Jump to content

IP Protection: "Infection Detected"


Recommended Posts

Today I manually turned on the Protection Module (another thread details my problems in getting it working automatically). I was looking for more information about the Outpost Agnitum Free Firewall that I've installed on my WinXP Pro computer, and after doing a Google search I went to a web site entitled The Web Hikers Guide to Outpost Firewall at www.outpostfirewall.com/guide/ . To my surprise, MBAM's IP Protection popped up, saying "Infection detected" and providing the IP number 208.73.210.27. As far as I could tell, this site (the Web Hikers Guide) wasn't blocked, but when I went to different pages on the site, MBAM repeated its warning. I think 8 instances are recorded in the MBAM log, all for the same IP address.

I'm not sure what "Infection detected" refers to. Infection where? On multiple pages of this seemingly innocent website? In the browser that accessed the site? I ran a Quick Scan with MBAM using database 2675, and no malware was found on my computer. How am I supposed to know whether there's really a problem with this site, and if there IS a problem, why am I able to access it and roam about on it? I should add that I did a WhoIs search for the IP address and found it's registered to a company in California that probably just distributes such addresses:

OrgName: Oversee.net

OrgID: OVERS-1

Address: 515 S. Flower St

Address: Suite 4400

City: Los Angeles

StateProv: CA

PostalCode: 90071

Country: US

NetRange: 208.73.208.0 - 208.73.215.255

CIDR: 208.73.208.0/21

NetName: OVERSEE-NET-2

NetHandle: NET-208-73-208-0-1

Parent: NET-208-0-0-0-0

NetType: Direct Assignment

NameServer: NS1.OVERSEE.NET

NameServer: NS2.OVERSEE.NET

Comment:

RegDate: 2006-12-28

Updated: 2006-12-28

I'd really like to understand these "infection detected" alerts better. In particular, I'd like to know what specifically they refer to, when to take them seriously and when to ignore them, and what I should do when they appear. Thanks in advance for your help.

Link to post
Share on other sites

Have a look at this FAQ

It does not mean that you are infected. I believe I read that the MBAM team is working on changing the notification.

Thanks, prairie dog, for your prompt response. I had already looked at that FAQ, but I probably didn't pay enough attention to the part that said "If a notification is presented on a safe site, and the site loads, it is likely the site was loading content that is hosted on an IP known for malicious activity. In this case, the site itself will be displayed perfectly fine, with the malicious content being blocked." However, though what the FAQ says makes sense, I find it a bit strange that every page I went to on that site was trying to load malicious content.

I hope MBAM refines its IP Protection feature to provide a lot more specific information. Right now it seems to raise a number of unanswered questions. I have no idea, for example, where if at all on this site the threat lies or even if the threat is real.

Link to post
Share on other sites

I believe that installing hpHOST file will block those sites and if you install HostsMan with its browser speed up proxy HostsServer that has logging capability you will be able to see what sites are referred that load malicious content:

http://www.softpedia.com/get/Network-Tools.../HostsMan.shtml

MysteryFCM is the maintainer of hpHosts file.

Link to post
Share on other sites

I believe that installing hpHOST file will block those sites and if you install HostsMan with its browser speed up proxy HostsServer that has logging capability you will be able to see what sites are referred that load malicious content:

http://www.softpedia.com/get/Network-Tools.../HostsMan.shtml

Thanks, YoKenny1, for this info. I may give this a try. On the other hand, I'm really trying to reduce the number of programs I'm running rather than adding still more. In the past few years, I've tried several programs that were supposed to warn me about dodgy web sites or even block them. I found, however, that the programs often caused more problems than they solved. Oh well, I'll see whether my curiosity gets the better of me. It usually does :lol: .

Again, thanks very much.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.