Jump to content
brandon23

is this false??

Recommended Posts

Hi -

I have been using your program for ages but just now joined this forum because I keep getting a message that a particular ip address is "infected". i do realize that i DONT actually have an infection and this is just how the program is able to notify me of an attempt to break in (from how i understand it). I do keep malwarebytes up to date daily and am getting this message daily at different times of the day. My question is very specific and related to the ip address that I am receiving this message on. The IP address is 121.15.245.215. If you could please let me know if this is a false positive or if there is an issue of possible intrusion I appreciate it. Thanks so much for taking the time to get back to me as soon as humanly possible.

P.S.

One piece of advice I have for developers, take it for what it is lol, is to place some sort sort of log in the application that can save these "infection" messages because it is very difficult to manage to write down the ip address fast enough before the message is gone. It took me at least 3 tries over 3 or so days to accurately write it down.

Share this post


Link to post
Share on other sites
Hi -

I have been using your program for ages but just now joined this forum because I keep getting a message that a particular ip address is "infected". i do realize that i DONT actually have an infection and this is just how the program is able to notify me of an attempt to break in (from how i understand it). I do keep malwarebytes up to date daily and am getting this message daily at different times of the day. My question is very specific and related to the ip address that I am receiving this message on. The IP address is 121.15.245.215. If you could please let me know if this is a false positive or if there is an issue of possible intrusion I appreciate it. Thanks so much for taking the time to get back to me as soon as humanly possible.

P.S.

One piece of advice I have for developers, take it for what it is lol, is to place some sort sort of log in the application that can save these "infection" messages because it is very difficult to manage to write down the ip address fast enough before the message is gone. It took me at least 3 tries over 3 or so days to accurately write it down.

To view a list of blocked IPs navigate to the following folder and look for a file called 'protection-log':

XP path:

C:\Documents and Settings\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs<<<<<<---look in this folder

Vista path:

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs<<<<<<---look in this folder

To get details about why an IP is listed go to the following site and search using the IP:

http://hosts-file.net/

Share this post


Link to post
Share on other sites
To view a list of blocked IPs navigate to the following folder and look for a file called 'protection-log':

XP path:

C:\Documents and Settings\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs<<<<<<---look in this folder

Vista path:

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs<<<<<<---look in this folder

To get details about why an IP is listed go to the following site and search using the IP:

http://hosts-file.net/

oh wow i had no idea that log existed thanks so much here is the info that the site you gave me gives me for that IP adress, but i have no idea what this means, can you please please help me deciper it. thanks so much for how fast you got back to me and thank you in advance for helping me with understanding this messsage :

Sites resolving to 121.15.245.215 were NOT found in our database

Matches: 0 H

IP PTR: Resolution failed

then below that it says :

Netblock Information:

:: [whois.apnic.net node-1]

:: Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 121.8.0.0 - 121.15.255.255

netname: CHINANET-GD

descr: CHINANET Guangdong province network

descr: China Telecom

descr: No.31,jingrong street

descr: Beijing 100032

country: CN

admin-c: CH93-AP

tech-c: IC83-AP

mnt-by: APNIC-HM

mnt-lower: MAINT-CHINANET-GD

mnt-routes: MAINT-CHINANET-GD

status: ALLOCATED PORTABLE

remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+

remarks: This object can only be updated by APNIC hostmasters.

remarks: To update this object, please contact APNIC

remarks: hostmasters and include your organisation's account

remarks: name in the subject line.

remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+

changed: hm-changed@apnic.net 20060518

source: APNIC

route: 121.8.0.0/13

descr: From Guangdong Network of ChinaTelecom

origin: AS4134

mnt-by: MAINT-CHINANET

changed: dingsy@cndata.com 20060707

source: APNIC

person: Chinanet Hostmaster

nic-hdl: CH93-AP

e-mail: anti-spam@ns.chinanet.cn.net

address: No.31 ,jingrong street,beijing

address: 100032

phone: +86-10-58501724

fax-no: +86-10-58501724

country: CN

changed: dingsy@cndata.com 20070416

mnt-by: MAINT-CHINANET

source: APNIC

person: IPMASTER CHINANET-GD

nic-hdl: IC83-AP

e-mail: ipadm@gddc.com.cn

address: NO.1,RO.DONGYUANHENG,YUEXIUNAN,GUANGZHOU

phone: +86-20-83877223

fax-no: +86-20-83877223

country: CN

changed: ipadm@gddc.com.cn 20040902

mnt-by: MAINT-CHINANET-GD

remarks: IPMASTER is not for spam complaint,please send spam complaint to abuse@gddc.com.cn

source: APNIC

This data has been pulled from the hpHosts cache

Share this post


Link to post
Share on other sites

It essentially means that some application on your system, or some site you visited, reached out to connect with that IP. And we've gathered data which indicates activity on that IP may be malicious. So we blocked it.

We're currently experiencing some false\positives due an unforeseen bug in the way XP reads IPs. This will be corrected soon.

Any application that has access to the Net can in theory trigger an alert. the most common applications that do that are P2P and IM clients. So you don't even need to be surfing to get an alert.

Share this post


Link to post
Share on other sites
It essentially means that some application on your system, or some site you visited, reached out to connect with that IP. And we've gathered data which indicates activity on that IP may be malicious. So we blocked it.

We're currently experiencing some false\positives due an unforeseen bug in the way XP reads IPs. This will be corrected soon.

Any application that has access to the Net can in theory trigger an alert. the most common applications that do that are P2P and IM clients. So you don't even need to be surfing to get an alert.

oh ok , thank you was prolly chat with my friend on AIM, thanks again, hagn!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.