Jump to content

Inbound and Outbound blocks by MBAM - same IP involved - Not sure what's occurring?


Recommended Posts

Good evening everyone,

 

     Not really sure if this is the best place to post my inquiry, so please accept my apologies if it belongs elsewhere.  My apologies also if the wording of my inquiry isn't exactly so great...I did the best I could to try and explain things.

 

Description of issues:

 

At 2:08 p.m.(U.S. EST) today, MBAM blocked an INBOUND connection attempt from IP 89.248.171.167 via Port 49152, Process:   C:\Windows\System32\wininit.exe (This block occurred while on-line - I just don't recall where I was on-line at the time, or what I was doing).  * NOTE:  This exact same INBOUND block by MBAM has occurred on 1 other occasion within the past week -  prior to today's episode.

 

At 5:29 p.m. today, the following OUTBOUND connection attempt was blocked by MBAM:   Detection, 6/1/2015 5:29:39 PM, SYSTEM, PETEADMIN-PC, Protection, Malicious Website Protection, IP, 89.248.171.167, Port 137, Outbound.  (No process was shown in MBAM's alert, but please note what is shown in the red rectangle in the screenshot below, when MBAM displayed its alert message)

Both these blocked connection attempts involved the same IP address as you can see.  Hosts-file.net reports the IP belongs to the Ecatel entity in The Netherlands.  IPvoid shows 4 detections for this IP address on its site.

 

When the OUTBOUND block occurred, I was offline and viewing the Network Activity log in my Outpost Security Suite program (again, please see attached image below taken at the time & also note what is shown in the red rectangle).

 

(For the MBAM OUTBOUND block to occur while viewing what you see in the screenshot below - seems very puzzling to me and more than a little bit disturbing - particularly given that both the Outbound & Inbound connection attempts are coming from the same IP).

post-103625-0-43302300-1433196299_thumb.

 

Yes...I'm glad MBAM is doing its job...I'm trying to understand exactly WHAT is going on and if I've got some real problem(s) here, or not.  (My computer doesn't seem to be experiencing any behavior which might indicate malware infection).

 

My question(s):  (1) - Can someone enlighten me a little, and (2) - Do I need to take some further action(s)?

 

Nothing showed up on today's scheduled quick scans with MBAM, Outpost, and a manual scan with SAS.  The only significant action taken today (around 11 a.m.) was when I uninstalled a specific Windows Update that has been confirmed as creating the following foldler:   C:\Windows\System32\GWX(As I saw reported in the Win 7 Forums, the specific KB update I uninstalled was responsible for displaying that Microsoft "ad/nag message" about reserving a copy of the upcoming Windows 10 OS when it's released).  I uninstalled the aforementioned update per advice in the Win 7 Forums in order to stop the continuing pop-up (ad/nag) message (which just began appearing this morning).

 

Thank you for your time, review, and advice/info!

 

Pete (EE)

Link to post
Share on other sites

Hello Eagleeye:

From your logs it is reasonable to assume the system is probably infected and malware removal actions are not permitted in this sub-forum.

I recommend following the advice from the topic: Available Assistance for Possibly Infected Computers and have one of the Malware Removal Experts assist you with your issue.

If, as recommended, you do open a topic in Malware Removal Help, please make reference to this thread.

If you would like to get off to a very fast start, the Malware Removal Experts would appreciate it if you would also Copy and Paste (not attach) both the FRST.txt and the Addition.txt output diagnostic reports from only Log Set 1 into your new topic. Please do not tick, nor untick, any pre-configured FRST categories.

Thank you. :)

Link to post
Share on other sites

Much obliged for the follow-up info, 1PW.

 

I'll start work on this issue tomorrow, as I'm just too exhausted from the events of today and need to get some shut-eye.

 

Best regards,

 

EE

Link to post
Share on other sites

Hi again 1PW,

 

     Just an update that I submitted a support request and Stefan is now working with me on the issue via email.

 

Cheers! :)

 

EE

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.