Jump to content
Steve1209

is 89.149.236.136 a FP?

Recommended Posts

Hi,

Two mornings in a row, I've received an IP detection for 89.149.236.136. As everyone says there is NO browser activity on my part to cause this over night. My browser was closed down. Some things that do occur over night on my system:

1. MBAM update followed by "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /fullscanterminate /minimized

2. Acronis True Image 10 Full system backup occurs with email notification as to result.

3. AntiVir full virus scan occurs.

4. Superantispyware downloads & does a complete system scan

Active program AIM with an AWAY message posted...

Is it a FP?

Thanks,

Steve

Share this post


Link to post
Share on other sites

Sadly it isn't an F/P, no. This IP belongs to a range that is owned by the IST (Internet Service Team);

http://hosts-file.net/?s=89.149.236.136

If you're aware of a legit site on this range, I urge you to convince them to move to a legit range, that is not controlled by known criminals.

Share this post


Link to post
Share on other sites

MysteryFCM,

Since I don't know what caused an access to this IP address, I don't know how to do that, I gave you all the software running overnight, my browser is closed down, what else could cause this?

Steve

Share this post


Link to post
Share on other sites

If this is occuring even with the browser, P2P and IM etc applications closed, chances are you've got an infection, in which case, I'd recommend posting a log to the HJT forums

Share this post


Link to post
Share on other sites

Sorry for being a bit off-topic, but... what is the Internet Service Team? I've not heard of it anywhere!

Share this post


Link to post
Share on other sites

Oh God.

I've come to known of McColo, Pricewert, RBN, but it seems that there's always something new to learn =)

Thanks for the info, Steven!

Share this post


Link to post
Share on other sites

My pleasure :)

Share this post


Link to post
Share on other sites

Hey MysteryFCM & others,

I went off to a Hijackthis forum thinking I must have some serious infection based on your reply, I don't use P2P but am still getting IP detections for 89.149.236.136, 89.149.254.58, 89.149.254.29 and now 219.149.5.209. The Hijackthis forum aided me thru a lot of tests on my system & declared my computer clean see the forum http://forums.maddoktor2.com/index.php?sho...mp;#entry110416. I'm still getting these detections overnight, yes my IE8 is open, I'll begin closing it overnight. Could these be somehow FP's, I don't know what else to do?

Share this post


Link to post
Share on other sites

They aren't F/P's, no. As mentioned, it does not necessarily indicate an infection, it just means something on your computer is trying to connect to the IP's.

Your firewall (assuming logging is enabled), should be able to tell you which application it is.

Share this post


Link to post
Share on other sites

Hey MysteryFCM,

Thanks for your info and response about a firewall. I've NEVER used a firewall before (Well the Windows XP firewall) but none other. So I thought I'd keep it simple, there were 2 or 3 free Firewalls I looked into and I choose the free Zone Alarm, no reason other than it was simple to implement on was forum. I installed it and after a day or so, all my legitimate programs trying to access the internet were there in ZA outbound. I was surprised by the number of INBOUND things trying to access my computer, at least 40-50 a day blocked. Since I installed ZA Free, there has NOT been an outbound IP detection by Malwarebytes, I wonder if the INBOUND traffic was creating the OUTBOUND IP alerts?

Anyways, thank you very much for making me a "Somewhat Smarter" computer user!

Steve

Share this post


Link to post
Share on other sites

My pleasure :rolleyes:

I'd actually not recommend ZA, instead recommending either Outpost or Online Armour (specifically for stability and security as ZA lacks in both).

The inbound shouldn't have created the outbound unless there was something on your computer, actually responding to them to begin with (again however, the firewall log files will tell you which it is).

Share this post


Link to post
Share on other sites

Personally, I don't like Online Armor. It slowed my computer to the point even the taskbar would not respond. And the loading time between windows just sucked. (On WinVista SP2).

Outpost? I think it's a good choice.

I'm currently using Comodo Firewall. It's extremely configurable and it has several layers of security. I used to use ZA, but it always gave me a lot of trouble to play games via Internet, and if I plugged and unplugged several times the network cable, it'd make the network unrecognisable. A reboot guaranteed :rolleyes:

Share this post


Link to post
Share on other sites

Not a fan of Comodo :rolleyes:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.