Andy Spragg Posted September 8, 2009 ID:123085 Share Posted September 8, 2009 As well as all other 93.188.128.xx are showing as malicious .... please confirmThis thread caught my eye because I'm trying to troubleshoot a connection problem:http://www.malwarebytes.org/forums/index.php?showtopic=23349(which might be a complete red herring in this context) and I've been browsing my protection logs tonight for the first time. I have a months worth. Most of them are only 1-2k and just contain IP protection start and stop messages, but a few contain IP block alerts. In particular, the logs for yesterday and the two days before were 30, 52 and 23 k respectively. They're chock full of IP-BLOCK 93.188.128.xx messages - only for the three users of the PC, though, not for me with admin rights. I don't know if these blocks would also have popped up a system tray notification, but I presume someone would have mentioned something if the system tray went as hyper as the logs suggest it would have done. I have had one or two IP addresses blocked recently, that were alerted via the system tray, but there seems to be a lot more "silent" blocking going on than I was aware of. I also don't believe that all these three users would have been intentionally trying to connect to all the IP addresses in turn in the same range. Anyone know the explanation?Andy Link to post Share on other sites More sharing options...
Andy Spragg Posted September 8, 2009 Author ID:123098 Share Posted September 8, 2009 |When trying to download latest version of CCleaner from:http://www.filehippo.com/download_ccleaner...23e981303626f67I can't say for sure this is an FP - no reason why the site should not have been compromised, I suppose - but on the face of it it seems relatively unlikely. Same result on two attempts a week or so apart. Because I don't know for sure it's a FP, I haven't saved a developer log yet; should I?Andy Link to post Share on other sites More sharing options...
MysteryFCM Posted September 8, 2009 ID:123103 Share Posted September 8, 2009 The URL it's trying to load is;http://fs2.filehippo.com/4536/d710a676e6e14d95970bc2dc6355dbec/ccsetup223.exeFileHippo itself is about as safe as any other download site (i.e. only as safe as the person browsing it), but the IP is on a range that is well known for criminal activity, which is why it's blocked.You can however, download CCleaner from the authors website;http://download.piriform.com/ccsetup223.exe/editSlim build (no bundled rubbish) can be found at;http://www.ccleaner.com/download/builds/downloadbinslim Link to post Share on other sites More sharing options...
Andy Spragg Posted September 8, 2009 Author ID:123106 Share Posted September 8, 2009 Sorry, I already tried to reply to this and it came out as a new topic, no idea how. Try again ...As well as all other 93.188.128.xx are showing as malicious .... please confirmThis thread caught my eye because I'm trying to troubleshoot a connection problem:http://www.malwarebytes.org/forums/index.php?showtopic=23349(which might be a complete red herring in this context) and I've been browsing my protection logs tonight for the first time. I have a months worth. Most of them are only 1-2k and just contain IP protection start and stop messages, but a few contain IP block alerts. In particular, the logs for yesterday and the two days before were 30, 52 and 23 k respectively. They're chock full of IP-BLOCK 93.188.128.xx messages - only for the three users of the PC, though, not for me with admin rights. I don't know if these blocks would also have popped up a system tray notification, but I presume someone would have mentioned something if the system tray went as hyper as the logs suggest it would have done. I have had one or two IP addresses blocked recently, that were alerted via the system tray, but there seems to be a lot more "silent" blocking going on than I was aware of. I also don't believe that all these three users would have been intentionally trying to connect to all the IP addresses in turn in the same range. Anyone know the explanation?Andy Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 8, 2009 Root Admin ID:123115 Share Posted September 8, 2009 This is not a general forum for posting Andy. That is why your post was moved. Staff and Experts are here to respond to user requests for concerns over a False Positive. If you have one yourself that you're reporting, even if its the same IP then you need to create your own post.Thank you. Link to post Share on other sites More sharing options...
Andy Spragg Posted September 8, 2009 Author ID:123146 Share Posted September 8, 2009 This is not a general forum for posting Andy. That is why your post was moved. Staff and Experts are here to respond to user requests for concerns over a False Positive. If you have one yourself that you're reporting, even if its the same IP then you need to create your own post.Thank you.<embarrassed>Sorry ...</embarrassed> Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now