Jump to content

MBAM detected inbound malware detection?

abuela
 Share

Recommended Posts

abuela

abuela

Posted
Posted

Since I'm new to MBAM Premium I got an incoming malware advisory.  I've got no clue if it is a false positive or for real.  So I declined it.

 

On the warning in the taskbar it mentioned 93.174.95.449152  C:\Windows\System32\wininit.exe and thus put it in the exclusions box and there deleted it.

 

I made a copy of the Protection log so you can look at it and tell me if it was a false positive or malware because as I said, I've got no clue.

 

I've attached a copy of the Protection log.  Hope it's a false positive.

MBAM daily Protection Log.txt

Link to post
Share on other sites
abuela

abuela

Posted
  • Author
Posted

Just to let you know is that I didn't give it access to my PC.  But that info shown in the MBAM popup was not removed so therefore I did send the notification and deleted that info as per my first post.

 

If you would be so kind to tell me the proper procedure in how to remove any info recvd in that popup box I'd be delighted.  Thanks.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

The logs do not appear to indicate any infection. There is an alternate data stream file but does not appear to be due to infection.

There are also a few files in the root of some folders which is not the proper location for any files but again does not seem to be due to an infection.

 

Yes, MBAM is doing it's job blocking this potential threat. Please see this news article from last year.

At least 32,000 servers broadcast admin passwords in the clear, advisory warns

 

Other programs such as Peer2Peer software are also known to use this port.

Port 49152 Details

 

Basically only a firewall or programs like MBAM can block incoming probes like that and it's quite normal to see incoming probes from time to time.

 

Thanks

Link to post
Share on other sites
abuela

abuela

Posted
  • Author
Posted

If you would be so kind to tell me the proper procedure in how to remove any info recvd in that popup box I'd be delighted.  Thanks.

Thank you so much for the good news Ron.  I still have this above question not answered.  Did I do the right procedure in order to remove the info in the pop-up MBAM box or will it disappear on its own? 

 

Thanks.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Please open MBAM and click on Settings, then on the left click on Malware Exclusions and either write down or take a screen shot of it and post back the information so I can see what has been set.

 

Also run a new MBAM CHECK scan and post back that new log.

 

Please create an mbam-check log:
 

  • Download mbam-check.exe from here and save it to your desktop
  • Double-click on mbam-check.exe to run it, it should then open a log file
  • Please do not copy and paste the entire contents of the log into your next post, instead please attach the log CheckResults.txt file which should now be located on your desktop to your next post

 

 

 

Thanks

 

Link to post
Share on other sites
abuela

abuela

Posted
  • Author
Posted

On the warning in the taskbar it mentioned 93.174.95.4.49152  C:\Windows\System32\wininit.exe and thus put it in the exclusions box and there deleted it.

 

Hi Ron.  As per my 1st post I clicked the item shown in the popup as the info was shown there and added it to web exclusions.  Then I deleted that item in there.  So no info shown in the web exclusions.

  

Since you requested another log I am attaching it herewith.

 

My question again is:  Will the info of those popup messages of disappear within that popup box or what is the proper procedure to get rid of those messages?

 

Thank you. 

CheckResults.txt

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

The Alert will not go away as long as an inbound IP block is made to your computer that is on our list of IP addresses to block. You could turn that off or exclude it but I would highly suggest that you allow it to alert. If you turn it off and then later on you have say an outbound (that is something on your computer and not coming in) then it would not alert if it was off. Normally these sort of probes usually last less than a couple weeks before they move on.

 

Yes, you're correct there is no sign of infection on your system.

Link to post
Share on other sites
abuela

abuela

Posted
  • Author
Posted

Hi Ron,

 

Thanks for your explanation.  As far as I understand, it is therefore best to leave that address in the MBAM notification box?  See, this is all new to me and the first one I caught.

 

See I used the free version MBAM for years but decided that MBAM should be compensated for all those free years and thus purchased it although MBAM free found never anything on my PC and neither did avast.  *knock wood*

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.