Keep getting malicious website notification

[davei1]

All of a sudden today I started getting Malicious Website Detection from Malwarebytes several times per hour

for  IP 23.41.253.238...This is happening on almost all of my home networked computers. It's always this same

IP but it tries several times each time with different port numbers...

Here's an example...

Detection, 12/29/2016 12:01 AM, SYSTEM, I7HP-PC, Protection, Malicious Website Protection, IP, 23.41.253.238, 54550, Outbound, C:\Windows\System32\svchost.exe,
Detection, 12/29/2016 12:01 AM, SYSTEM, I7HP-PC, Protection, Malicious Website Protection, IP, 23.41.253.238, 54555, Outbound, C:\Windows\System32\svchost.exe,
Detection, 12/29/2016 12:01 AM, SYSTEM, I7HP-PC, Protection, Malicious Website Protection, IP, 23.41.253.238, 54557, Outbound, C:\Windows\System32\svchost.exe,
Detection, 12/29/2016 12:01 AM, SYSTEM, I7HP-PC, Protection, Malicious Website Protection, IP, 23.41.253.238, 54559, Outbound, C:\Windows\System32\svchost.exe,
Detection, 12/29/2016 12:01 AM, SYSTEM, I7HP-PC, Protection, Malicious Website Protection, IP, 23.41.253.238, 54562, Outbound, C:\Windows\System32\svchost.exe,
Detection, 12/29/2016 12:01 AM, SYSTEM, I7HP-PC, Protection, Malicious Website Protection, IP, 23.41.253.238, 54563, Outbound, C:\Windows\System32\svchost.exe,
Detection, 12/29/2016 12:01 AM, SYSTEM, I7HP-PC, Protection, Malicious Website Protection, IP, 23.41.253.238, 54565, Outbound, C:\Windows\System32\svchost.exe,

I've done FULL SCANS with Kaspersky Internet Security and Malwarebytes 2.2.1.1043 (Premium version...I'm a longtime paying customer) on all computers and they

all come up completely clean with Kaspersky and Malwarebytes...I'm at a loss of what is happening...I did not notice this until today and I don't see this from past days

in the MB history...I reimaged a couple of them from almost a week ago backup and they still began to do the same thing...I'm thinking that Malwarebytes has added this IP

that they did not have in the definitions before and that may explain it...The IP is for AKMAI Technologies but I saw on a malware detection site that this IP has a very high

incidence of Malware detection...I'm kind of at a loss of what to do next??? All my computers are Windows 10 32-bit either Home or Pro.

Edited December 29, 2016 by davei1

[TwinHeadedEagle]

Hello and

 

 

[davei1]

Hi TwinHeadedEagle,

And thanks for your help...

Here are the FRST.TXT and ADDITION.TXT from one of my affected computers...They all have more or less the same configuration...Some just have some additional applications.

 

Addition.txt

FRST.txt

[TwinHeadedEagle]

I don't see malware here. However I see some cracked software and that could be a reason for outbound warnings and isn't in accordance with forum Piracy Policy.

[davei1]

Thanks...There's been nothing added to this system in a long time other than updates...

Is there an application that I can monitor what is attempting to use 23.41.253.238...I'm just seeing

svchost.exe is attempting to contact the IP but of course it's something else that is requesting...

I've been using Kaspersky IS and MBAM for years (both paid) on my systems and I just started seeing

these attempts today to this IP (Which is why I thought MBAM might have just added this IP)...

[TwinHeadedEagle]

Then it probably came in the latest database. It could also be a false warning, you should probably wait until next database update.

Edited December 29, 2016 by TwinHeadedEagle

[davei1]

That's what I was thinking (and hoping)...

If you would please take a look at the FRST.TXT and ADDITION.TXT from another computer (last one)...

Just to see if you see anything that may be common that might be the issue...

I can say that one time today when I opened SKYPE on the one system it immediately alerted on MBAM but

it might have just been a coincidence...I didn't see anything about SKYPE contacting AKMAI on the web anywhere...

Addition.txt

FRST.txt

[TwinHeadedEagle]

Skype detection is normal because it runs on Peer to Peer network. I don't see infection on this PC too and it is very unlikely that you have two machines infected with the same malware at the same time. I would wait for next database update.

[TwinHeadedEagle]

As I've said, please wait for the next database update. It is most likely a false warning.

[davei1]

OK...Thank you very much TwinHeadedEagle...

On the few occasions I've had a problem with MBAM

I've always gotten excellent help (Which is why I'm a customer every year)...

THANKS Again...

[davei1]

Dan,

They pushed out IP Updates and Domain Updates about 9 hours ago that should correct the issue...I haven't had any alerts

since they pushed out the updates...

 

[AdvancedSetup]

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!