Jump to content

IP addresses appear unexpectedly in Web Exclusions


Recommended Posts

I discovered about 2-4 IP addresses in Web Exclusions on each of my two desktops and laptop. I think they had been there for a long time because honestly I did not check this settings earlier. IP addresses were from Nigeria, India, Moldova, Netherlands. I removed them immediately.

 

I contacted support who said they are there by user action on purpose or by accident.

 

I have looked at forum and surfed.Others have had this problem. My impression is that nobody know for sure how this happens. One poster suggest it might be an inadvertent response clicking on the Malwarebytes popups notifying a block. I saw also Escatel mentioned by others which came up with me.

 

There is no signs that my systems have been taken over or passwords changed. I check Web Exclusions now several times a day over last week and no new IP addresses have appeared. My virus software (Norton on my main desktop) and Malwarebytes is not picking up anything.

 

I am not an expert and am a bit worried.

 

It would be nice to know how this could have happened, because certainly I did not add these IP addresses myself deliberately ! 

 

My main concern though is whether the websites of the IP addresses in question could have been accessing my computers and spying or adding code. Am I correct that Malwarebytes itself would have picked up any malicious code from these sites when a threat scan is carried out. Also would the appearance of an IP address in my Web Exclusions allow it to bypass firewalls or evade detection by my other virus software.

 

I would be grateful for any feedback. Thanks.

 

OwenS

Link to post
Share on other sites

Hello and :welcome: :
 

I contacted support who said they are there by user action on purpose or by accident.

 
That is correct.
MBAM does not automatically add IPs to web exclusions on its own.
So, someone with access to the computer somehow knowingly or unknowingly allowed those exclusions to be created.

(Without seeing more data, such as your mbamcheck logs, it's hard to say for sure exactly.)
 
Having said that, if you are already working with support via email, we suggest that you continue to do so.
It can be confusing and inefficient to work on the same problem simultaneously in multiple different venues.
 
AND having said THAT, if you prefer INSTEAD to be assisted here in the forum, rather than at the help desk, please ask your helper to close your ticket at the help desk.
Then, I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
It explains the options for free, expert help >>AND<< the suggested, preliminary steps to expedite the process.
A malware analyst will assist you in the malware removal forum with looking into your issue - the helper will guide you through scanning and cleanup and can advise you about computer security counter-measures to reduce the chance of infection.

Thanks,

Link to post
Share on other sites

Thanks for your response. I am sorry for this confusion. I decided it would be nice to participate in the forum, as I might learn a lot. I have e-mailed to close the ticket.

 

It appears that I am getting answers to my question as to how the IP addresses could have appeared in Web Exclusions.

 

However I would appreciate if anyone could comment on the risks ... ie my final paragraph in original post.

 

Malwarebytes was recommended to me by people at work. This gives me confidence. But when you go to the Dashboard there is this green smiley emoticon with ... Your system is fully protected ...

 

But now I am worried that all along, in fact it was not protected because if these rogue IP addresses. OK it may be my fault for not checking better the Web Exclusions, but I think I am like most people, I generally use the default options and hope that the software will do the job.

 

Would it be possible for Malwarebytes to periodically send automatic warnings to people alerting them to the presence of things in Web Exclusions field. If I had got such alerts I would have known what to do ie check the IP addresses and delete them.

 

OwenS

Link to post
Share on other sites

PS ...from OwenS

I am studying the available assistance link for infected computers. Wow this is complicated. But I'm not convinced it applies to me now as I don't think my computers are infected. Malwarebytes has not detected anything nor my other virus software. I'm really more concerned about whether I was compromised in the past ... ie what the implications are of having had these IP addresses in Web Exclusions. OwenS

Link to post
Share on other sites

Hi:
 
We'll need to wait for a forum staff member or expert to answer most of your detailed questions.
And there may be no way to specifically answer them (e.g. how/when/who created the exclusions) without expensive forensic analysis of your system.
 
MBAM Premium does provide realtime anti-malware protection alongside your AV.
Another layer of protection could be provided by Malwarebytes Anti-Exploit (MBAE).
It blocks the "how" of malware, by shielding vulnerable, internet-facing applications, such as browsers and plug-ins.

(MBAM and your AV focus largely on the "what" of malware.)
 
Having said that, no one security program or collection of programs can protect 100% of computers from 100% of malware 100% of the time.
The first and last line of computer defense is the component between the chair and the keyboard. ;)
Additional information about safe computing practices may be found here:

The complexity of finding, preventing, and cleanup from malware
So how did I get infected in the first place?
How did I get infected?
Answers to common security questions - Best Practices
List of well known antivirus products
Six tips to help you stay safer online

 

As for your suggestion to add a "notification" feature, that would best be handled via the special "Comments and Suggestions" forum HERE. :)

 

We don't work on malware diagnosis and cleanup here in this particular forum area.

So, if you would like help checking the system, I suggest that you might want to please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
It explains the options for free, expert help >>AND<< the suggested, preliminary steps to expedite the process.
A malware analyst will assist you in the malware removal sub-forum with looking into your issue - the helper will guide you through checking and cleaning the system.

>>>I'm not saying you are necessarily infected -- it's just that the work needed to check is not permitted in this forum area.

But it's entirely up to you.

 

Thanks again,

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.