Jump to content

Continuous Blocked Website Detection Warnings


Recommended Posts

Hey,

I recently downloaded Malwarebytes to test it out, and I started getting warnings that an inbound connection was blocked from blocked websites. Most of them were categorized as Compromised, but a few were categorized as trojan. None of the scans from both defender and Malwarebytes produced any detections. I think one of them was even a remote desktop attack. I disabled remote desktop. I also came upon a tool by Microsoft called Microsoft Safety Scanner and used it. It detected something called "VirTool:Win32/DefenderTamperingRestore" and removed it. Nothing else was found. However, I keep getting inbound connection detections. Also, if it makes any difference, I am on a university network via ethernet.

I have attached the requisite logs as put forward by one of the pinned posts on this forum.

Malwarebytes Scan Report.txt FRST.txt Addition.txt

Link to post
Share on other sites

Hello    :welcome:

My name is Maurice.  Let me know what name you prefer to go by.

 

The real-time protection of Malwarebytes is keeping the system safe.  It is advising you of that.  

The "potential" threat is Stopped.    The system is being protected.

The scan with Malwarebytes for Windows reported no malware / no P U P  .

Lets first get a full report so I can see just exactly what the block messages are about.   They are most likely to be I P  addresses that the Malwarebytes researchers have identified  as having threats on their address.

.

The Adwcleaner detected a adware, it sound like.   What the MS Safety scanner detected is a normal expected finding.

I would like for you to read this article, which fits what you have described

"Receiving message - Website blocked due to compromise"
https://support.malwarebytes.com/hc/en-us/articles/360048565893-Receiving-message-Website-blocked-due-to-compromise

 

The fact that your machine is in a network makes it a lure for the probers.  The fact that your machine runs Platform: Windows 10 Pro makes it more of a lure for probers.

 

We have to see the detection logs in order to have full details about these Block event notices.

The web protection / Malwarebytes real-time protection is keeping the pc safe from potential harm.   Whatever "it" was, it is STOPPED.

 

I would appreciate  getting some key details from this machine.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

Do have patience while the report tool runs.  It may take several minutes.  Just let it run & take its time.  You may want to close your other open windows so that there is a clear field of view.
Download Malwarebytes Support Tool
    
  
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-1.7.0.827.exe  to run the report

Once it starts, you will see a first screen with 2 buttons.  Click the one on the left marked "I don't have an open support ticket".

        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
Now click the left-hand side pane "I do not have an open support ticket"

    You will be presented with a page stating, "Get Started!"
    Do NOT use the button “Start repair” !   But look instead at the far-left options list in black.

    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer.  Please do have patience.  It takes several minutes to gather.
   
    Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK.  Then Exit the tool.

    Please attach the ZIP file in your next reply.

.

For Your Information:

The Block notices from Malwarebytes web protection do mean that Malwarebytes Premium is keeping your pc safe from potential harm.

A block notice is an advisory of the "block".   The web protection has STOPPED any potential harm.

 

It  indicates that a potential risk was blocked by the malicious website protection. 

The Malwarebytes web protection, by default, will always show each  block occurrence.

The Malwarebytes Webs protection feature will advise customers when a known or suspected malicious IP is attempted to be reached (outgoing) or is trying access your PC.

 

See our info page https://www.malwarebytes.com/lp/ip-blocking/?ipblock=true

 

Incoming block notice can be ignored, our software is blocking the threat and there is nothing more that can be done.

On Outbound blocks, any attempted connection was stopped.

 

Sincerely,

Maurice

Link to post
Share on other sites

Thanks for the report.   Some bits of housekeeping first.

[    1    ]

There is one setting in Malwarebytes that needs to be off.   So that the Microsoft Windows Defender is all enabled.   The Premium  trial  protections of Malwarebytes will still be on.
Start Malwarebytes. Click Settings ( gear ) icon. Next, lets make real sure that Malwarebytes does NOT register with Windows Security Center 
Click the Security Tab. Scroll down to 
"Windows Security Center"
Click the selection to the left  for the line "Always register Malwarebytes in the Windows Security Center".

{  OFF position is all the way to the left-side. }

 

[   2     ]

Now click the General tab.    Then click the spot "Check for Updates"   so that the latest component update & definitions are applied.

Watch the prompts.  Have patience.
Close Malwarebytes when done.
.

The blocked IP addresses for the 25th are   182.75.41.42,   101.53.100.115.   196.31.28.114,    195.128.96.92.    all inbound probes.

The first IP maps out to India ;  the 2nd China ;  3rd  South Africa ;   4th Russia.

The inbound attempts were stopped.

.

Unless you are actually using this machine to connect to another Windows' remote desktop,  then you ought to turn off the Remote Desktop setting, since that makes your machine a tempting target.

See   https://www.tenforums.com/tutorials/92433-enable-disable-remote-desktop-connections-windows-10-pc.html

By turning off remote desktop, you lessen your machine's odds of being a tempting target for probers.

The bad guys seek out machines able to do remote desktop as being prime candidates.   Keep in mind these involve automated bots.

,

You can block one or more IP addresses in the Windows 10'  Windows Firewall

See   https://www.cm3solutions.com/block-ip-address-ip-range-using-windows-firewall/

 

To get started go to Control Panel >>System and Security >> Windows Defender Firewall     and then on the laft side list, click on Advanced Settings

then follow the example in the article cited above.

 

.

Keep in mind that the "probers" will be using different IP addresses.   So it is likely that your machine may get alerts for other IP addresses.

You should seriously consider getting a Malwarebytes Premium license so that your machines will then have on-going Premium protection.

Link to post
Share on other sites

Regarding Windows Security Center, I have turned off the requisite toggle. 

Regarding Windows Remote Desktop, I had already turned it off a few days ago. However, I do have an always online Teamviewer instance running to connect to my desktop from my laptop. Is that a possible attack vector as well? 

Regarding Windows Firewall, I shall add them to the rules. 

Thank you.

Link to post
Share on other sites

Good to know that you had turned off RDP.   As to Teamviewer,   I suspect that that alone is not what is or is not getting attention.   It is more the fact that the probers are seeking susceptible systems.

When you are finished with your computers at end-of-day, it will help a lot to do Windows "shutdown" on each machine.  Being shut down means your systems cant be sensed.

Let me know if you need anything.    Stay safe.

Link to post
Share on other sites

You are very welcome.   Glad to assist you.   Let me make one other set of suggestions, wholly unrelated to original inquiry,   to make your web browsers more secure.

This is for each one of your Windows systems.

[      1    ]

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

[    2     ]

If a pc has Mozilla Firefox, to get & install the Malwarebytes Browser Guard  Firefox extension.

Open this link in your Firefox browser:   

https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

Then proceed with the setup.

That link is for English US.   There are other language version.  Just go to the very bottom right of the page and look at “Change language” list drop down.

[    3   ]

If a pc has the Google Chrome browser, or the Brave browser, I suggest you install the Malwarebytes Browser guard for Chrome.

To get & install the Malwarebytes Browser Guard extension for Chrome,

 

Open this link in your Chrome   browser: 

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

 

Then proceed with the setup.

I wish you all the best.

Sincerely,

Maurice

.

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.