Jump to content

Malwarebytes Service connects to Verizon


Recommended Posts

Hi, I'm using Malwarebytes Premium, version 3.6.1.2711 with the latests updates.

I had to format my computer 5 days ago because it was infected with a trojan horse. Since then I've been monitoring my network traffic to see if anything was going on.

I found many weird things. Like the SVCHOST connecting to various random unknown IP Adresses. Here are some examples :

Outbound to 72.21.91.29 (Verizon Business)

Outbound to 104.16.89.108 (Cloudflare)

Outbound to 151.101.22.133 (Fastly)

Note that I'm not and I've never been with Verizon nor Fastly. Am I infected? My Kaspersky and Malwarebytes don't detect anything. I also found IP for amakai. All these kind of connections are triggered after I boot my computer even without opening a web brower. In the following picture below, I had a web browser opened, but those were there even before I opened Chrome. They stay there for like 1 minute and then disappear,

Now what is very weird is that the malwarebytes services seems to also contact Verizon at the same IP address the SVCHost is connection. Am I infected? Why is mwb services connecting to Verizon? Verizon is NOT my ISP provider and I never had them as an ISP provider. Should I be worried?

 

idk.thumb.png.405ed0dad0aa18594e4405dae0202f8f.png

Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab
    Repair menu_arrows.png
     
  7. Click the Gather Logs button
    Advanced_arrows.png
     
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    Advanced Gather Logs_arrows.png
     
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Advanced Gather Logs completed_arrows.png
     
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

It's possible that Malwarebytes is just checking for updates etc. and that it connects to the Malwarebytes CDN (Content Delivery Network) through some Verizon server, though someone from the staff would need to confirm that.  I'm pretty sure that Cloudflare is one of their CDN providers for Malwarebytes so that's normal.

By the way, if the Trojan that was detected before you reformatted was the same one reported here then it was a false positive, not a real threat.  The detection for that item has since been corrected in the latest database updates for Malwarebytes.

Link to post
Share on other sites
2 hours ago, dcollins said:

That IP address is used for certificate verification. This isn't so much a Malwarebytes thing, as your computer using those servers to verify certificates on the machine. This is fully expected

Ok thanks,  is that one 151.101.22.133 for certificates as well?

How do we know which is and which isnt?

Link to post
Share on other sites

You have to research the IP address to understand what it's being used for. I'm not certain about the 151.* address though, but my guess would be the same. You could use wireshark to capture all network traffic and try to see what domain that is resolving to

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.