Jump to content

Malicious Website Protection Alert - Only When Retrieving Email


Recommended Posts

I just started receiving Malicious Website Protection alerts when I try to retrieve email from my email accounts that are hosted on a shared hosting plan (shared IP on Hostgator). I do not receive an alert if I visit these websites directly, via a web browser. I only receive these alerts when I retrieve email via Outlook.

A couple of questions:

1) Why would I receive this alert only when retrieving email?

2) Would this be considered a False-Positive, and should I report it as such?

Thank You!
 

Link to post
Share on other sites

:welcome:

Do you happen to use a web-browser to fetch the Email ?   If yes, which web browser do you use ?

If using web-based Email service ( like Yahoo or MS Outlook, Hotmail , etc) try using this browser combo  ( to reduce possible sources of malvertising):

I would recommend to only use Firefox browser that also has the addon for
NoScript Suite Lite.
and just only use that when going on  the web.

 

Second, if these are IP Block messages from our malicious website protection:

For Your  Information:
The IP Block message indicates that a potential risk was blocked by the malicious website protection.
It by default will always show each IP block occurrence.
The Malwarebytes Anti-Malware Website Blocking feature will advise customers when a known or suspected malicious IP is attempted to be reached  (outgoing) or is trying access your PC.

Incoming threats can be ignored, our software is blocking the attack and there is nothing more that can be done.

No action is required unless you’re also experiencing malware symptoms or there are multiple IPs  (ex;123.23.34 and 4.44.56).
A browser is not required to be running, just an active Internet connection with processes running,
such as Instant messenger clients, SKYPE or P2P software to trigger these alerts.

These are also triggered by banner ads running on websites which is the most common form of alert

Windows Vista and Windows 7 & 8 will show the process, but Windows XP does not have the structure in place for this to be displayed by our software

Please see/review this reference on MBAM’s IP blocks
https://support.malwarebytes.org/customer/portal/articles/1835325?b_id=6438

 

Other suggestion:

We have a free version Malwarebytes Anti-Exploit (MBAE) that protects against exploit attacks in your browsers and Java, and a paid version that also protects additional applications such as MS Office.
https://downloads.malwarebytes.org/file/mbae_current/

I would recommend you install the Anti-Exploit in free use mode.  ( If you do not already have it installed).

Let me suggest you apply these tips.  Then let me know if the issue is alleviated.

Link to post
Share on other sites

Maurice, thank you so much for your input. The issue I have comes up when I use the Outlook app to retrieve email. BUT I do also get the Malicious Website Protection prompt message if I try to hit that same email server via a browser. In essence I get this warning outbound via outlook.exe, and inbound via svchost.exe from the same shared server.

I contacted my web hosting provider and they said that this happens if the email client is not setup correctly. I told them that I haven't changed a thing in overall year or so, but they insisted that there was a configuration issue on my side. They want me to set up my email so that it uses imap instead of pop. I'm a little suspicious about their suggestion.

Link to post
Share on other sites

You say you get IP Block messages.  Lets see if we can dig down and see what that is about.

The first thing is for me to look at a the latest Protection logs from our software.
Look for the Protection Log for today  from the HISTORY section in our program.

Click on the *History* tab > *Application Logs*.
Double click on the *Protection* log which shows today's date.  Please make sure the word Protection is shown and also that you grab the very latest Date.
You can double click the line to get it on screen. Then use the menu at bottom of the window.

Click the EXPORT button at the bottom left.
Click *TEXT file*

Be very aware as to what folder and what NAME you give this report.  You have to make a note so you can send it.

Then attach that file with your next reply.

 

also

  • Download mbam-check.exe from >>> here <<<and save it to your desktop
  • On Vista/Windows 7, 8.1, 10, Right-click on mbam-check.exe & select Run as Administrator & allow to Run.
    On XP,Double-click on mbam-check.exe to run it.
  • It should then open a log file CheckResults.txt
  • Please copy and paste the entire contents of the log into your next post, or, if you prefer, you should  attach the CheckResults.txt file located on your desktop instead

 

Link to post
Share on other sites

Maurice, Attached are both files. I should mention that at about 9:30 am I added the suspect domain to the Web Exclusions list because I can't retrieve email unless I do so. For this reason, you'll see it disappear from the application log file at 9:33 am. But then I start to get Inbound errors instead. Let me know what you think.... and thank you for your help on this!

CheckResults.txt

ApplicationLog.txt

Link to post
Share on other sites

Thanks for those reports.   Do you keep track of what other programs are running when you attempt to use / get email ?

I'd like to do another review to insure that no oddities / no active infection is afoot.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.

You need the 64-bit version FRST64

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please only just attach the reports.
  • The first time the tool is run, it also makes another log (Addition.txt).
  • When all done, pleas attach both FRST.txt & Addition.txt  into the reply.    Thanks.

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.