Jump to content
JoeMcFadden

Incoming worm and trojan popups

Recommended Posts

I am a computer consultant, and one of my clients has been getting a Malwarebytes notification (sometimes every couple minutes) for either an incoming trojan or worm.

Are these just random port scans that will eventually stop, or is it something on their computer?

The trojan is on port 23, and the worm is on port 8089. (And I've seen other ports looking thru the reports.)

They have Spectrum, and their modem assigns an external IP address, and I cannot log into the modem.

This only happens on 1 of the 2 computers connected to this modem.

I'm considering buying a router to put between the computers and the modem, but since this is a satellite office (2 hours away) I'd rather avoid this if possible.

I have attached my full scan log, and a few of the detection logs.

Trojan Port 389.txt Worm Port 8089.txt Full Scan Results.txt Trojan Port 23.txt

Share this post


Link to post
Share on other sites

Even tho I had scanned the other computer and it came up clean, I decided to do an IP scan to see if there was a laptop or something else on the network....

Strange outcome that I wasn't expecting: The 2nd computer has a different IP scheme. So I did IP scans from each and they both show 6 or 7 other devices on the network.

I'm going to have to find out exactly how they have their internet setup down there... must be some shared building thing or something... for sure going to need to install a router for them.

Share this post


Link to post
Share on other sites

Hello Joe.    :welcome:

 

Thanks for the scan report & for the Block event log reports.  The 3 block events are about "Incoming" types.  The web protection module of Malwarebytes for Windows is protecting the pc.

Incoming block notice can be ignored, Malwarebytes Premium software is blocking the threat and there is nothing more that can be done.

It would be of interest to know if the machine-at-issue has any open web browsers, instant messenger-type-app, and what other programs were open or in use at those "block events".

 

For Your Information:

The website  Block message indicates that a potential risk was blocked by the malicious website protection. 

The Malwarebytes web protection, by default, will always show each IP block occurrence.

The Malwarebytes Webs protection feature will advise customers when a known or suspected malicious IP is attempted to be reached (outgoing) or is trying access your PC.

 

See our info page https://www.malwarebytes.com/lp/ip-blocking/?ipblock=true

 

Incoming block notice can be ignored, our software is blocking the threat and there is nothing more that can be done.

On Outbound blocks, any attempted connection was stopped.

 

No action is required unless you’re also experiencing malware symptoms or there are multiple (different) IPs (ex;123.23.34 and 4.44.56).

A browser is not required to be running, just an active Internet connection with processes running,

such as Instant messenger clients, SKYPE or Peer-to-peer software, to trigger these alerts.

Share this post


Link to post
Share on other sites

Hi.  How is the situation at this point ?

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.