Jump to content

Malwarebytes Blocking Incoming Connections


Recommended Posts

Hello. I keep getting incoming connections classified as "trojan" blocked by malwarebytes. There is no specific file included, just coming from port 445 and (so far 3) different ip address.

I've ran Rkill, done avast and malwarebytes scans on safemode, hitmanpro. All you can think of.

I don't know what's causing this.

Is there anything more i can do besides just ignore the notifications?

Link to post
Share on other sites

I'm sorry i didn't find an edit button so i'm adding information via reply:

I ran the ip addresses through AbuseIPDB website and some people had reported incoming port 445 scans from there in the past weeks. Is it just something i have to wait out or am i at risk? Is there anything else i can do?

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

We need more information.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions

Link to post
Share on other sites

More info; i made bootable usb of windows 10 home with official microsoft program and formatted everything. Installed windows 10. 24 hours forward, i get another 445 blocked, this time classified as "malvertising".

Computer didn't even connect to internet before i had installed malwarebytes and avast.
First thing i did was install windows updates.

The windows isn't licenced yet.

Addition.txt

FRST.txt

Link to post
Share on other sites

Hi,

Your logs are clean.

If the problem persists IN CHROME and you Sync Chrome with other devices reset the Sync.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

===

How is it now?
Any remaining issues with this computer.

Link to post
Share on other sites

Hello nasdaq. I already did that and reset my synced files also un-installed and re-installed chrome. Also put "allow chrome to run background apps after closed" to disable.

The inbound connection never had any files associated  in the malwarebytes log. Just ip-address and port (445 is the only port they've tried to come from now).

Link to post
Share on other sites

Hi,

Will reset the TCIP settings.

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Malwarebytes is protecting you.

If the problem persists check with the MB3 Support Forum.

https://forums.malwarebytes.com/forum/41-malwarebytes-3-support-forum/
The will have a look at it.

fixlist.txt

Link to post
Share on other sites

Thank you. I haven't gotten any inbound connection attempts after reseting my router and updating the firmware. I didn't apply the fixlist since i don't see the point on a fresh windows 10 installation. 

Thank you for your help anyway! 

Becouse of this support forum, we are going to buy 4 licences to malwarebytes premium for a year.

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.