Jump to content

How do i get more information from the threat notifications, etc?


Recommended Posts

I have had a series of notifications saying potential threat blocked, rtp detection events (whatever they are?), trojans, compromised and riskware sites being attempted to connect to.

when i look at them in the detection history I don't find them to be very helpful. for example, all it says for the file (which i assume means the file on my pc that tried to access the website?) it says system. that isn't helpful at all, bewilderingly vague.

how can i discover which file or app tried to access this ip address? because surely then i would have a better idea on how to deal with this access attempts.

As feedback this kind of information really should be immediately accessible from the notification and detection history and include hover pop-ups that describe what the file field means for example so that users can better understand the report.

this is just one example:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 22/01/2023
Protection Event Time: 17:04
Log File: d1f68b1a-9a76-11ed-9ae2-2cf05dcc0682.json

-Software Information-
Version: 4.5.20.230
Components Version: 1.0.1868
Update Package Version: 1.0.64887
Licence: Premium

-System Information-
OS: Windows 10 (Build 19045.2486)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, System, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: RiskWare
Domain: 
IP Address: 117.207.229.201
Port: 137
Type: Outbound
File: System

(end)

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

If you are having technical issues with our Windows product, please do the following:

Malwarebytes Support Tool - Advanced Options

This feature is designed for the following reasons:

  • For use when you are on the forums and need to provide logs for assistance
  • For use when you don't need or want to create a ticket with Malwarebytes
  • For use when you want to perform local troubleshooting on your own

How to use the Advanced Options:

Spoiler
  1. Download Malwarebytes Support Tool
  2. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  3. Place a checkmark next to Accept License Agreement and click Next
  4. Navigate to the Advanced tab
  5. The Advanced menu page contains four categories:
    • Gather Logs: Collects troubleshooting information from the computer. As part of this process, Farbar Recovery Scan Tool (FRST) is run to perform a complete diagnosis. The information is saved to a file on the Desktop named mbst-grab-results.zip and can be added as an email attachment or uploaded to a forum post to assist with troubleshooting the issue at hand.
    • Clean: Performs an automated uninstallation of all Malwarebytes products installed to the computer and prompts to install the latest version of Malwarebytes for Windows afterwards. The Premium license key is backed up and reinstated. All user configurations and other data are removed. This process requires a reboot.
    •  Repair System: Includes various system-related repairs in case a Windows service is not functioning correctly that Malwarebytes for Windows is dependent on. It is not recommended to use any Repair System options unless instructed by a Malwarebytes Support agent.
    • Anonymously help the community by providing usage and threat statistics: Unchecking this option will prevent Malwarebytes Support Tool from sending anonymous telemetry data on usage of the program.
  6. To provide logs for review click the Gather Logs button
  7. Upon completion, click OK
  8. A file named mbst-grab-results.zip will be saved to your Desktop
  9. Please attach the file in your next reply.
  10. To uninstall all Malwarebytes Products, click the Clean button.
  11. Click the Yes button to proceed. 
  12. Save all your work and click OK when you are ready to reboot.
  13. After the reboot, you will have the option to re-install the latest version of Malwarebytes for Windows.
  14. Select Yes to install Malwarebytes.
  15. Malwarebytes for Windows will open once the installation completes successfully.

Screenshots:

Spoiler
 
 
 
 
Spoiler

 

 

01.png

02.png

03.png

04.png

05.png

06.png

 

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: Find my premium license key

 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

1 hour ago, steveyg said:

Category: RiskWare
IP Address: 117.207.229.201
Port: 137
Type: Outbound
File: System

Your PC wants to communicate NetBIOS over IP via TCP Port 137 to 117.207.229.201 [ Kottayam, Kerala, India; BHARAT SANCHAR NIGAM LIMITED (aka; BSNL ]

TCP Port 137

The file is the system, the OS is performing the Outbound

It is unusual for NetBIOS over IP to communicate outside a Local Area Network.  The IP noted is on the Internet (WAN).  If your are behind a Router or a Router with Firewall constructs, it should be set to block NetBIOS over IP egress.

Just to make sure your system is not infected, please read;  I'm infected - What do I do now?

Then create a post in;   Windows Malware Removal Help & Support

Some notes for Router security

  • Disable acceptance of ICMP Pings
  • Change the Default Router password using a Strong Password
  • Use a Strong WiFi password on WPA2 using AES encryption or Enable WPA3 if it is an option.
  • Disable Remote Management
  • Create separate WiFi networks for groups of devices with similar purposes to prevent an entire network of devices from being compromised if a malicious actor is able to gain unauthorized access to one device or network. Example: Keep IoT devices on one network and mobile devices on another.
  • Change the network name (SSID).  Do not use your; Name, Postal address or other personal information.  Make it unique or whimsical and known to your family/group.
  • Is the Router Firmware up-to-date ?  Updating the firmware mitigates exploitable vulnerabilities.
  • Specifically set Firewall rules to BLOCK;   TCP and UDP ports 135 ~ 139, 445, 1234, 3389 and 5555
  • Document passwords created and store them in a safe but accessible location.

 

Edited by David H. Lipman
Edited for content, clarity, spelling and/or grammar
Link to post
Share on other sites

To add what David mentioned, Outbound connections like this are a sign of some malware.

Please do the following so I can ask @AdvancedSetup to assist in removing any possible malware.

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

 

  • Download the Malwarebytes Support Tool
  • In your Downloads folder, open the mb-support-x.x.x.xxx.exe file
  • In the User Account Control pop-up window, click Yes to continue the installation
  • Run the MBST Support Tool
  • In the left navigation pane of the Malwarebytes Support Tool, click Advanced
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply

Thanks

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.