Jump to content
Lyvelion

Malwarebytes blocks the IP even when I'm not using the browser

Recommended Posts

Hello, 

At first I apologize for my poor English, it's not my native language. 

 

I turned on the computer today to play my favorite game, for many days I did not download anything from the Internet or perform other "suspicious" activities which could cause the problem described below.

While playing, a Malwarebytes window suddenly appeared informing about blocked IP due to the threat of the Trojan. I thought that it blocked the download on the GOG Galaxy launcher - I don't know why but it often blocks it. It turned out that the program blocked the IP belonging to Cloudflare. It is interesting that no file was identified and each time it was detected another port was used.

IP was blocked 5 times in a few hours. What should I do about it? I already scanned my PC with Malwarebytes, ADWCleaner, Windows Defender, these programs didn't find anything.


I added a screen below, I hope my translation will help

help.png

Share this post


Link to post
Share on other sites

Hello Lyvelion and welcome to Malwarebytes,

Can you post the last three block logs for me, logs are available here:

Open Malwarebytes, select > Reports > then checkmark (tick) most recent "Website Block" entry > then select "View Report" > "Export" > Text File (*.txt) name and save that file to Desktop or somewhere of your choice, attach to your reply...

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Thank you,

Kevin...

 

Share this post


Link to post
Share on other sites

Thanks for those logs, not sure if this is a false positive (fp)

IP is not listed for spam activity https://cleantalk.org/blacklists/104.16.154.36

VirusTotal does not flag the website https://www.virustotal.com/gui/url/a6ad87b96b6f44b6b903d3db0d28b0f75e62c6ec246afd9e218723c6168baad3/detection

Maybe @MysteryFCM can have look and give judgement/advice...

Share this post


Link to post
Share on other sites


Thank you very much for your help, I will wait for the opinion of others. :)

Share this post


Link to post
Share on other sites

Do the blocks only happen when GOG Galaxy launcher is used..?

Share this post


Link to post
Share on other sites

No, the ones I sent you appeared several minutes after the program was closed. Those that appear when GOG is open show the exact location of the launcher files.

Share this post


Link to post
Share on other sites

It will be hard for me to check if everything is ok, the blocks have gone when I stopped playing. Strange, I played Black Desert Online, this game has nothing to do with Cloudflare

Share this post


Link to post
Share on other sites
Quote

Strange, I played Black Desert Online, this game has nothing to do with Cloudflare

Did this make blocks happen

 

Share this post


Link to post
Share on other sites

I meant... blocks occurred when I played a few hours ago. I will start the game and see if this happens again, it is quite late so I may answer in a few hours. (it's 1 a.m.)

Share this post


Link to post
Share on other sites

im having the same thing and i have bdo open too, theres an offical post on the bdo forums about this happening to others too just so u know

Share this post


Link to post
Share on other sites

 

Really? This explains everything. Thank you, I think we can close the topic then.

Share this post


Link to post
Share on other sites

Thanks for the update @Lyvelion and @Cooce

if you are sure you want this thread closed Lyvelion do the following:

Right click on FRST here: C:\Users\lyvel\Desktop\FRST64.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall

That action will remove FRST and all created files and folders...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

Share this post


Link to post
Share on other sites

Sorry for the delay, the block on 104.16.154.36 was already fixed.

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.