hours are 4a to 3p M-F, and the cable was already out. That's when I unplugged it. I hope this is what you're asking for:2014/03/12 03:28:56 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 93.174.93.51 (Type: incoming)2014/03/12 03:46:47 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 80.82.78.85 (Type: incoming)2014/03/12 07:25:39 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 222.186.31.43 (Type: incoming)2014/03/12 09:28:29 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 93.174.93.51 (Type: incoming)2014/03/12 10:47:17 -0500 EMACHINE-7AF6B9 USER MESSAGE Executing scheduled update: Daily2014/03/12 10:48:00 -0500 EMACHINE-7AF6B9 USER MESSAGE Starting database refresh2014/03/12 10:48:00 -0500 EMACHINE-7AF6B9 USER MESSAGE Scheduled update executed successfully: database updated from version v2014.03.11.08 to version v2014.03.12.092014/03/12 10:48:00 -0500 EMACHINE-7AF6B9 USER MESSAGE Stopping IP protection2014/03/12 10:48:02 -0500 EMACHINE-7AF6B9 USER MESSAGE IP Protection stopped successfully2014/03/12 10:49:11 -0500 EMACHINE-7AF6B9 USER MESSAGE Database refreshed successfully2014/03/12 10:49:11 -0500 EMACHINE-7AF6B9 USER MESSAGE Starting IP protection2014/03/12 10:49:50 -0500 EMACHINE-7AF6B9 USER MESSAGE IP Protection started successfully2014/03/12 15:28:32 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 93.174.93.51 (Type: incoming)2014/03/12 16:19:15 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 80.82.70.116 (Type: incoming)2014/03/12 16:34:54 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:34:57 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:34:58 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:35:03 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:35:03 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:35:03 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:35:03 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:35:05 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:35:06 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:35:11 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:35:12 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:35:16 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:35:19 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:35:24 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:35:24 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:35:27 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:35:33 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:36:33 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:36:36 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:36:36 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:36:42 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:36:42 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:36:54 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:36:57 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:37:03 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:37:15 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:37:18 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:37:24 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:37:36 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:37:39 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:37:45 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 88.214.225.161 (Type: outgoing)2014/03/12 16:53:17 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 78.140.142.60 (Type: outgoing)2014/03/12 16:53:38 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 78.140.142.60 (Type: outgoing)2014/03/12 16:53:41 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 78.140.142.60 (Type: outgoing)2014/03/12 16:53:47 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 78.140.142.60 (Type: outgoing)2014/03/12 17:00:21 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 93.174.93.51 (Type: incoming)2014/03/12 20:43:55 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 93.174.93.51 (Type: incoming)2014/03/12 20:51:08 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 222.186.31.43 (Type: incoming)2014/03/12 23:11:39 -0500 EMACHINE-7AF6B9 USER IP-BLOCK 222.186.38.116 (Type: incoming) Link to post Share on other sites More sharing options...
fivealive Posted March 18, 2014 ID:804756 Share Posted March 18, 2014 Thats exactly what is needed, now we just have to wait for someone with a bit more knowledge about what to do from here, Link to post Share on other sites More sharing options...
J_townSonny Posted March 18, 2014 Author ID:804760 Share Posted March 18, 2014 This is the first time trying to post from logs, Usually I see 2 progs to download and run then post and wait then rerun... As you can see from 16:19 thru to the end, I was not connected. I fell asleep and reconnected before I went to work at 4a the next morn. What I am most puzzled about is that, I just noticed it, most of them are an outgoing block. I really find that strange. Link to post Share on other sites More sharing options...
Firefox Posted March 18, 2014 ID:804763 Share Posted March 18, 2014 Well not sure where your located, but those IP's are in the Netherlands.... have a read through the stuff below... IP blocks can indicate a number of things:They could indicate that MBAM is doing its job of blocking bad content on websites.They can also occur when running Skype and certain P2P programs, such as torrents. For example, please see this help desk topic about Skype and this one about P2P.In some cases the blocks are a false positive.However, they can also be a sign of infection, especially if the blocks are outgoing and they occur when no browsers are open.--> There is more information about the IP blocking module in the in the Help Desk topics HERE and HERE and HERE, and in the FAQ - Section G. They also contain instructions on how to determine what process might be trying to make the connections. You may also research the IP in question at www.ip-lookup.net or a similar site. On the other hand, if you think the IP blocks might be a false positive, then please read this pinned topic before starting a new topic in the Website False Positives sub-forum. Alternatively, if you think you might be infected, based on the IP blocks and/or other suspicious computer behavior, then please read the following for the available options to have a malware expert assist you with the cleaning process Available Assistance For Possibly Infected Computers. Thanks! Link to post Share on other sites More sharing options...
J_townSonny Posted March 18, 2014 Author ID:804768 Share Posted March 18, 2014 The thing was that at that particular time there was No physical internet connection. I don't have Skype or ooVoo. I checked that particular forum and couldn't find anything related. Those were "when connected to the net" mine was not connected. Is MW Pro malfunctioning? Link to post Share on other sites More sharing options...
Firefox Posted March 18, 2014 ID:804771 Share Posted March 18, 2014 No I do not believe that Malwarebytes Pro was malfunctioning, and I can not say what cause those popups at the time. Without running tools to look at logs and see what's running on your computer I can only guess. However those tools need to be run from a dedicated section of the forum as we are not allowed to use those tools in this section. That being said... you will have to seek help from one of our experts below... If you think you might be infected, based on the IP blocks and/or other suspicious computer behavior, then please read the following for the available options to have a malware expert assist you with the cleaning process Available Assistance For Possibly Infected Computers. Link to post Share on other sites More sharing options...
J_townSonny Posted March 18, 2014 Author ID:804775 Share Posted March 18, 2014 What forum section do I need? My location is the Chicago metro area of Illinois. Thanks for your help. Link to post Share on other sites More sharing options...
fivealive Posted March 18, 2014 ID:804776 Share Posted March 18, 2014 I would go with the last one then, for possibly infected computers, its completely free, just post the logs they need, and follow the instructions your helper gives you Link to post Share on other sites More sharing options...
J_townSonny Posted March 18, 2014 Author ID:804778 Share Posted March 18, 2014 Thanks a heap. Woohoo! Customer service at it's best. MW Rocks! Link to post Share on other sites More sharing options...
Firefox Posted March 19, 2014 ID:804814 Share Posted March 19, 2014 Pretty much go HERE and post your issue and post the required logs, then wait for one of the experts to pick up your topic... Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now