Jump to content

Suspicoius IP

PtrykPL

By PtrykPL
in Resolved Malware Removal Logs

 Share
Go to solution Solved by AdvancedSetup,

Recommended Posts

PtrykPL

PtrykPL

Posted
Posted

Hello. First i want to say one thing. I did clean Windows reinstall and didn't installed any bad things from internet.

I saw this in resource monitor:

image.png.3eb9260fd47845c834f3ad1d742a657a.png

image.png.6f32e1fa75bdfa54f9733f1dca3122ad.png

I'm worried about 93.184.220.29 ip.

 

Is this something bad? I saw this doesn't have good community score on VirusTotal (https://www.virustotal.com/gui/ip-address/93.184.220.29/community), but only 2 detections. Also this ip connection was from "avp.exe" or other Kasperky things. These ip are sometimes other, but i scanned few of them. Only 93.184.220.29 don't have good community score on VT.

Also there was something that ip is from "Egdecast". I don't know what is that.

 

I scanned my PC with Malwarbytes, adwcleaner and Kasperky (and Malwarebytes anti-rootkit). Also i scanned with F-secure router checker. None of antiviruses detected anything. I was asking here before, send FRST logs and somebody said everything is good. Also some people said this is normal if this is from Kaspersky (i have installed Kasperky Security Cloud). These connections are not using many network. There aren't any processes that uses more than 1% of CPU if i'm doing nothing. I checked few processes in Process Explorer and few tinghs in Autoruns. There wasn't anythins suspicious.

 

Could it really be something bad or not?

 

I'm attaching adwcleaner, mbam logs and my old frst logs.

AdwCleaner[S11].txt mbam logs.txt Addition.txt FRST.txt

Link to post
Share on other sites
PtrykPL

PtrykPL

Posted
  • Author
Posted

I did scan with FRST again. I'm attaching these new logs.

Malwarebytes and adwcleaner didn't found anything. Also I did full scan with Kasperksy. It didn't detected anything.

 

 

image.png.d404f4b7462437b267fef692bc249888.png

This is how it looks now. I scanned other IP too. These ip don't have many detections in VirusTotal, but very low community score. I don't know if these IP are from Kasperky or not. Also VT says that IP are from GB or Switzerland.

 

Always when I'm checking random IP it shows no detections, but very low community score. I have more examples:

https://www.virustotal.com/gui/ip-address/224.0.0.252/community

https://www.virustotal.com/gui/ip-address/239.255.255.250/community

 

Addition.txt FRST.txt AdwCleaner[S12].txt mbam.txt

Link to post
Share on other sites
PtrykPL

PtrykPL

Posted
  • Author
Posted

Update: I was asking about that and some people also have same ip in resource monitor. Also i scanned these IP with other tools and it didn't said anything bad about these IP.

I did also scan with malwarebytes anti-rootkit and it doesn't detected anything.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted (edited)

The IP 93.184.220.29 was an Edgecast IP.  Edgcast was recently purchased by Yahoo

 

Abuseipdb shows it is on some black lists

https://www.abuseipdb.com/check/93.184.220.29

 

Virus Total has 3/88 as well

https://www.virustotal.com/gui/url/7a14fd7cdb6066e94e48cc56b7b83fd4b92f3d4fa01acb8c0b18d23b17d9c901?nocache=1

 

So, it looks like that specific IP has been used by someone or some process for bad purposes.

But, how your system hit it or got a hit from it is unknown and does not mean your computer is infected.

 

You're running Kaspersky Security Cloud which is a very good antivirus product. Check for updates and do a full system scan and see if it finds anything. My guess is it does not find any infections.

 

Edited by AdvancedSetup
Updated information
Link to post
Share on other sites
PtrykPL

PtrykPL

Posted
  • Author
Posted
4 minutes ago, AdvancedSetup said:

The IP 93.184.220.29 was an Edgecast IP.  Edgcast was recently purchased by Yahoo

 

Abuseipdb shows it is on some black lists

https://www.abuseipdb.com/check/93.184.220.29

 

Virus Total has 3/88 as well

https://www.virustotal.com/gui/url/7a14fd7cdb6066e94e48cc56b7b83fd4b92f3d4fa01acb8c0b18d23b17d9c901?nocache=1

 

So, it looks like that specific IP has been used by someone or some process for bad purposes.

But, how your system hit it or got a hit from it is unknown and does not mean your computer is infected.

 

You're running Kaspersky Security Cloud which is a very good antivirus product. Check for updates and do a full system scan and see if it finds anything. My guess is it does not find any infections.

 

I was asking for help in one discord server. I asked about other IP adresses too. Two people had same ip adress on their pc.

I did kasperky full scan today (with extreme settings) and it didn't detected anything. I checked for updates before scan. And kasperky isn't only one AV that i used to scan. As i said, none of AV detected anything. No detections. 

Somebody told me something that IP adress could be used to bad thinghs before, but now this is good IP adress. Maybe this is true because many of bad comments have more than 1 year. Also i heard to not always trust these comments in virus total. I also scanned these IP with other websites.

 

And what about these FRST logs? Is everything good with them? Also i found how to make these logs in english. 

Link to post
Share on other sites
PtrykPL

PtrykPL

Posted
  • Author
Posted

Also i found 4 unknown devices connected to my router. This is very strange. I don't know if this is related to these ip connections. This looks like these devices don't exist. Other people had this problem too. I found it could be error or something like this. Also there is app (i downlaoded it from play store) for my router and i don't see these devices here, so i think thks is error or bug. I have newest router firmware installed.

I think this isn't good place to ask about this. I don't think this is caused by any malware. 

Link to post
Share on other sites
PtrykPL

PtrykPL

Posted
  • Author
Posted

I was trying to change password, but these devices still showed. It only dissapears for some time after router reboot. As i said this is probably bug. And i checked few router settings and everything seems to be good.

 

So everything should be fine now? These ip are not anything malicious? 

Link to post
Share on other sites
  • Root Admin
  • Solution
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
  • Solution
Posted

I don't see any signs of an issue. Seeing an IP good or bad is not an indicator that a computer is infected. You'd need to your own computer making that call to an IP and being blocked by your AV to be a sign it was an issue.

 

Let's go ahead and do some clean-up work and remove the tools and logs we've run.

Please download KpRm by kernel-panik and save it to your desktop.

  • right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please attach that file to your next reply. (not compulsory)

 

  1. Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
    https://www.howtogeek.com/240255/password-managers-compared-lastpass-vs-keepass-vs-dashlane-vs-1password/
  2. Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
  3. Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download
  4. Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
  5. Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/ 
  6. Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

uBlock Origin

 

Further reading if you like to keep up on the malware threat scene: Malwarebytes Blog  https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

  • Thanks 1
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.