Jump to content

Skype outbound traffic


Recommended Posts

Hello, something strange happened to my PC today. My internet froze for a bit and I couldn't load any internet page. Then malware bytes blocked some outbound IP with weird port that skype never uses.

I did some checks and found out that this IP belongs to one VPN service. 

Logs included below.

Please check

mbam-log-2014-09-12 (10-50-21).xml

Link to post
Share on other sites

You need to export your protection log to txt file and post it in text format for review, and wait for one of the staff to review the logs....

 

Simply open the protection log and at the bottom left click on export and follow the prompts, or you can just click on copy to clipboard and post the logs...

Link to post
Share on other sites

<logs>


<record severity="debug" process="C:\Program Files (x86)\Skype\Phone\Skype.exe" LoggingEventType="0" datetime="2014-09-12T10:46:20.386458+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="ab39ea2c-5aaa-444c-a739-7cb60d5acecc" subtype="Malicious Website Protection" direction="Outbound" domain="" ip="193.138.230.177" malwaretype="IP" port="52327"/>

<record severity="debug" process="C:\Program Files (x86)\Skype\Phone\Skype.exe" LoggingEventType="0" datetime="2014-09-12T10:46:20.459476+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="d9fa75d7-da07-4c33-a809-84ff7fa5b3f4" subtype="Malicious Website Protection" direction="Outbound" domain="" ip="193.138.230.177" malwaretype="IP" port="52327"/>

<record severity="debug" process="C:\Program Files (x86)\Skype\Phone\Skype.exe" LoggingEventType="0" datetime="2014-09-12T10:46:21.473496+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="058da623-85a4-4c59-b962-8f3b0661e5f2" subtype="Malicious Website Protection" direction="Outbound" domain="" ip="193.138.230.177" malwaretype="IP" port="52341"/>

<record severity="debug" process="C:\Program Files (x86)\Skype\Phone\Skype.exe" LoggingEventType="0" datetime="2014-09-12T10:46:21.509504+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="5b36a0fa-2f5e-4432-8b50-4d2b03036806" subtype="Malicious Website Protection" direction="Outbound" domain="" ip="193.138.230.177" malwaretype="IP" port="52347"/>

<record severity="debug" process="C:\Program Files (x86)\Skype\Phone\Skype.exe" LoggingEventType="0" datetime="2014-09-12T10:46:21.539511+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="adb1828f-586e-4e7f-af2f-c9597363fccb" subtype="Malicious Website Protection" direction="Outbound" domain="" ip="193.138.230.177" malwaretype="IP" port="52351"/>

<record severity="debug" LoggingEventType="4" datetime="2014-09-12T10:46:43.953048+02:00" source="Scheduler" type="Error" username="SYSTEM" systemname="ALEX-PC" code="0" last_modified_tag="e3137e0c-3ed0-402d-a307-52aebefe9e08" message=""/>

<record severity="debug" LoggingEventType="1" datetime="2014-09-12T10:50:29.735061+02:00" source="Manual" type="Update" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="fc61324d-81b7-4e48-b84c-a01c9f876d5f" fromVersion="2014.9.11.8" name="Malware Database"toVersion="2014.9.12.2"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T10:50:33.009220+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="90391f41-1119-4c91-bf0f-47a65d12bde7" result="Starting" subtype="Refresh"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T10:50:33.024224+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="9b0890d2-6d2b-444a-945d-f0d6f85a13a2" result="Stopping" subtype="Malicious Website Protection"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T10:50:33.165645+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="830ff8fa-5292-45d8-8d47-e99707dc90a9" result="Stopped" subtype="Malicious Website Protection"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T10:50:36.486452+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="7d67c674-fd3b-4df2-8677-3275904d9157" result="Success" subtype="Refresh"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T10:50:36.509460+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="83f2934f-f3b4-4504-b09a-5e5917f89462" result="Starting" subtype="Malicious Website Protection"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T10:50:36.684500+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="21f507f6-d959-4491-aead-4cdb76691482" result="Started" subtype="Malicious Website Protection"/>

<record severity="debug" LoggingEventType="1" datetime="2014-09-12T12:30:21.708710+02:00" source="Scheduler" type="Update" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="76e34da0-dfea-4bf5-97da-111c41d47990" fromVersion="2014.9.12.2" name="Malware Database" toVersion="2014.9.12.3"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T12:30:22.821661+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="9d8cf84b-7071-47f8-b31a-359603ad5927" result="Starting" subtype="Refresh"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T12:30:22.835663+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="3c5a1495-a78a-4135-afc0-f0c4fa610f69" result="Stopping" subtype="Malicious Website Protection"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T12:30:22.884675+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="ae76635a-22cd-42df-8e1b-f8f69dcce176" result="Stopped" subtype="Malicious Website Protection"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T12:30:26.058763+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="e2b53912-6024-4a15-9914-cd5a569a1ad3" result="Success" subtype="Refresh"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T12:30:26.081793+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="23d5a1a3-8413-4d82-a3d1-976812fe5bab" result="Starting" subtype="Malicious Website Protection"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T12:30:26.255384+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="c5f21371-2fd5-4173-b8a2-7786e25d60b0" result="Started" subtype="Malicious Website Protection"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T14:24:42.363176+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="fd21beca-7ad4-4a70-b5a3-4f70d5788d69" result="Starting" subtype="Malware Protection"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T14:24:42.628818+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="6143bd78-02ae-49c5-bea6-27238346fd81" result="Started" subtype="Malware Protection"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T14:24:42.660072+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="11da175c-788e-4ef1-81cc-12f2d8d0d12f" result="Starting" subtype="Malicious Website Protection"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T14:24:42.894466+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="4deaee9a-c4cd-4f0b-8c6e-3d7633b12075" result="Started" subtype="Malicious Website Protection"/>

<record severity="debug" LoggingEventType="1" datetime="2014-09-12T15:15:18.195844+02:00" source="Scheduler" type="Update" username="SYSTEM" systemname="ALEX-PC" fromVersion="2014.9.10.2" last_modified_tag="c3e214b9-4515-4f48-8005-68dfde961847" name="Rootkit Database" toVersion="2014.9.12.1"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T15:15:19.307678+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="c1a8d296-9367-4283-83c1-9d74ffa0d2ec" result="Starting" subtype="Refresh"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T15:15:19.329682+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="b8568468-30a2-4dfa-adcf-30dec5b52012" result="Stopping" subtype="Malicious Website Protection"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T15:15:19.380694+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="aaac5d66-8a86-40e5-b363-ae0254dbd417" result="Stopped" subtype="Malicious Website Protection"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T15:15:22.626115+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="ed98efa7-b2ab-4580-97c7-d7a03d2a5aa2" result="Success" subtype="Refresh"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T15:15:22.648433+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="a97088a8-a0d0-4789-8fd5-61a29c49cd4b" result="Starting" subtype="Malicious Website Protection"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T15:15:22.847482+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="cd30df99-d3a5-4839-a7fd-fa2d7a9bcc4d" result="Started" subtype="Malicious Website Protection"/>

<record severity="debug" LoggingEventType="1" datetime="2014-09-12T16:45:22.671903+02:00" source="Scheduler" type="Update" username="SYSTEM" systemname="ALEX-PC" fromVersion="2014.9.12.3" last_modified_tag="c0439f7e-a004-41d9-830a-109c2d5404cd" name="Malware Database" toVersion="2014.9.12.4"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T16:45:23.747165+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="6f9bd9f1-20c1-4bb5-a344-5be5e3e26dc7" result="Starting" subtype="Refresh"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T16:45:23.763169+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="b7c47270-552f-4f71-98ec-f51f0bc51119" result="Stopping" subtype="Malicious Website Protection"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T16:45:23.887200+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="59184d01-f2b8-4ee0-a833-5fe265c8699e" result="Stopped" subtype="Malicious Website Protection"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T16:46:28.724932+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="543bce4c-e901-4b56-be03-efa05ea072a4" result="Success" subtype="Refresh"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T16:46:28.794949+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="4bb423ab-d4e7-4eef-aa79-34316ec7e131" result="Starting" subtype="Malicious Website Protection"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T16:46:29.014001+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="7585783c-da3f-4b69-af27-9cb75c956ba9" result="Started" subtype="Malicious Website Protection"/>

<record severity="debug" LoggingEventType="1" datetime="2014-09-12T17:45:45.128789+02:00" source="Scheduler" type="Update" username="SYSTEM" systemname="ALEX-PC" fromVersion="2014.9.12.4" last_modified_tag="2231ee3a-3071-45b1-bded-5d76713692de" name="Malware Database" toVersion="2014.9.12.5"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T17:45:46.259157+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="88577a60-0e19-4cef-9bcc-c91caed17a73" result="Starting" subtype="Refresh"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T17:45:46.282160+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="00c025da-4175-4944-8b35-d61b76d9f115" result="Stopping" subtype="Malicious Website Protection"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T17:45:46.316168+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="8904f162-f35d-47b5-a0ae-8bb317824c8b" result="Stopped" subtype="Malicious Website Protection"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T17:45:53.134410+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="ad01e236-ceaf-4a99-8768-9046decc9818" result="Success" subtype="Refresh"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T17:45:53.230666+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="df412d45-a91e-4d5a-bd8b-ae0fa47e148f" result="Starting" subtype="Malicious Website Protection"/>

<record severity="debug" LoggingEventType="2" datetime="2014-09-12T17:45:53.443219+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="ALEX-PC" last_modified_tag="7f2f1cf1-7cde-4008-96e4-134d7ac6cadf" result="Started" subtype="Malicious Website Protection"/>


</logs>

 

I am sorry, I don't quite understand how to "export logs" Here is the file contents. I know it doesn't have style but it is readable. Parts I am particularly interested in are those that have Skype in it

Link to post
Share on other sites

I am sorry, I didn't know you had to do it from application itself.

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Detection, 9/12/2014 10:46:20 AM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, IP, 193.138.230.177, 52327, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 
Detection, 9/12/2014 10:46:20 AM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, IP, 193.138.230.177, 52327, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 
Detection, 9/12/2014 10:46:21 AM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, IP, 193.138.230.177, 52341, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 
Detection, 9/12/2014 10:46:21 AM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, IP, 193.138.230.177, 52347, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 
Detection, 9/12/2014 10:46:21 AM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, IP, 193.138.230.177, 52351, Outbound, C:\Program Files (x86)\Skype\Phone\Skype.exe, 
Error, 9/12/2014 10:46:43 AM, SYSTEM, ALEX-PC, Scheduler, 0, 
Update, 9/12/2014 10:50:29 AM, SYSTEM, ALEX-PC, Manual, Malware Database, 2014.9.11.8, 2014.9.12.2, 
Protection, 9/12/2014 10:50:33 AM, SYSTEM, ALEX-PC, Protection, Refresh, Starting, 
Protection, 9/12/2014 10:50:33 AM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 9/12/2014 10:50:33 AM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 9/12/2014 10:50:36 AM, SYSTEM, ALEX-PC, Protection, Refresh, Success, 
Protection, 9/12/2014 10:50:36 AM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, Starting, 
Protection, 9/12/2014 10:50:36 AM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, Started, 
Update, 9/12/2014 12:30:21 PM, SYSTEM, ALEX-PC, Scheduler, Malware Database, 2014.9.12.2, 2014.9.12.3, 
Protection, 9/12/2014 12:30:22 PM, SYSTEM, ALEX-PC, Protection, Refresh, Starting, 
Protection, 9/12/2014 12:30:22 PM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 9/12/2014 12:30:22 PM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 9/12/2014 12:30:26 PM, SYSTEM, ALEX-PC, Protection, Refresh, Success, 
Protection, 9/12/2014 12:30:26 PM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, Starting, 
Protection, 9/12/2014 12:30:26 PM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, Started, 
Protection, 9/12/2014 2:24:42 PM, SYSTEM, ALEX-PC, Protection, Malware Protection, Starting, 
Protection, 9/12/2014 2:24:42 PM, SYSTEM, ALEX-PC, Protection, Malware Protection, Started, 
Protection, 9/12/2014 2:24:42 PM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, Starting, 
Protection, 9/12/2014 2:24:42 PM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, Started, 
Update, 9/12/2014 3:15:18 PM, SYSTEM, ALEX-PC, Scheduler, Rootkit Database, 2014.9.10.2, 2014.9.12.1, 
Protection, 9/12/2014 3:15:19 PM, SYSTEM, ALEX-PC, Protection, Refresh, Starting, 
Protection, 9/12/2014 3:15:19 PM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 9/12/2014 3:15:19 PM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 9/12/2014 3:15:22 PM, SYSTEM, ALEX-PC, Protection, Refresh, Success, 
Protection, 9/12/2014 3:15:22 PM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, Starting, 
Protection, 9/12/2014 3:15:22 PM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, Started, 
Update, 9/12/2014 4:45:22 PM, SYSTEM, ALEX-PC, Scheduler, Malware Database, 2014.9.12.3, 2014.9.12.4, 
Protection, 9/12/2014 4:45:23 PM, SYSTEM, ALEX-PC, Protection, Refresh, Starting, 
Protection, 9/12/2014 4:45:23 PM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 9/12/2014 4:45:23 PM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 9/12/2014 4:46:28 PM, SYSTEM, ALEX-PC, Protection, Refresh, Success, 
Protection, 9/12/2014 4:46:28 PM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, Starting, 
Protection, 9/12/2014 4:46:29 PM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, Started, 
Update, 9/12/2014 5:45:45 PM, SYSTEM, ALEX-PC, Scheduler, Malware Database, 2014.9.12.4, 2014.9.12.5, 
Protection, 9/12/2014 5:45:46 PM, SYSTEM, ALEX-PC, Protection, Refresh, Starting, 
Protection, 9/12/2014 5:45:46 PM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 9/12/2014 5:45:46 PM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 9/12/2014 5:45:53 PM, SYSTEM, ALEX-PC, Protection, Refresh, Success, 
Protection, 9/12/2014 5:45:53 PM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, Starting, 
Protection, 9/12/2014 5:45:53 PM, SYSTEM, ALEX-PC, Protection, Malicious Website Protection, Started, 
 
(end)
Link to post
Share on other sites

Those blocks are from the Skype program itself... it is a P2P program. Have a read through this KB article: Why does Malwarebytes Anti-Malware block Skype?

If you want to make sure your not infected, feel free to follow the instructions below to receive free, one-on-one expert assistance in checking your system and clearing out any infections and correcting any damage done by the malware.

Please see the following pinned topic which has information on how to get help with this: Available Assistance for Possibly Infected Computers

Thank you

Link to post
Share on other sites

Can I have some info on why this IP got blacklisted

That question is best asked of the group that handles False Positives - Website Blocking in their sub-forum.

 

Also, these ports seem a bit weird. I've never seen Skype use those. Is it common occurrence?

To paraphrase, Skype states they require unrestricted outgoing TCP access to all random destination ports above 1024 for normal operation.

HTH :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.