Joofex Posted January 7, 2022 ID:1496498 Share Posted January 7, 2022 Hello. I received a notification on Malwarebytes desktop app, and it states that a potential malicious site had been blocked originating on my system. When I expanded the notification, it stated that the malicious site originated from a system file, but never stipulated where specifically. Before the notification popped up, I had installed a program called MusicBee. However, when I did a virus scan right after receiving the notification, it said that no threats were detected. Another issue is the IP address being blocked from the system file is the same IP address being blocked from PIA VPN, and was wondering if the malware detection is actually originating from PIA and not my system. Even after uninstalling MusicBee, I still get a malicious site block for PIA and my system, which I'm not sure what to do anymore. Below I have provided logs for PIA and system website block. If anyone could help me with this issue and/or clarify if this is a false positive, it would be much appreciated. Thanks for your time. MB2.txt MB1.txt Link to post Share on other sites More sharing options...
Staff Solution BjelakovicL Posted January 7, 2022 Staff Solution ID:1496501 Share Posted January 7, 2022 Hello, The IP above is being used for Port Scan Attacks. The detection is very recent. Please refer to this article which lists several known applications that conflict with Malwarebytes's Web Protection, that includes PIA. Link to post Share on other sites More sharing options...
Joofex Posted January 7, 2022 Author ID:1496503 Share Posted January 7, 2022 Hey, thanks for getting back to me in short notice. I see now, thank you very much for the information. Would it be okay to assume that everything is okay on my end and my PC hasn't been compromised? Lastly, should I be concerned that my system on an outbound connection was blocked and categorized as malware? I've gone ahead and uninstalled PIA just to make sure and it seems like the detections have stopped for both the malware and compromised flags, Would it then be okay to assume my system flagged under malware was actually part of PIA and not my own system? Thanks again for your time. Much appreciated. Link to post Share on other sites More sharing options...
Staff BjelakovicL Posted January 7, 2022 Staff ID:1496505 Share Posted January 7, 2022 Yes, it's safe to assume your PC hasn't been compromised. The detection came from PIA. These IPs are being used in full port scan attacks that is why this IP is blocked in full. It is outbound because it is being used by Private Internet Access. Link to post Share on other sites More sharing options...
Recommended Posts