Jump to content

RTP Detection for Outbound


Recommended Posts

Just checking out Malwarebytes. I loaded it yesterday, and this morning it is blocking a site with RTP Detection. (secure285.inmotionhosting.com)

Virustotal listed this URL as a 0/89. It happens to be my web host.

I'm not sure why svchost.exe would be reaching out to it, although it is the email server that I use. Thunderbird could possibly by reaching out to it without an application launch. Advanced History Report attached.

Why is MB blocking this site? Thanks.

RTP Blocked Site.txt

Link to post
Share on other sites

Hello @MisterV30 and :welcome::

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run the following Malwarebytes utility, or its subsets, please carefully follow these instructions:

  1. Download the Malwarebytes Support Tool.
  2. In your Downloads folder, open the mb-support-x.x.x.xxx.exe file.
  3. In the User Account Control (UAC) pop-up window, click Yes to continue the installation.
  4. Run the MBST Support Tool.
  5. In the left navigation pane of the Malwarebytes Support Tool, click Advanced.
  6. In the Advanced Options, click only Gather Logs. A status diagram displays the tool is Getting logs from your computer.  WARNING: Do Not click the Repair System under Advanced unless requested to by a Malwarebytes support agent or authorized helper.
  7. A zip file named mbst-grab-results.zip will be saved to the Public desktop, please attach that file in your next reply to this topic. Please do NOT copy and paste.

For the short time between when you post the diagnostic logs, and when your helper weighs in, please take no further self-directed remedial actions that will invalidate the diagnostic logs you will have posted.

Thank you.

Link to post
Share on other sites

  • Root Admin

Thank you for the logs @MisterV30

The logs are not showing any known issue from the system. The IP was blocked as that domain was previously being used as part of RDP attacks.

https://www.abuseipdb.com/check/172.81.118.57

 

We have reviewed the IP further and have found it no longer warrants the block. It will be removed today.

Please update Malwarebytes in a few hours and check again and it should no longer produce the block.

Thank you

 

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.