Malicious Website Protection

[thais]

I recently upgraded to MBAM Premium and have received a couple of  alerts(?) saying "Malicious Website blocked".  I don't know what this means.  Does it mean the website I am currently on?  If I am already on it, it didn't block it.  Just a few minutes ago I had been on a site describing cervical spine x-rays for several minutes when I got this "Malicious Website blocked" message.  Obviously, it hadn't blocked that site because I was on it. 

I guess I just don't understand how this works.

Please educate me.

Thanks...........Thais

PS:  I love the premium version I just recently bought - it goes and scans frequently without me having to do anything.

[gonzo]

The alert that you read also contains the domain name of the site that was blocked.  It may have been a site that was called by the page that you were on, generating additional content on the page.  That is often something you are not even aware of...you think its all part of the same page when its not actually.  Sometimes its also a false positive, because the website DID HAVE content that was considered dangerous in the very recent past but has since been cleaned.  It is there to protect you.

 

The following page is the user guide for MBAM Free, Trial and Premium.....

 

http://www.malwarebytes.org/support/guides/mbam/

 

It has answers for most questions that you will have.  When it doesn't, we like to know so we can make it better.

[1PW]

Hello thais:

Your topic's first post might benefit from supplemental clarity.

Please post the MBAM2 Daily Protection Log showing the Malicious Website Blocks you're reporting:

Reference: Malwarebytes Anti-Malware User's Guide - Daily Protection Log

• Please open the Malwarebytes Anti-Malware 2.x (MBAM2) Graphical User Interface (GUI).
• Single left-click History.
• Single left-click Application Logs.
• Left double-click the Protection Log pertaining to the date when the Malicious Website Protection notice(s) were seen.
• Single left-click Export button, and single left-click the Text file (*.txt) choice from the pull-down menu.
• Type Malicious in the File name: box, then single left-click Desktop, and single left-click the Save button.
• The MBAM2 GUI may now be closed.
• Please Attach the Malicious.txt file, from the Desktop, to your next reply in this thread.

Thank you for your patience and understanding.

[thais]

This is the malicious file:

[thais]

Sorry, I guess I didn't attach it correctly. Will try again:

Malicious.txt

[1PW]

Hello thais:

Reference: hxxp ://anti-hacker-alliance .com/index.php?details=93. 174.93. 20.

That IP address, stored in MBAM's records, does seem problematic and more than a bit potentially harmful.

Without a much deeper analysis, the most immediate conclusion is that MBAM's Malicious Website Protection did its job quite well in protecting your system from possible harm.

Thank you.

[Irhere]

Are the posted links to malicious tx live to a bad site?  Or will it come up for demonstration purposes?

 

My question is: Should this link not have been posted?

 

Thank you,

[thais]

 

 

My question is: Should this link not have been posted?

 

 

I question this, also, because I clicked on the link and upon arriving at the anti-hacker-alliance site, immediately got msg from MBAM that "Malicious Website blocked."

 

Should we be posting the Malicious.txt file from History whenever we receive one of these "blocked" messages?  or just assume MBAM took care of it and go on about our business

 

Thanks...................Thais.

[1PW]

Hello @Irhere and @thais:

 

I am not oblivious to your concerns so I have obscured the URL and made it unlinkable.

Note: thais' original "attack" was using port 1900 SSDP/UPNP which seems to be gradually on the rise again and incidentally may have been primarily aimed at a home router.

 

The embedded IP address remains in my post above and that address could be shared by other non-toxic users/URLs on the server.

 

Thank you.

[thais]

Malicious.txt

I never knew about those logs before  so have been perusing them this afternoon.  Since January 18th, there have been 17-18 of those very same "detections" - all with the same IP address and all "inbound".  Today, however, there was a detection with a different address and this time shown as "outbound".  I am attaching it.  Perhaps I am paranoid - I don't know enough about how these things work to know if I should be concerned or not.

 

Does MBAM want us to post the Protection Logs whenever we receive one of those "blocked" alerts?

 

Thanks for your patience in dealing with an untechnical user 

 

............Thais

 

PS:  Is there a way to edit a post?  A couple of posts back, I wanted to go back and clarify something  but didn't see how to edit.

[1PW]

Hello thais:
 
If the Outbound only incident in the above attachment is not directly related to any deliberate action with the IP address on your part through Internet Explorer, then a new topic in Malware Removal Help sub-forum is warranted. I recommend following the advice from the topic: Available Assistance for Possibly Infected Computers and have one of the Malware Removal Experts assist you with your issue.

If, as recommended, you do open a topic in Malware Removal Help, please make reference to this thread.

If you would like to get off to a very fast start, the Malware Removal Experts would appreciate it if you would also Copy and Paste (not attach) both the FRST.txt and the Addition.txt output diagnostic reports from only Log Set 1 into your new topic.

----------------------------------------------------------------------------
 
Editing your posts: Due to the unfortunate past actions of a few, post editing of your topic has not been enabled yet in the IP.Board software that supports this forum. Your ability to post edit will be enabled when your member ranking elevates from Members to Honorary Members upon your 100th post.

 

Thank you.

[thais]

In preparation to opening a topic in the Malware Removal Help section, I downloaded FRST64.exe (although the site gave warning that it might harm my computer).  It didn't give a choice where to save it - just put it in my "Downloads" folder.  When I double-clicked on it to run it, the screen darkened and got msg "Windows Smart Screen prevented an unrecognized app from starting.  Running this app might put your PC at risk." (yes, I have 64 bit system)

 

(Prior to this, I had read some of the advice in the "Available Assistance for Possibly......" that you mentioned above and read that I should turn ON the Smart Screen Filter.)  So - I don't know what to do now.

 

I'm not sure what your comment "If the outbound only incident in the above attachment is not directly related to any deliberate action with the IP address on your part thru IE......" means.  I didn't try to send any malicious anything to anybody.  I don't remember exactly WHAT I was doing on the computer at that time (1:55pm on 1/30)

 

So what should I do now, coach?

 

Thanks......................Thais

[1PW]

Hello thais:

 

Although it would have been nice to publish the FRST output text files with your new topic there, it may be most desirous to have you make a URL reference to this topic and allow your Malware Removal Helper to call the next action.

 

But do give a simplified yet accurate description of your Windows system software, anti-virus, anti-malware and any other security applications you have installed and run and a brief description of your issue.

 

Thank you.