Jump to content

Trojan MB blocked it but I have a question

Recommended Posts

In the last couple of days MB has blocked several Trojans each with a different IP address.

I entered the IP over at Symantec IP reputation investigation it said their IP addresses were about "snowshoe spam".

How dangerous is this if MB hadn't blocked them?

Why and how am I getting  these things?


Thanking in advance for any and all help.



Share this post

Link to post
Share on other sites

***This is an automated reply***


Thanks for posting in the Malwarebytes 3 Help forum.


If you are having technical issues with our Windows product, please do the following: 


If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column

  7. Click the Gather Logs button

  8. A progress bar will appear and the program will proceed with getting logs from your computer

  9. Upon completion, a file named mbst-grab-results.zip will be found on your Desktop. Click OK

  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:

     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:


To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.


One of our experts will be able to assist you shortly.


If you are having licensing issues, please do the following: 


For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 


Thanks in advance for your patience.

-The Malwarebytes Forum Team


Share this post

Link to post
Share on other sites


It generally depends on the source of the connection attempts, in other words, what program on your system were they trying to connect to, if any?  Also, if you don't already have the built in Windows Firewall enabled (which it should be by default), then that should definitely be done.  We can assist you with that if necessary.

Please do the following and we will take a look at what is going on with your system:

  1. Download and run the Malwarebytes Support Tool
  2. Accept the EULA and click Advanced tab on the left (not Start Repair)
  3. Click the Gather Logs button, and once it completes, attach the zip file it creates on your desktop to your next reply

Also, please open Malwarebytes and navigate to the Reports tab and open and export one of the website block entries and either copy/paste it into your reply or export it to a text file and attach the text file so that we may take a look.

I am just being cautious so I don't want to worry you unnecessarily, but in all likelihood those connect attempts are nothing to worry about, again, depending on their source (for example, if it was from a Peer-to-Peer (P2P) application such as a Bittorrent client of some kind, then this is a typical occurrence and nothing to be concerned about), however we will assist you in checking your system and logs just to make sure.

Share this post

Link to post
Share on other sites


-Log Details-
Protection Event Date: 9/21/19
Protection Event Time: 12:41 PM
Log File: 9fb6c164-dc8e-11e9-94ba-8cec4bd1b2d4.json

-Software Information-
Components Version: 1.0.625
Update Package Version: 1.0.12589
License: Premium

-System Information-
OS: Windows 10 (Build 17763.737)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Trojan
IP Address:
Port: [5353]
Type: Inbound



Share this post

Link to post
Share on other sites

Thanks.  I did a bit of research on the IPs that were blocked and the ports they were trying to connect to and they are associated with some known vulnerabilities and exploits/attacks so I would suggest going ahead and making sure that your system is clean by reading and following the instructions in this topic and then creating a new topic in our malware removal area including the requested logs and information by clicking here and one of our malware removal specialists will assist you in checking your system and clearing it of any threats that might be present.

I hope that I am just being overly cautious, but it's best to play it safe and go ahead and get the system checked to make sure.

If there is anything else we might assist you with please let us know.


Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.