Jump to content

MB blocking outbound connections to private range IP address


APA

Recommended Posts

Hello, I believe my PC is infected, however MB scan comes up clean. I have standard IPv4 private network setup:

IPv4 Address. . . . . . . . . . . : 192.168.0.7

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

I am only using my ISP modem for LAN connections as it has both wired switch/router and Wi-Fi router capabilities. I had to scan my local network to find one of my TV's that was connected wirelessly and decided to scan the whole range 192.168.0.1-192.168.255.255, when scanner(Netscan.exe) I was using got to address 192.168.217.134, I started getting multiple Malwarebytes popups 'Outbound connection blocked to 192.168.217.134 ,Trojan' with different port number on every block. Ran several scans with Malwarebytes(Premium) and restarted PC multiple times, but all scans came up clear. Tried using a different IP scanner(advanced_ip_scanner.exe) to see if that could be causing the issue and still got multiple 'Outbound connection blocked' popups every time it checked address 192.168.217.134. Disconnected all other devices from the network, restarted my modem, and restarted my PC to make sure it wasn't another device/PC on my LAN and still got multiple 'Outbound connection blocked to 192.168.217.134, Trojan' from Malwarebytes whenever I scanned that IP address. If I ping that IP address it returns a reply from localhost and I also get Malwarebytes 'blocked' popup:

Pinging 192.168.217.134 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=16ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 192.168.217.134:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 16ms, Average = 5ms

Ran a scan with adwcleaner_7.2.4.0.exe and FRST64.exe, following your directions from other posts, and adwcleaner found couple URL's in Chrome (AOL and Ask) which doesn't look like the cause of the issue, imho, FRST scan came up clean.

Posting Malwarebytes Scan log, Malwarebytes connection blocked logs, and adwcleaner and FRST scan logs below. 

Please advise.

Thank you.

APA

 

 

 

 

 

MB Scan.txt

MB outbound blocked Netscan.txt

MB outbound blocked Advanced IP Scanner.txt

AdwCleaner[C00].txt

FRST.txt

Addition.txt

Link to post
Share on other sites

Figured out that the issue is outside of my home network and has to do with my ISP's network infrastructure, it's either a rogue device between my home modem and next network hop device (ISP's router), or improper configuration of their network routers outside of my house, in which case not sure why I would get multiple outbound connections blocked with reason trojan by MB, unless it's a false positive. Notified my ISP and submitted a tickect with them.

APA

Link to post
Share on other sites

Yes, it is still there. When I ping it, immediately get connection blocked popup :

C:\Users\DTOM>ping 192.168.217.134

Pinging 192.168.217.134 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=17ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.217.134:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 17ms, Average = 4ms

 

MB scan.txt

Outbound connection blocked report.txt

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.