Jump to content

MBAM Blocking Many Outbound Connections


Recommended Posts

Hello.  I have Malwarebytes Premium installed and it is blocking many outbound connection attempts on a particular website.  The attempts are being made primarily by adnetworkperformance.com.  Although, a few other nefarious looking addresses make attempts, as well.

 

I have scanned with malwarebytes, eset, avast, adwcleaner, tdskiller and hitman pro x64.  All scans come up clean.  Attached below are my FRST scans.

 

Any help would be greatly appreciated.

 

 

FRST.txt

Addition.txt

Edited by Me213
misspelling
Link to post
Share on other sites

Hello and :welcome:

 

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif


icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

The only files under Protection Event in the Reports section are "scan" and "website blocked".  Through the following path C:/ProgramData/ Malwarebytes/Malwarebytes Anti-Malware/Logs I have many protection-logs, but they are in XML format.  I can change them to .txt files, but they will not attach.  

Link to post
Share on other sites

No.  It happens with all browsers that I have used.  IE, Firefox & Chrome.  I have uninstalled Mozilla.  I did try out Opera, just to see if something new would work, but it was affected as well.

 

Mostly the connection attempts are being made by "adnetworkperformance.com".  The others appear to just be a set of random letters followed by ".com" - that all appear to be sharing the exact same ip address.  For instance, xpyyystxrtt.com would attempt to connect and then lmnopyyyrt.com would try to connect and both domains would be from the exact same ip address.  It can be anywhere from 3-5 attempts all the way up to 30 some, as it cycles up and down the ports.

Link to post
Share on other sites

Upon researching the offending ip's, it appears that they all originate from the domain "popads.net".  All addresses are numerically  the same, except for the last two digits.  They go from .13 to .14 and so on.  I don't know if that helps.

 

report2.txt

Edited by Me213
Link to post
Share on other sites

Okay, we'll need a new set of reports:

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked. option is checked.

    2873ryc.png

  • Press Scan button and wait.

  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.


Please attach report into your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.