Frequent "blocked access to malicious IP: 81.169.145.87" pop-up messages

[bob_va]

Any input on this would be greatly appreciated. When these annoying messages pop up, I am not even browsing -- Internet Explorer is ot even open. Any suggestions would be welcomed. Thanks . . .

Message:

Malwarebyte's Anti-Malware has successfully blocked access to malicious IP: 81.169.145.87

[MysteryFCM]

This IP is on the Strato IP range, which currently houses 130 malicious domains;

http://hosts-file.net/?s=81.169.145.87

If tthis is occuring even when not browsing, I'd suggest checking for any P2P programs, and getting your computer checked for malware.

[sbones]

This IP is on the Strato IP range, which currently houses 130 malicious domains;

http://hosts-file.net/?s=81.169.145.87

If tthis is occuring even when not browsing, I'd suggest checking for any P2P programs, and getting your computer checked for malware.

I have the same problem. I'm confused by your answer. What do you mean "check for P2P programs"? I use a P2P so what do I do. If I turn off the program I still get the alerts. Shouldn't I report these ips? Also, what does "get your computer checked"? Get it checked by who and what do they do about malware? I thought this is why I bought Malwarebytes in the first place.

Thanks.

[MysteryFCM]

What do you mean "check for P2P programs"? I use a P2P so what do I do. If I turn off the program I still get the alerts.

Closing the P2P program doesn't stop the connection attempts, it simply means those attempts won't result in any actual connections to the P2P program. The ports are still open, so the alerts would continue if it were the P2P program to blame (you can use a program such as Wireshark to confirm this).

Shouldn't I report these ips? Also, what does "get your computer checked"? Get it checked by who and what do they do about malware?

http://www.malwarebytes.org/forums/index.php?showtopic=9573

[flowertown]

Closing the P2P program doesn't stop the connection attempts, it simply means those attempts won't result in any actual connections to the P2P program. The ports are still open, so the alerts would continue if it were the P2P program to blame (you can use a program such as Wireshark to confirm this).

http://www.malwarebytes.org/forums/index.php?showtopic=9573

It would be helpful if the report gave information on:

the direction of the attempt (in or out)

the source/destination port

the process that is using the port

I am currently getting similar reports, but my router has no ports being forwarded. So, it must be an outgoing attempt. The addresses are suspicious, but I have no idea which process is involved without port information.

Are these addresses and other related information logged anywhere in the system?

Jack

[MysteryFCM]

Sadly not, no. The API's used for this, do not provide this information on 2000/XP systems, only Vista and above (I don't know if this will be included in a future update for these platforms).

I'd advise using a firewall if you aren't already, as this will provide the information you require, to track which program is connecting to the IP's, and why.