Skype

[ehambra]

Every time I open Skype a I get a pop-up warning saying Malwarebyte's Anti-malware has successfully blocked access to malicious IP: 89.28.118.132

What is that?

Thanks

[AdvancedSetup]

I've asked one of the support guys to stop by and take a look at your post. He'll be able to give you further advice.

[MysteryFCM]

The IP belongs to Starnet, and has no relation to Skype that I can find.

http://hosts-file.net/?s=89.28.118.132

If possible, could you try and identify the source and target please? (either your firewall logs, or Wireshark (http://www.wireshark.org), will be able to provide the necessary details).

[ehambra]

My router does not show that is getting an attack from that IP. If I type on the browser the IP 89-28-118-132 Malearebyte's Anti-malware popups with the warning.

But every time I sign in on Skype pops up and every minute as well

[MysteryFCM]

The IP is on a known malicious network, so I'd strongly advise against trying to load it.

There's two possibilities for this issue, either there's adverts in the program causing a connection, or the program itself is doing such. We need to track this down, and the best way of doing this, is using a firewall (NOT your router).

Either download Wireshark from the following;

http://www.wireshark.org

Or download a firewall such as Online Armor if you've not already got one;

http://www.tallemu.com

Both of these will provide logs that will allow us to see the destination and source details (Wireshark will also additionally give us the packet information, so we can see why it is trying to contact the IP).

[AdvancedSetup]

You could also try running these commands from a DOS console.

ipconfig /displaydns

netstat -a

netstat -b -v

[ehambra]

Can you tell from this report? www.slaudio.com.ar/report.pcap

[MysteryFCM]

I'm not seeing anything referencing that IP in the pcap file, no.

[ehambra]

It is weird do. I have run several times and cannot fond that IP, but while I am running it I open Skype, and MBAM shows the warning: Malwarebyte's Anti-malware has successfully blocked access to malicious IP: 89.28.118.132

I have deleted all my contacts and still the same. It happens when I sign in only.

Anything else that I can try?

Thanks

[MysteryFCM]

Can you do the following please?

1. Install WireShark

2. Load WireShark and open Skype

If the IP doesn't show up, close Skype and disable MBAM's IP Protection, then re-load Skype

Then post the log here.

[dv986]

Hi everyone. I have a similar problem. Slightly different IP, but on the same network id. I also had Skype turned on.

I will send some of the Oupost Firewalls log that correlates with the timeframe of the MBAMs log to Malwarebyte support by email. I'll keep you informed

[dv986]

Alright, I got the following response:

That IP address resolves to Moldova:

http://hosts-file.net/default.asp?s=89.28.11.13

It's possible that the server at that address is sending out spam messages via Skype, and our software is blocking them.

Hope this helps :-)