Jump to content

Recommended Posts

Hi,


Every 5-10 minutes malwarebytes anti-malware blocks four different outgoing communications, all to exactly the same ip on 4 different ports, its quite worrying.


 


I have been a long time user of skype, this is the first time this has ever happened to me. The ip that has the outgoing communication was aimed at was the same ip every time using an online ip checker i found that the ip was in the netherlands. The ports that it has been using have been increasing over the day, starting at ports of around 59810, currently almost 2 hours later it is at around 62000. This is very worrying and i would greatly appreciate some assistance on this.


 


This is a copy of the protection log for today.


Malwarebytes Anti-Malware

www.malwarebytes.org

 

 

Update, 10/07/2014 10:42:30, SYSTEM, LAPTOP, Scheduler, Malware Database, 2014.7.9.12, 2014.7.9.13, 

Protection, 10/07/2014 10:42:32, SYSTEM, LAPTOP, Protection, Refresh, Starting, 

Protection, 10/07/2014 10:42:32, SYSTEM, LAPTOP, Protection, Malicious Website Protection, Stopping, 

Protection, 10/07/2014 10:42:33, SYSTEM, LAPTOP, Protection, Malicious Website Protection, Stopped, 

Protection, 10/07/2014 10:43:35, SYSTEM, LAPTOP, Protection, Refresh, Success, 

Protection, 10/07/2014 10:43:36, SYSTEM, LAPTOP, Protection, Malicious Website Protection, Starting, 

Protection, 10/07/2014 10:43:37, SYSTEM, LAPTOP, Protection, Malicious Website Protection, Started, 

Update, 10/07/2014 13:37:06, SYSTEM, LAPTOP, Scheduler, Malware Database, 2014.7.9.13, 2014.7.10.3, 

Protection, 10/07/2014 13:37:16, SYSTEM, LAPTOP, Protection, Refresh, Starting, 

Protection, 10/07/2014 13:37:17, SYSTEM, LAPTOP, Protection, Malicious Website Protection, Stopping, 

Protection, 10/07/2014 13:37:18, SYSTEM, LAPTOP, Protection, Malicious Website Protection, Stopped, 

Protection, 10/07/2014 13:37:44, SYSTEM, LAPTOP, Protection, Refresh, Success, 

Protection, 10/07/2014 13:37:45, SYSTEM, LAPTOP, Protection, Malicious Website Protection, Starting, 

Protection, 10/07/2014 13:37:46, SYSTEM, LAPTOP, Protection, Malicious Website Protection, Started, 

Detection, 10/07/2014 17:09:19, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 59811, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 17:09:19, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 59811, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 17:09:20, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 59812, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 17:09:20, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 59813, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 17:09:20, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 59814, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 17:24:09, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 13350, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 17:29:25, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 60228, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 17:29:25, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 60229, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 17:29:25, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 60230, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 17:29:25, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 60231, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 17:36:39, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 60484, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 17:36:40, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 60485, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 17:36:40, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 60486, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 17:36:40, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 60487, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 17:44:38, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 60841, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 17:44:39, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 60841, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 17:44:39, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 60842, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 17:44:39, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 60843, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 17:44:39, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 60844, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 17:57:16, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 61072, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 17:57:17, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 61072, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 17:57:17, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 61073, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 17:57:17, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 61074, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 17:57:17, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 61075, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 18:02:42, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 61202, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 18:02:42, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 61203, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 18:02:42, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 61204, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 18:02:42, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 61205, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 18:09:58, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 61403, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 18:09:58, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 61404, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 18:09:58, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 61405, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 18:09:58, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 61406, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 18:17:37, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 61637, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 18:17:37, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 61638, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 18:17:37, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 61639, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 18:17:38, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 61640, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 18:27:26, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 61919, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 18:27:27, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 61920, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 18:27:27, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 61921, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

Detection, 10/07/2014 18:27:27, SYSTEM, LAPTOP, Protection, Malicious Website Protection, IP, 79.142.74.88, 61922, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 

 

Any help would be greatly appreciated.

Thanks.

Link to post
Share on other sites

First, it doesn't affect your usage of Skype. Skype is not using websites on those IP addresses.

 

Second, Skype can give everything away for free by grabbing a little bit of bandwidth from every computer that has it running, including yours.  Some of those computers are home to malware.  It just doesn't come through Skype.

 

Third, DO NOT tell your Malwarebytes program to exclude these IP addresses, because that is giving any malware that is present on those machines a path to yours.

Link to post
Share on other sites

There is no guarantee that there was malware in the first place.  The warnings are because the IP addresses listed are known to have (or have had in the recent past) malware being hosted there, whether it was with or without the owner's consent.

 

If you are not using the Premium (Pro) version of Malwarebytes Anti-Malware, you do not have real-time protection, and are vulnerable.  If you do have Premium/Pro, you can enable or disable real-time protection, choosing your level of risk to vulnerability in the process.

 

THAT is the prime reason to purchase Premium.  As good as the program is at keeping you safe, realtime protection is the only way to protect yourself fully WHEN you need that protection.  You will spend 50-100 times the cost of the program in time, energy, lost productivity, lost work and repairs should you get hit by a bad one.  Its worth its price.

Link to post
Share on other sites

  • 6 months later...

Hello,

 

I came across this 'working' solution from Skype to overcome the ongoing MalwareBytes warning:

"http://community.skype.com/t5/Windows-desktop-client/Malware-warnings-with-skype-exe/td-p/2299797"

 

I hope this safely and correctly helps overcome the issue. I have been irritated by the ongoing warning for some time now.

 

Have a great day. Cheers!

Link to post
Share on other sites

Hi:

 

Welcome. :)

Until gonzo returns....

 

This is a rather old thread and the OP may no longer be monitoring it.

Moreover, there will be more granular user control over non-critical notification popups with a future program version of MBAM 2.0.

 

Having said that, here is a KB topic about the MBAM IP blocks for Skype, with some safe ways to deal with it:

Why does Malwarebytes Anti-Malware block Skype?

 

Although the article does suggest that one can create a web exclusion for the entire Skype process, such an exclusion is NOT recommended by the MBAM Product Manager, exile360, as explained here:

 

I would actually recommend not adding Skype to Web Exclusions simply because Skype displays third party ads which have been known from time to time to link to malvertisements (malicious advertisements hosting malware such as exploits and/or drive-by downloads or scams) so it should be treated with the same level of caution as your internet browser (which should also never be added to Web Exclusions). If you have all ads in Skype disabled or blocked through some other means such as having a premium Skype account or by using an ad-blocking HOSTS file then you should be able to safely add Skype to your Web Exclusions in Malwarebytes Anti-Malware, but otherwise I would recommend not doing so.

 

So, as gonzo mentioned, it's up to the user as far as the level of risk/vulnerability s/he tolerates on the system. ;)

 

Thanks very much!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.