Jump to content

Is this something I should worry about?


Recommended Posts

I'm currently running Malwarebytes Premium Trial 3.2.2 on my Windows 8 system. I received this version - including the automatic premium trial - after an update a week or so back. As I type this, there is still six days left on my trial. 

Currently, I'm using Chrome as my main browser. 

For the past few days, I've gotten "website blocked" notices from Malwarebytes. These notices pop up at random on websites I've never had issues with in the past, such as Comics.com (the website for Universal Press Syndicate's comic strips) and Mythbusters fan site Citadel of Myths. I know that some of them host ads from third-party ad providers, so it's possible that if this is something legitimate, it's somehow getting past Ad-Block Plus. The tech people I know are scratching their heads over this one, so I figured I'd come here directly to ask. 

The notices disappear pretty quickly, so I don't have a lot of time to try and write everything down. 

What I have gotten down so far - 

Domain: image.ibb.co

IP: 104.27.126.22

Port: This number keeps changing between warnings, but one port I was able to write down was 51642

Type: Outbound

File: C:\ProgramFiles(x86)\Google\Chrome\Application\chrome.exe

 

Is this an actual bit of malware attempting to come or go from my computer? Is it a false positive? 

I'd like it if someone could help me figure this out.

Thanks. 

 

Link to post
Share on other sites

Hello and Welcome.... more than likely these are blocks happening from the ads that are on the pages you are visiting... If you like you can post a copy of your latest Website Blocked log.

  1. Open Malwarebytes GUI
  2. Click on Reports
  3. Sort the results by date and time to get the latest report
  4. Double Click on Website Blocked
  5. Click On Export -> Export to *.txt file
  6. Save the file and then upload it here

Also you can provide the following logs for review.

Let's try and get some logs first so the team can review them and see if they can tell what may be causing your issues....

  1. FIRST: Create and obtain Farbar Recovery Scan Tool (FRST) logs
  2. Download FRST and save it to your desktop
    NOTE: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
  3. Double-click to run FRST and when the tool opens click "Yes" to the disclaimer
  4. Press the "Scan" button
  5. This will product two files in the same location (directory) as FRST: FRST.txt and Addition.txt
    NOTE: These two files will be collected by the MB-Check Tool and added to the zip file for you
  6. NEXT: Create and obtain an mb-check log
  7. Download MB-Check and save to your desktop
  8. Double-click to run MB-Check and within a few second the command window will open, then click "OK"
  9. This will produce one log file on your desktop: mb-check-results.zip
  10. Attach this file to your forum post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area

Thank You,

Firefox

Link to post
Share on other sites

My Windows program automatically blocked FRST as "potentially dangerous", so I couldn't run it upon download; it wouldn't even install. 

But here's the incident report from the most recent blocking as of the time I post this:

image.ibb block report.txt

And here's the MB Check Results zip file: 

mb-check-results.zip

I don't know if this means anything or not, but here's another block report, from something called Archive.org; I went to the references on a Wikipedia page relating to a topic I was researching and clicked on a link to that website, only to get a block warning for that too. 

archive.org block report.txt

Thanks. 

 

Link to post
Share on other sites

its smart screen that is blocking the download... FRST is safe to use... (note: your antivirus software may also try to block it)

Get the file below, its in a zip file and should allow you to download it, extracted to your desktop and run it.

 

 

Edited by Firefox
Link to post
Share on other sites

I think I may have found it... elsewhere on this site here. 

I actually *did* check the "false positives" report page, but didn't see this earlier. 

From what I'm seeing, ibb.co was blacklisted back in August or thereabouts after getting compromised. The IP address I was getting is different from the one listed in that false positive report, which may be why I didn't spot the thread. 

Is this the reason I'm getting the warning? If so, should I try to contact the admins of the people where I'm getting the hits? 

Thanks again. 

Link to post
Share on other sites

If you know the admins you can certainly try and contact them... but this is why your getting the blocks... once your trial period expires the web blocker feature will no longer be active and you will no longer be protected from that site....

Good exercise to see how its worth having MB3 Premium... if you ask me...

Link to post
Share on other sites

Once the trial expires, it will not be an issue for you because the web protection feature will not be actively running so you won't encounter the blocks (and if the site does indeed not exist any longer, then its not an issue).

I have always used the full Premium version... I am one of those that got a lifetime license way back when they were still available.  I for one believe is worth the money.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.