Blocking outgoing connection to ransomware site

[melonny]

I run Malwarebytes Pro and Emsisoft IS. Both are scanning my system as clean. But Malwarebytes keeps blocking an outgoing connection from Chrome to an IP that is associated with ransomware. Even if my system isn't infected and Malwarebytes is doing its job, I don't like it if there's a file in my computer that's trying to contact a dangerous site. So even though I don't think I'm infected, I'm posting here because I might be and I want to figure this out. Here's the latest Protection Event report:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 9/1/17
Protection Event Time: 12:00 PM
Log File: 
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2704
License: Premium

-System Information-
OS: Windows 10 (Build 14393.1593)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain: 
IP Address: 69.64.147.10
Port: [58763]
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(end)

That IP address seems to be associated with ransomware, according to a quick search. And here's another one from yesterday:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 8/31/17
Protection Event Time: 9:29 AM
Log File: 
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2696
License: Premium

-System Information-
OS: Windows 10 (Build 14393.1593)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain: www.redomestication.com
IP Address: 69.64.147.10
Port: [51848]
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(end)

I was afraid to visit this site to see what it's about. Could these outgoing connections be as simple as having a certain website open in my tabs? I just closed several down 15-20 minutes ago, and stopped getting reports from Malwarebytes. But that may be just coincidence. I don't understand how malvertising or anything on a website could cause Chrome to make outbound connections it shouldn't be making.

 

[AdvancedSetup]

Hello @melonny and

Let's try resetting your browsers and see if that corrects the issue for you.

 

Please visit each of the following sites and let's reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Microsoft Edge
How to Reset Microsoft Edge in Windows 10

Firefox
Click on Help / Troubleshooting Information then click on the Refresh Firefox button.

Chrome
Reset Chrome back to defaults to completely clear out issues with Chrome.

• First, go to >> Google Sync << and sign into your account. Make sure you know your password as this will clear it from the browser.
• Scroll down until you see the   "reset sync" button to clear your data from the server and remove your passphrase.
• Now, close all Chrome windows. Chrome cannot be running for the next step. If needed, print this information or use another browser to read the information.
• Press the Windows key + R at the same time, to bring up the run dialog box.
  • 
• Type in (or copy/paste) the following and press Enter:     %localappdata%\Google\Chrome\User Data\Default\

1. Press Ctrl + A to select all the files and folders.
2. Hold down Ctrl + A and click once on the files "Bookmarks" and "Bookmarks.bak". This will unselect them.
3. With all the files selected (except for your Bookmarks), press the Delete key and click Yes to delete the files and folders.
4. Example of all files and folders selected, except Bookmarks

 

Restart your computer now and make sure there are no longer any redirects or other browser issues. 

 

[melonny]

Hi Advanced Setup,

I may have fixed this issue. Yesterday after posting here, I closed Chrome to confirm the connections were only happening when it was open. They were. So then I tried clearing the cookies, which I never do and should do more often. Then I rebooted. Since then, no outbound connections and I'm hearing my fan run much less often. The connections were happening several times an hour before that, so I think this is fixed. If not, I'll come back and try resetting Chrome completely and then we can go from there.

[AdvancedSetup]

Great, sounds goo @melonny

Take care

Ron

 

[melonny]

Quick update in case anyone else has this problem. The Malwarebytes block notices didn't happen again for a couple of days. Today they started up again, but only when I visited one of my Pinterest business account boards. I started going through the pins on the board and checking their links - sure enough, one of them led to Malwarebytes' warning page about malware. I deleted that pin, and the block warnings have stopped again. It's only been about an hour since this happened, but because they stopped immediately after deleting the bad link, I feel pretty sure that's all it was. 

[AdvancedSetup]

Sweet, thanks for the update @melonny much appreciated

 

[AdvancedSetup]

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!