Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Malicious Website blocked technical questions


Recommended Posts

Regarding the screesnhot below I have the following questions:

 

Q1 The ip address (218.9.37.100) is on a database kept and maintained by Malwarebytes. True?

Q2 A new connection request (TCP SYN) has arrvied ("inbound" from this source at my laptop on port 23 True?

Q3 What does the process (C:Windows\System32\svhost.exe) have to do with this apparent connection request from 218.9.37.100 on port 23? It this process listening on 23 i.e. have port 23 open so that it is acting as a port 23 (telnet generally) server?

 

Assuming my reading of this message as described above is accurate then

Q4 Is it true to say that I generally do not want any website/host out on the internet to be making connections on port 23 (or any other port) unless I have specifically set up my laptop to do otherwise?

Q5 Should my firewall not have blocked this connection (and any other) request?

 

11.09.2014-09.11.png

 

Hope this makes sense and thank you for any replies

Link to post
Share on other sites

Hello and :welcome: :

 

 

svchost.exe is a file often targeted by malware.

And that IP is located in China.

As such, your post suggests that you may be infected.

 

We can't work on malware diagnostics and removal in this sub-section of the forum.

So, for expert assistance, I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
It explains the options for free, expert help >>AND<< the preliminary steps to expedite the process.
A malware analyst will guide you through the scanning and  cleanup process.

Thanks,

Link to post
Share on other sites

Thank you sir for your reply.

I will take action accordingly as you suggest.

I wonder if i could press for answers to my questions.

What exactly is this message telling me?

Was an attempt made to initiate a connection from my laptop to the ip address is question?

Was it initiated by the process specified?

Many thanks once again

Link to post
Share on other sites

Hi:
 

Was an attempt made to initiate a connection from my laptop to the ip address is question?


According to the popup, the connection was inbound from the IP to the computer.

In general, that sort of thing happens all the time -- all computers are probed from time to time.

Your router or firewall might often block such inbound attempts, so you would be unaware.

 

However, as the process involved in your particular case is often targeted by malware, there is a good chance you are infected.
 

Was it initiated by the process specified?

Yes.

 

More info about IP blocks here: What does it mean when I get an alert that Malwarebytes Anti-Malware has blocked a malicious site?

 

It's up to you, but I would recommend getting a malware expert to assist you with looking into your issue by following the advice in my earlier reply. :)

 

Thanks again,

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.