Jump to content

blocked inbound connection to svchost.exe : 5 attempts per minute


Recommended Posts

Hi,

 

I have installed Malwarebytes trial version today on my computers and I get these notifications 4 or 5 times per minute on each one of my computers.

The servers locations are :

176.9.41.151

117.4.240.104

94.102.49.159

47.90.72.126

etc...

 

I have launched a Malware scan, but nothing was found.

This seems very strange, but I have read that svchost.exe was an application from Microsoft, so I guess it's safe. Can you confirm? 

 

Thank you

 

 

 

 

Link to post
Share on other sites

In case it helps, ADWCleaner found nothing on these servers

 

 

# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build:    02-15-2021
# Database: 2021-01-11.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    03-09-2021
# Duration: 00:00:04
# OS:       Windows Server 2016 Standard
# Scanned:  4241
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

Link to post
Share on other sites

4 hours ago, Nicopato said:

I'd like to add these computers are servers I access remotely. I don't know if this is important to mention.

I am sorry to inform you that Malwarebytes Premium (stand alone) is not supported on any server OS and is also against the EULA as well.

  Quote

(b) Paid License.

If you purchased a license to the Software from Malwarebytes or from a Malwarebytes authorized reseller, then conditioned upon your compliance with the terms and conditions of this Agreement, Malwarebytes grants you a non-exclusive and non-transferable license to Execute the number of copies of the Software for which you have paid solely in executable form on the corresponding number of Devices owned or used by you. Furthermore, you may not Execute the Software on any Device(s) running a server operating system unless it is a Malwarebytes server product as reflected in its official product name and official release notes. You agree that your purchases are not contingent on the delivery of any future functionality or features (including future availability of any Software beyond the current license term or any new releases), or dependent on any oral or written public comments made by Malwarebytes regarding future functionality or features.

https://www.malwarebytes.com/eula/

The proper version is this. https://www.malwarebytes.com/business/ep-server-security/

 

System requirements

https://support.malwarebytes.com/hc/en-us/articles/360038984713-System-requirements-for-Malwarebytes-for-Windows-v4

But to also answer the question about those blocks.

The attempts on various ports are tried by bots.   But they are STOPPED  by the Malwarebytes real-time web protection.

Malwarebytes is protecting your system.

See this article  https://support.malwarebytes.com/hc/en-us/articles/360048565893-Receiving-message-Website-blocked-due-to-compromise

In most cases the attempted probes will eventually stop on their own. If it continues you can add the IP to the local firewall to prevent it from contacting the computer period.
If you wish to do so, here is one how-to guide for the Windows software firewall
https://www.interserver.net/tips/kb/add-ip-address-windows-firewall/

 

 

  • Like 1
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.