is 89.149.236.136 a FP?

[Steve1209]

Hi,

Two mornings in a row, I've received an IP detection for 89.149.236.136. As everyone says there is NO browser activity on my part to cause this over night. My browser was closed down. Some things that do occur over night on my system:

1. MBAM update followed by "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /fullscanterminate /minimized

2. Acronis True Image 10 Full system backup occurs with email notification as to result.

3. AntiVir full virus scan occurs.

4. Superantispyware downloads & does a complete system scan

Active program AIM with an AWAY message posted...

Is it a FP?

Thanks,

Steve

[MysteryFCM]

Sadly it isn't an F/P, no. This IP belongs to a range that is owned by the IST (Internet Service Team);

http://hosts-file.net/?s=89.149.236.136

If you're aware of a legit site on this range, I urge you to convince them to move to a legit range, that is not controlled by known criminals.

[Steve1209]

MysteryFCM,

Since I don't know what caused an access to this IP address, I don't know how to do that, I gave you all the software running overnight, my browser is closed down, what else could cause this?

Steve

[MysteryFCM]

If this is occuring even with the browser, P2P and IM etc applications closed, chances are you've got an infection, in which case, I'd recommend posting a log to the HJT forums

[centralkong]

Sorry for being a bit off-topic, but... what is the Internet Service Team? I've not heard of it anywhere!

[MysteryFCM]

They're a criminal organization involved in alot of the malware;

http://hphosts.blogspot.com/2009/05/ist-in...rvice-team.html

http://hphosts.blogspot.com/2009/05/google...es-and-250.html

[centralkong]

Oh God.

I've come to known of McColo, Pricewert, RBN, but it seems that there's always something new to learn =)

Thanks for the info, Steven!

[MysteryFCM]

My pleasure

[Steve1209]

Hey MysteryFCM & others,

I went off to a Hijackthis forum thinking I must have some serious infection based on your reply, I don't use P2P but am still getting IP detections for 89.149.236.136, 89.149.254.58, 89.149.254.29 and now 219.149.5.209. The Hijackthis forum aided me thru a lot of tests on my system & declared my computer clean see the forum http://forums.maddoktor2.com/index.php?sho...mp;#entry110416. I'm still getting these detections overnight, yes my IE8 is open, I'll begin closing it overnight. Could these be somehow FP's, I don't know what else to do?

[MysteryFCM]

They aren't F/P's, no. As mentioned, it does not necessarily indicate an infection, it just means something on your computer is trying to connect to the IP's.

Your firewall (assuming logging is enabled), should be able to tell you which application it is.

[Steve1209]

Hey MysteryFCM,

Thanks for your info and response about a firewall. I've NEVER used a firewall before (Well the Windows XP firewall) but none other. So I thought I'd keep it simple, there were 2 or 3 free Firewalls I looked into and I choose the free Zone Alarm, no reason other than it was simple to implement on was forum. I installed it and after a day or so, all my legitimate programs trying to access the internet were there in ZA outbound. I was surprised by the number of INBOUND things trying to access my computer, at least 40-50 a day blocked. Since I installed ZA Free, there has NOT been an outbound IP detection by Malwarebytes, I wonder if the INBOUND traffic was creating the OUTBOUND IP alerts?

Anyways, thank you very much for making me a "Somewhat Smarter" computer user!

Steve

[MysteryFCM]

My pleasure

I'd actually not recommend ZA, instead recommending either Outpost or Online Armour (specifically for stability and security as ZA lacks in both).

The inbound shouldn't have created the outbound unless there was something on your computer, actually responding to them to begin with (again however, the firewall log files will tell you which it is).

[centralkong]

Personally, I don't like Online Armor. It slowed my computer to the point even the taskbar would not respond. And the loading time between windows just sucked. (On WinVista SP2).

Outpost? I think it's a good choice.

I'm currently using Comodo Firewall. It's extremely configurable and it has several layers of security. I used to use ZA, but it always gave me a lot of trouble to play games via Internet, and if I plugged and unplugged several times the network cable, it'd make the network unrecognisable. A reboot guaranteed

[MysteryFCM]

Not a fan of Comodo