ehambra Posted October 25, 2009 ID:148208 Share Posted October 25, 2009 Every time I open Skype a I get a pop-up warning saying Malwarebyte's Anti-malware has successfully blocked access to malicious IP: 89.28.118.132What is that?Thanks Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 25, 2009 Root Admin ID:148214 Share Posted October 25, 2009 I've asked one of the support guys to stop by and take a look at your post. He'll be able to give you further advice. Link to post Share on other sites More sharing options...
MysteryFCM Posted October 25, 2009 ID:148218 Share Posted October 25, 2009 The IP belongs to Starnet, and has no relation to Skype that I can find.http://hosts-file.net/?s=89.28.118.132If possible, could you try and identify the source and target please? (either your firewall logs, or Wireshark (http://www.wireshark.org), will be able to provide the necessary details). Link to post Share on other sites More sharing options...
ehambra Posted October 25, 2009 Author ID:148238 Share Posted October 25, 2009 My router does not show that is getting an attack from that IP. If I type on the browser the IP 89-28-118-132 Malearebyte's Anti-malware popups with the warning.But every time I sign in on Skype pops up and every minute as well Link to post Share on other sites More sharing options...
MysteryFCM Posted October 25, 2009 ID:148241 Share Posted October 25, 2009 The IP is on a known malicious network, so I'd strongly advise against trying to load it.There's two possibilities for this issue, either there's adverts in the program causing a connection, or the program itself is doing such. We need to track this down, and the best way of doing this, is using a firewall (NOT your router).Either download Wireshark from the following;http://www.wireshark.orgOr download a firewall such as Online Armor if you've not already got one;http://www.tallemu.comBoth of these will provide logs that will allow us to see the destination and source details (Wireshark will also additionally give us the packet information, so we can see why it is trying to contact the IP). Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 25, 2009 Root Admin ID:148244 Share Posted October 25, 2009 You could also try running these commands from a DOS console.ipconfig /displaydnsnetstat -anetstat -b -v Link to post Share on other sites More sharing options...
ehambra Posted October 25, 2009 Author ID:148247 Share Posted October 25, 2009 Can you tell from this report? www.slaudio.com.ar/report.pcap Link to post Share on other sites More sharing options...
MysteryFCM Posted October 25, 2009 ID:148254 Share Posted October 25, 2009 I'm not seeing anything referencing that IP in the pcap file, no. Link to post Share on other sites More sharing options...
ehambra Posted October 25, 2009 Author ID:148259 Share Posted October 25, 2009 It is weird do. I have run several times and cannot fond that IP, but while I am running it I open Skype, and MBAM shows the warning: Malwarebyte's Anti-malware has successfully blocked access to malicious IP: 89.28.118.132I have deleted all my contacts and still the same. It happens when I sign in only.Anything else that I can try?Thanks Link to post Share on other sites More sharing options...
MysteryFCM Posted October 25, 2009 ID:148277 Share Posted October 25, 2009 Can you do the following please?1. Install WireShark2. Load WireShark and open SkypeIf the IP doesn't show up, close Skype and disable MBAM's IP Protection, then re-load SkypeThen post the log here. Link to post Share on other sites More sharing options...
dv986 Posted December 19, 2009 ID:172631 Share Posted December 19, 2009 Hi everyone. I have a similar problem. Slightly different IP, but on the same network id. I also had Skype turned on.I will send some of the Oupost Firewalls log that correlates with the timeframe of the MBAMs log to Malwarebyte support by email. I'll keep you informed Link to post Share on other sites More sharing options...
dv986 Posted December 19, 2009 ID:172801 Share Posted December 19, 2009 Alright, I got the following response:That IP address resolves to Moldova:http://hosts-file.net/default.asp?s=89.28.11.13It's possible that the server at that address is sending out spam messages via Skype, and our software is blocking them.Hope this helps :-) Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now