Jump to content

website blocked due to riskware

Recommended Posts

I am getting a repeating message "website blocked due to riskware" on several computers.

i get this with and without any browsers running.

It is from a local computer on our network xxx.xxx.xxx.123

port 5355


port 1900


port 3702


port 161


port 2869

Type is "inbound"

file is"C:\windows\system32\svchost.exe


I have ran scans on all computers in question.

without any positive results.

any suggestions?


Link to post
Share on other sites

  • Staff

***This is an automated reply***


Thanks for posting in the Malwarebytes 3 Help forum.


If you are having technical issues with our Windows product, please do the following: 


If you haven't done so already, please run these two tools and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  • Farbar Recovery Scan Tool (FRST)
    1. Download FRST and save it to your desktop
      Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
    2. Double-click to run FRST and when the tool opens click "Yes" to the disclaimer
    3. Press the "Scan" button
    4. This will produce two files in the same location (directory) as FRST: FRST.txt and Addition.txt
      • Leave the log files in the current location, they will be automatically collected by mb-check once you complete the next set of instructions
  • MB-Check
    1. Download MB-Check and save to your desktop
    2. Double-click to run MB-Check and within a few second the command window will open, press "Enter" to accept the EULA then click "OK" 
    3. This will produce one log file on your desktop: mb-check-results.zip
      • This file will include the FRST logs generated from the previous set of instructions
      • Attach this file to your forum post by clicking on the "Drag files here to attach, or choose files..." or simply drag the file to the attachment area

One of our experts will be able to assist you shortly.


If you are having licensing issues, please do the following: 


For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 


Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

this is the log from one of the many computers

receiving the event

-Log Details-
Protection Event Date: 4/17/18
Protection Event Time: 2:06 PM
Log File: 0028d4c6-426a-11e8-804a-b86b23c9d7c6.json
Administrator: Yes

-Software Information-
Components Version: 1.0.342
Update Package Version: 1.0.4768
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: RiskWare
IP Address:
Port: [161]
Type: Inbound
File: C:\Windows\System32\svchost.exe



Link to post
Share on other sites

  • Staff

What is the IP address of all of these machines? 123.123.123.* is normally a public IP address, not a private one and is an infected website which is why it's blocked. Can you get the IP address from all the machines on your network by running the following command and uploading the ipconfig.txt file from your desktop?

ipconfig /all > "%USERPROFILE%\Desktop\ipconfig.txt"


Link to post
Share on other sites

  • Staff

Yep, since that public website is blocked, that's why you're getting this. On the devices getting this block message, you'll need to add an exclusion for that IP address.

I'd also look at maybe updating your networking scheme, as you'll have trouble accessing other websites that may exist in that IP range on the internet

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.