Jump to content

Detecting malware sites outbound from Azureus


Recommended Posts

Hello CaidenKeren and welcome to Malwarebytes,

Open Malwarebytes, select > Reports > then checkmark (tick) most recent "Website Block" entry > then select "View Report" > "Export" > Text File (*.txt) name and save that file to Desktop or somewhere of your choice, attach to your reply...

Repeat for last couple of blocks...

Thank you,

Kevin...
Link to post
Share on other sites

10 minutes ago, kevinf80 said:
Hello CaidenKeren and welcome to Malwarebytes,

Open Malwarebytes, select > Reports > then checkmark (tick) most recent "Website Block" entry > then select "View Report" > "Export" > Text File (*.txt) name and save that file to Desktop or somewhere of your choice, attach to your reply...

Repeat for last couple of blocks...

Thank you,

Kevin...

These are the three that keep popping up.

trojan 1.txt

trojan 2.txt

unkown.txt

Link to post
Share on other sites

Greetings,

I reviewed the block logs you posted and they indicate that the trackers (sites used for tracking/managing torrents for peer-to-peer Bittorrent clients like Vuze) for something you were probably downloading or searching for were being blocked.  These blocks are not an indication of infection and are quite normal when using a peer-to-peer (P2P) application like a Bittorrent client as they tend to connect to a wide array of IP addresses which may include some that are also used for hosting malware and other malicious content.  That said, those sites won't infect your system when connecting through your Bittorrent client like this and you can eliminate the blocks by excluding Vuze from the Web Protection component in Malwarebytes so that it is allowed to connect to any server that it needs to without compromising the protection of your system from malicious sites for other applications which would be a risk such as your web browser.  To exclude Vuze, follow the instructions found in this support article under the section titled Exclude an Application that Connects to the Internet.

If you are seeing any other signs of infection or would just like to have your system checked to make sure that it is not infected then please continue to work with kevinf80 and he will guide you on what to do to check and clean your system.

I hope this information has helped set your mind at ease and if there is anything else we might do to assist you please don't hesitate to let us know.

Thanks

Link to post
Share on other sites

There is no need to hide anything @exile360, I only ask the question. You can unhide the information you`ve posted. I always appreciate help, just need to know if there are changes...

@CaidenKeren  do not add P2P software as an exclusion, just let Malwarebytes block the outbound calls. That will not affect the software if you choose to download what the software is designed for... Outbound calls are very suspicious and not needed...

https://www.virustotal.com/en/ip-address/87.110.238.140/information/

Link to post
Share on other sites

6 minutes ago, kevinf80 said:

There is no need to hide anything @exile360, I only ask the question. You can unhide the information you`ve posted. I always appreciate help, just need to know if there are changes...

@CaidenKeren  do not add P2P software as an exclusion, just let Malwarebytes block the outbound calls. That will not affect the software if you choose to download what the software is designed for... Outbound calls are very suspicious and not needed...

https://www.virustotal.com/en/ip-address/87.110.238.140/information/

VS info makes no sense to me

I am confused here.  Why would outbounds by the client be suspicious?  Wouldn't that implicate that the client is doing something suspicious?  B4 I used utorrent (very old version, 2012) and MBAM was flagging, I remember vaguely, outbounds or inbounds all the time.  At one point Avast internet security, after the lastest update, quarantine it all of sudden.

Link to post
Share on other sites

The outbound calls are suspicious because not only are they are made without your knowledge, they open a backdoor through your Firewall so you have an unknown connection to an unknown domain of which you have no control. P2P software is a prime conduit for the transfer of malicious trackers, infections, etc.

Everyone knows that malware, infections and ransomware are transferred through illegal software, key gens, cracks etc, you should also be made aware that backdoor connections through your Firewall have the same potential and can also be used to harvest information....

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.