Jump to content

Malicious Website Blocked


Recommended Posts

Hello,

I will see these pop ups maybe once in a blue moon. I am currently a student studying in computer science so I am also a bit curious to find out more about this situation. I would greatly appreciate any in-depth detail I can get on what is actually happening.

Domain:
IP: 103.13.185.34
Port: 27015 (This port is actively used with games using the Source game engine on Steam)
Type: Inbound
Process: E:\Steam\steamapps\common\Team Fortress 2\hl2.exe

* I also tend to get these when I leave my Skype logged in and it shows a different IP coming from Skype.exe

 

I greatly appreciate any help and knowledge I can get with this situation as well as how to avoid getting this again. Thank you!

 

Link to post
Share on other sites

Dear Austin,

If you click on a log, a window opens that offers the option to export the log, choose to export it as a .txt file and you should be able to upload it. (Considering your education my guess is that this brief explanation should help, if you still have any questions, please let me know.)

I'm not capable of giving an in-depth explanation. I'll leave that to the more knowledgeable people here.

If you need more help uploading the logs, please let me know.

Regards,
Durew

Link to post
Share on other sites

Hello:

The log snippet shows an inbound probe of port 27015 from an IP in the Philippines.  MBAM's website protection module successfully blocked the probe.

Such inbound probes are a fact of life and there's no action to take, as long as your AV/firewall and MBAM Premium are up-to-date and running.

As for IP blocks when using Skype, see here: Why does Malwarebytes Anti-Malware block Skype?

Having said that, if you are seeing a lot of IP block popups, ESPECIALLY outbound and/or when you are using neither browsers nor Skype, then that could be a sign of malware infection.  If you would like a bit of help checking the system to be sure, I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
It explains the options for free, expert help >>AND<< the suggested, preliminary steps to expedite the process.
A malware analyst will assist you with looking into your issue - the helper will guide you through scanning, cleanup and repair.

Thank you,

Link to post
Share on other sites

Hi:

The log you attached shows no inbound probes during the time frame covered by that particular log. So, the probes may have stopped.

As previously explained, inbound IP blocks mean that MBAM is successfully blocking such probes.  Eventually, the attacker usually moves on.

From the info we have, it sounds as if MBAM is doing its job.
But we cannot say for sure whether you are or are not infected based on the information provided.
More suspicious would be outbound blocks and/or blocks that occur when you are NOT using browsers, P2P or Skype.

Please have a look at the links in my previous reply.

If you are still concerned and wish to check the system, then you might want to follow the advice in my previous reply -- one of the malware experts will assist you with scanning and (if needed) cleanup.

Cheers,

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.