Jump to content

Malwarebytes' Anti-Malware IP Protection-Infection Detected Message


jh1836
 Share

Recommended Posts

For the past several weeks I have been getting "Malwarebytes' Anti-Malware IP Protection: Infection Detected" pop-up message from the Malwarebytes' Anti-Malware icon in the notification area. And lately I have been getting them more frequently.

I one got this morning at 8.56.45 AM that said "Malwarebytes' Anti-Malware IP Protection: Infection Detected: 219.149.52.126".

I also got two other pop-up messages this morning, one at 8.41.33 AM for 222.71.29.142 and another at 8.43.17 AM for 218.0.251.216.

What is causing these messages and what am I supposed to do about them?post-12616-1250193208_thumb.png

post-12616-1250193225_thumb.png

post-12616-1250193237_thumb.png

Link to post
Share on other sites

prairie dog:

I read the link in your post.

It says: "When you ask your browser to connect to a website, Windows uses DNS or the HOSTS file (depending on configuration), to convert that domain name into it's corresponding IP address (e.g. example.com <> 1.2.3.4). MBAM intercepts the packet communications, to determine whether or not the IP address is known for malicious activity, and if so, blocks the communication."

But I'm getting these IP Protection messages even when my browser is not open.

My OS is XP Home SP3

Link to post
Share on other sites

prairie dog:

I read the link in your post.

It says: "When you ask your browser to connect to a website, Windows uses DNS or the HOSTS file (depending on configuration), to convert that domain name into it's corresponding IP address (e.g. example.com <> 1.2.3.4). MBAM intercepts the packet communications, to determine whether or not the IP address is known for malicious activity, and if so, blocks the communication."

But I'm getting these IP Protection messages even when my browser is not open.

My OS is XP Home SP3

Do you use any P2P software?

Link to post
Share on other sites

  • Staff
prairie dog:

I read the link in your post.

It says: "When you ask your browser to connect to a website, Windows uses DNS or the HOSTS file (depending on configuration), to convert that domain name into it's corresponding IP address (e.g. example.com <> 1.2.3.4). MBAM intercepts the packet communications, to determine whether or not the IP address is known for malicious activity, and if so, blocks the communication."

But I'm getting these IP Protection messages even when my browser is not open.

My OS is XP Home SP3

Not only may any P2P app trigger them as prairie dog mentioned, your IM client may as well. Mine does. They all run ads, so these can be ads which lead to rogue sites.
Link to post
Share on other sites

  • Staff

Many applications on your system access the Net at any given time. There are two scenarios here, this first one being the most likely, one of the applications is triggering a false\positive. We're aware of this issue and are working to correct it. It has to do with the way the OS read the IPs.

Second scenario is that your system is infected and you'll need to post into the HijackThis forum. I would say if this alert is the only indication of a 'problem', then this is not the case.

And as anticipation to your next question, your firewall may tell you what applications have access to the Net. Tho some display much more info than others. Also, only Vista is able to tell you which applications are triggering the alerts and relying this info to a third party, but we do not have this coded into the software as yet, but it is being looked into as a possible future option.

Link to post
Share on other sites

  • 3 weeks later...
Many applications on your system access the Net at any given time. There are two scenarios here, this first one being the most likely, one of the applications is triggering a false\positive. We're aware of this issue and are working to correct it. It has to do with the way the OS read the IPs.

Second scenario is that your system is infected and you'll need to post into the HijackThis forum. I would say if this alert is the only indication of a 'problem', then this is not the case.

And as anticipation to your next question, your firewall may tell you what applications have access to the Net. Tho some display much more info than others. Also, only Vista is able to tell you which applications are triggering the alerts and relying this info to a third party, but we do not have this coded into the software as yet, but it is being looked into as a possible future option.

I've got a constant bubble popping up every 30sec saying IP 64.202.189.170 infection detected.

I checked it out on hp-hosts and it is defiantly a dodgy IP but after doing multiple scans I can't detect anything dodgy on my PC that is trying to access this IP. It is a 3 week old HP Laptop running Vista and I've only installed a few apps so I'm wondering how I can use Windows Firewall to work out which program is trying to access the IP.

Before anyone asks I don NOT have any P2P or IM software installed.

I'm only asking due to the above mentioned Vista being able to tell you which applications are triggering the alerts.

Thanks for any help

Link to post
Share on other sites

  • Staff
I've got a constant bubble popping up every 30sec saying IP 64.202.189.170 infection detected.

I checked it out on hp-hosts and it is defiantly a dodgy IP but after doing multiple scans I can't detect anything dodgy on my PC that is trying to access this IP. It is a 3 week old HP Laptop running Vista and I've only installed a few apps so I'm wondering how I can use Windows Firewall to work out which program is trying to access the IP.

Before anyone asks I don NOT have any P2P or IM software installed.

I'm only asking due to the above mentioned Vista being able to tell you which applications are triggering the alerts.

Thanks for any help

There won't be anything detected in scans. We're changing the wording of this feature. The IP in question was prevented from loading content.

In so far as Vista being able to tell you which application access the Net, this feature is not yet coded into the IP Protection. It may be added in future releases tho. Most advanced firewalls have program control features and there may be help for you there.

Also keep in mind, every site you visit will usually link to many, many other sites, either thru advertising or just links in general. Any of these links to other sites from the site you're visiting could trigger the alert.

Link to post
Share on other sites

There won't be anything detected in scans. We're changing the wording of this feature. The IP in question was prevented from loading content.

I understand from reading other posts already that this didn't mean there would be an infection on my PC but I just assumed there may have actually been because the alert starts popping up as soon as my wireless connects to the internet. This is even before I open any browsers or other programs that use the internet. Therefore i assumed there would be some sort of malicious software on my computer trying to access that IP sp I was hoping there was a way to find out which process was responsible.

Link to post
Share on other sites

I'm getting these too... every few seconds. The difference is that I have P2P installed (Utorrent) and usually running when they pop up, although none of the IPs I'm connected to are the ones popping up. Strange.

Did anyone else notice that the IPs which pop up are always Chinese ISPs? Not sure if there's anything to that or not. China can have any and everything on my computer as there's no government secrets on it. :)

Link to post
Share on other sites

I understand from reading other posts already that this didn't mean there would be an infection on my PC but I just assumed there may have actually been because the alert starts popping up as soon as my wireless connects to the internet. This is even before I open any browsers or other programs that use the internet. Therefore i assumed there would be some sort of malicious software on my computer trying to access that IP sp I was hoping there was a way to find out which process was responsible.

If you are getting those pop-ups with no internet browswer windows open, P2P, IM, or any other network-running program that you know of, I would consider posting a HJT and MBAM log in the Malware Removal section. Your computer may be infected.

I'm getting these too... every few seconds. The difference is that I have P2P installed (Utorrent) and usually running when they pop up, although none of the IPs I'm connected to are the ones popping up. Strange.

Did anyone else notice that the IPs which pop up are always Chinese ISPs? Not sure if there's anything to that or not. China can have any and everything on my computer as there's no government secrets on it. :)

You won't be connected to the IPs that are popping up because MalwareBytes' is blocking the connection from being made :) I've had a few from the Chinese range pop up but I never narrowed it down to what it was.

Link to post
Share on other sites

If you are getting those pop-ups with no internet browswer windows open, P2P, IM, or any other network-running program that you know of, I would consider posting a HJT and MBAM log in the Malware Removal section. Your computer may be infected.

Forgive my ignorance but what is a HJT and I'm assuming you mean the IP blocker MBAM log and not the regular MBAM scan log as a full scan is not finding anything anyway?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.