Jump to content

Constant popup of "successfully blocked access to malicious ip address"


Recommended Posts

Hi,

I just bought the Malwarebytes Anti-Malware. And now that real-time scanning has been enabled, I'm getting a constant popup message from the task bar Malwarebytes icon telling me that Malwarebytes has successfully blocked access to malicious ip address 193.104.22.70

Is there anyway to make this popup quit appearing while at the same time keep blocking this malicious ip address?

Any suggestions on what to do?

I did put in the ip address at Google or Yahoo and it brought up 4 entries, one to the mywot.com site which said this is a bad ip address neighborhood. Here's the link:

http://www.mywot.com/en/forum/4983-zeus-an...icious-goodness

Any help would be greatly appreciated. :-)

Thank you.

Link to post
Share on other sites

Hi TroyTrojansFan, and welcome to the forums here at Malwarebytes.org, and thank you for your purchase ;)

Those messages mean that Malwarebytes is blocking access to sites that are hosting or lead to malicious content.

Are any webpages other than this one open when you are getting these messages?

Do you have any P2P programs installed, perchance? Examples: vuze, bittorrent, utorrent, etc... If so, these could be accounting for the popups.

As a side note, please use the "ADD REPLY" button at the bottom of the page when replying.

Thank you :D

Link to post
Share on other sites

-

The IP listed shows several sites that will cause infections - You are lucky that it was blocked - Several Trojans etc. are involved -

Some of the sites listed ----

2010/01/15_18:18 host-data.com/tormoz.bin 193.104.22.70 - zeus/wsnpoem v2 config file evict@infotorrent.ru 34305

2010/01/15_18:18 host-data.com/jeskarent.exe 193.104.22.70 - zeus/wsnpoem v2 trojan evict@infotorrent.ru 34305

2010/01/15_18:18 host-data.com/jestkiyperec.php 193.104.22.70 - zeus/wsnpoem v2 drop zone evict@infotorrent.ru 34305

Thank You - ;)

Link to post
Share on other sites

Hi,

I do not have any torrent type programs installed. I don't get into that stuff if you are talking about file sharing programs. I've actually got a pretty clean machine as I don't use excessive amounts of software as I have a habit of keeping junk off my machine to help improve performance.

I get the popup message regardless if I'm on my forums site, CNN, ESPN, etc. it doesn't matter what site, it always pops up.

Sometimes I have open tabs on my browser but usually they are open to two sites I help admin the forums for, that's about it. Maybe a third tab open for searching google or yahoo. That's really about it.

Thank you. :-)

Link to post
Share on other sites

I just made the above post and got the popup that it was blocking that one ip address here on this forum. It almost seems like someone is trying to get into my machine or something. Wouldn't Malwarebytes list different ip addresses if it was blocking stuff, instead of it being the same ip address over and over? That's confusing to me.

Link to post
Share on other sites

TroyTrojansFan,

I'm glad to hear that you that you are not using P2P/file sharing. ;)

I suspect that you may be infected, then, unfortunately, if you are constantly getting these popups ;) At least the connections are being blocked, which is good, but the (most likely) underlying infection needs to be cleaned from your machine.

Please read the following so that someone can assist you, or, for faster help, please contact support@malwarebytes.org

Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

Please note that currently it is quite busy in there, so the wait time might be 48 hours or more before someone is able to get back to you.

Thank you :D

Link to post
Share on other sites

ma3oony,

I suspect that you may be infected as well, unfortunately ;).

Malwarebytes is doing its job by blocking the connections though ;)

Please read the following:

Please read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

Please note that currently it is quite busy in there, so the wait time might be 48 hours or more before someone is able to get back to you.

Or, you may contact support@malwarebytes.org for faster assistance.

Thank you :D

Link to post
Share on other sites

Hi,

I've run the programs and have 3 text files on my desktop. I've started a thread here:

http://www.malwarebytes.org/forums/index.php?showtopic=36556

I'm not sure if I'm suppose to paste and copy stuff here or attach files. Sorry for being so absent minded, I'm taking some medicine that makes me kind of tired and loopy. :-)

Thank you.

Link to post
Share on other sites

Hi,

I just bought the Malwarebytes Anti-Malware. And now that real-time scanning has been enabled, I'm getting a constant popup message from the task bar Malwarebytes icon telling me that Malwarebytes has successfully blocked access to malicious ip address 193.104.22.70

Is there anyway to make this popup quit appearing while at the same time keep blocking this malicious ip address?

Any suggestions on what to do?

I did put in the ip address at Google or Yahoo and it brought up 4 entries, one to the mywot.com site which said this is a bad ip address neighborhood. Here's the link:

http://www.mywot.com/en/forum/4983-zeus-an...icious-goodness

Any help would be greatly appreciated. :-)

Thank you.

HERE's A REPLY I RECEIVED FROM THEIR TECH SUPPORT:

You can choose both to be protected to and block the IPs 'silently'. Please see Number 1 (silentipmode) below.

Registry Switches for Controlling IP-Blocking

Create the indicated registry value (labeled as key | value) with the indicated data and reboot to enforce the policies below. All of the values are of type DWORD

In order to create a registry value, open the Registry Editor (Click on Start -> Run -> and type in REGEDIT.EXE)

Browse to the key listed, and then right-click in the right-hand panel and choose New -> DWORD and create one of the listed keys and set the value as shown.

x86 32 Bit Key: HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware

1. x64 64 Bit Key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malwaresilentipmode

Description: With a DWORD value of 1, the protection module will block and log IPs silently.

2. startipdisabled

Description: With a DWORD value of 1, IP blocking will start disabled on reboot, although it can be enabled subsequently.

3. disableipblocking

Description: With a DWORD value of 1, IP blocking will be permanently disabled (cannot be toggled).

Link to post
Share on other sites

HERE's A REPLY I RECEIVED FROM THEIR TECH SUPPORT:

You can choose both to be protected to and block the IPs 'silently'. Please see Number 1 (silentipmode) below.

Registry Switches for Controlling IP-Blocking

Create the indicated registry value (labeled as key | value) with the indicated data and reboot to enforce the policies below. All of the values are of type DWORD

In order to create a registry value, open the Registry Editor (Click on Start -> Run -> and type in REGEDIT.EXE)

Browse to the key listed, and then right-click in the right-hand panel and choose New -> DWORD and create one of the listed keys and set the value as shown.

x86 32 Bit Key: HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware

1. x64 64 Bit Key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malwaresilentipmode

Description: With a DWORD value of 1, the protection module will block and log IPs silently.

2. startipdisabled

Description: With a DWORD value of 1, IP blocking will start disabled on reboot, although it can be enabled subsequently.

3. disableipblocking

Description: With a DWORD value of 1, IP blocking will be permanently disabled (cannot be toggled).

So the bolded is what it should be called? Or just "Malwarebytes' Anti-Malwaresilentipmode"?

I found the DWORD value area and set to 1.

Link to post
Share on other sites

TroyTrojansFan and jr213.

That quoted text is slightly wrong. It should say this:

You can choose both to be protected to and block the IPs 'silently'. Please see Number 1 (silentipmode) below.

Registry Switches for Controlling IP-Blocking

Create the indicated registry value (labeled as key | value) with the indicated data and reboot to enforce the policies below. All of the values are of type DWORD

In order to create a registry value, open the Registry Editor (Click on Start -> Run -> and type in REGEDIT.EXE)

Browse to the key listed, and then right-click in the right-hand panel and choose New -> DWORD and create one of the listed keys and set the value as shown.


  1. x86 32 Bit Key: HKEY_LOCAL_MACHINE\Software\Malwarebytes' Anti-Malware
    x64 64 Bit Key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware
  2. silentipmode
    Description: With a DWORD value of 1, the protection module will block and log IPs silently.
  3. startipdisabled
    Description: With a DWORD value of 1, IP blocking will start disabled on reboot, although it can be enabled subsequently.
  4. disableipblocking
    Description: With a DWORD value of 1, IP blocking will be permanently disabled (cannot be toggled).

Link to post
Share on other sites

I've had a few popups before rebooting my computer and I don't think I've had anymore since then. The MWB icon is in the task bar running like it is suppose to so I think I got it right. :-)

thank you for the help. I was about to go crazy with all the popups. LOL

OPEN THE PROGRAM AND LOOK AT THE LOG FOR TODAY, IT"LL SHOW YOU THE LAST INTERCEPT (AND ALL THE OTHERS FOR TODAY TOO)

JOHN

PS GOOD LUCK

Link to post
Share on other sites

This is what the log shows for today:

Malwarebytes' Anti-Malware 1.44

Database version: 3574

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18865

1/16/2010 2:26:20 PM

mbam-log-2010-01-16 (14-26-20).txt

Scan type: Quick Scan

Objects scanned: 102044

Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

TroyTrojansFan,

I know you would like to get rid of this asap but please don't keep posting in this thread about this.

Are you receiving help via email or on the forum (HJT forum)? One of your posts in this thread indicates to me that you seem to be receiving help via email. You need to choose one and stick with that. You should not be posting logs and asking malware removal questions in this thread any longer. Please be patient and you will receive help.

Thanks :)

Link to post
Share on other sites

If you are receiving help via the helpdesk (email), please stick to that and they'll get you cleaned up.

If you are NOT receiving help via the helpdesk (email), please follow the instructions at;

http://www.malwarebytes.org/forums/index.php?showtopic=9573

I'm locking this thread in the meantime as the original question has been answered and resolved.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.