Jump to content
td1

IP False positive?

Recommended Posts

Hi,

My protection module keeps coming up with the message: Malicious IP blocked 58.65.47.206 every so often, even when i'm not surfing the internet.

However, I have no idea what IP this is, and when I looked it up on the internet it seemed to be from somewhere in Japan...

Also when I ran full scans using Malwarebytes' Anti-Malware, Mcafee, and Ccleaner, nothing was found.

Since nothing's coming up in scans could it be a false positive?

Thanks!

Share this post


Link to post
Share on other sites

Well if I don't have a browser open it's still coming up sometimes. I probably do have other programs using the internet though like msn.

Share this post


Link to post
Share on other sites

If it's still popping up with the browser closed, the likely cause is a P2P program, especially given 58.65.47.206 is a residential IP. However, I'd still recommend having your computer checked for infection as IP's within this range are also known for bot activity.

Share this post


Link to post
Share on other sites
If it's still popping up with the browser closed, the likely cause is a P2P program, especially given 58.65.47.206 is a residential IP. However, I'd still recommend having your computer checked for infection as IP's within this range are also known for bot activity.

Could removing the p2p programs stop it and is there any way of removing it otherwise? Also, since I've scanned with Malwarebytes, Mcafee and ccleaner (and they haven't found anything), how else could I get it checked for infection? Would downloading hijackthis and posting a log help? Thanks.

Share this post


Link to post
Share on other sites

Removing the P2P programs and closing the respective ports in your firewall/router, should stop the alerts, yes.

As far as having your machine checked, you can do so by following the instructions at;

http://forums.malwarebytes.org/index.php?showtopic=9573

Share this post


Link to post
Share on other sites
Removing the P2P programs and closing the respective ports in your firewall/router, should stop the alerts, yes.

As far as having your machine checked, you can do so by following the instructions at;

http://forums.malwarebytes.org/index.php?showtopic=9573

Thanks. How do you close the right ports in your firewall? Sorry about this! Also, I'll follow all the checks when I'm able to connect to a server which doesn't block download of those programs automatically.

Share this post


Link to post
Share on other sites

The easiest method is to delete all current rules in your firewall filter, and start by opening port 80 and 443, which is required for HTTP/HTTPS, and opening for example, SMTP/POP/FTP only as required by whichever program you're using.

Share this post


Link to post
Share on other sites
The easiest method is to delete all current rules in your firewall filter, and start by opening port 80 and 443, which is required for HTTP/HTTPS, and opening for example, SMTP/POP/FTP only as required by whichever program you're using.

Is there not a way to configure windows firewall that can just entirely block access to that IP address? That would make things much easier once it's done. Thanks for your time.

Share this post


Link to post
Share on other sites

Not via the Windows Firewall. I'd actually not recommend staying with the Wndows firewall, and instead recommend you switch to either Online Armour or Outpost (both have free versions)

Share this post


Link to post
Share on other sites
Not via the Windows Firewall. I'd actually not recommend staying with the Wndows firewall, and instead recommend you switch to either Online Armour or Outpost (both have free versions)

Sorry, it's actually Windows firewall with Advanced security. I don't know if that makes a difference!! Ok thanks, unfortunately as I've mentioned my network blocks downloads like that and same with antivirus downloads. I'll do it in a couple of weeks though. Can I post on the same thread in a couple of weeks once I've downloaded them and let you know if the recommended procedures for checking for infection came up with anything etc? Thanks!!!

Share this post


Link to post
Share on other sites

Feel free to come back and post, yes :D

Share this post


Link to post
Share on other sites
Feel free to come back and post, yes :P

Hi again, a few days ago I restarted my computer and when it started up again it said a few programs had stopped working, like Java, iTunes and internet explorer (although this doesn't really matter because I use google chrome). Also now, on the malwarebytes tab at the bottom of the screen, the IP protection option is off and when I click on it, it doesn't come on. This might be because of the proxy settings on this college network (which also blocks certain download sites). Any way to turn this back on without using the icon at the bottom-right of the screen?

My friend is really good with computers and he recommended that I download spy bot search and destroy to check my computer. This got rid of several tricky spyware and adware things although I had to restart and rescan. (Also if I can now re-activate the malwarebytes IP protection then I can tell if the malicious IP is no longer being contacted) Thing is, some of the Windows popups which say that programs have stopped working are still there. My friend says that it might be because on Ccleaner I deleted some registry files which it said had become unused after uninstalling programs (and taking up space).

BUT, although I reinstalled Java (and that seems fine) and I can probably reinstall iTunes when I get home, I can't reinstall Internet Explorer. When I downloaded internet explorer version 8 and tried to reinstall it a message popped up saying that I had a newer version I couldn't install. I also couldn't uninstall IE in order to reinstall it! Any way of fixing this?

Thanks!

T

Share this post


Link to post
Share on other sites

To re-install Malwarebytes properly;

1. Download:

http://www.malwarebytes.org/mbam-clean.exe

2. Uninstall Malwarebytes AntiMalware.

3. Restart your computer

4. Run mbam-clean.exe

5. Re-start your computer

6. Re-install Malwarebytes AntiMalware

Share this post


Link to post
Share on other sites
To re-install Malwarebytes properly;

1. Download:

http://www.malwarebytes.org/mbam-clean.exe

2. Uninstall Malwarebytes AntiMalware.

3. Restart your computer

4. Run mbam-clean.exe

5. Re-start your computer

6. Re-install Malwarebytes AntiMalware

When I do that will that allow me to use my IP protection and other protection module once malwarebytes is reinstalled? I don't want to have to pay for it again!!! Also, any idea about how to re-install internet explorer?

Thanks

Share this post


Link to post
Share on other sites

You'll not need to pay for it again :), it'll correct whatever is causing the problem for you.

To re-install Internet Explorer, please see;

http://support.microsoft.com/kb/318378

Or;

1. Click the Start button > Control Panel > Programs and Features

2. Select View installed updates

3. Select Windows Internet Explorer 8 from the list of available updates, click uninstall.

4. Restart Windows.

Share this post


Link to post
Share on other sites
You'll not need to pay for it again ;), it'll correct whatever is causing the problem for you.

To re-install Internet Explorer, please see;

http://support.microsoft.com/kb/318378

Or;

1. Click the Start button > Control Panel > Programs and Features

2. Select View installed updates

3. Select Windows Internet Explorer 8 from the list of available updates, click uninstall.

4. Restart Windows.

Hi again, the only problem now (it seems) is that I still can't activate the IP blocker function although I cleaned and reinstalled as suggested. Internet explorer works fine now as do those other internet programs. Spybot, mcaffee and malwarebytes all now say my system is free from infection. BUT, still can't activate the malwarebytes IP blocker... Any other way to activate it other than right clicking on the icon? I've had problems with activating or deactivating it that way in the past- it didn't always respond properly.

Thanks

Share this post


Link to post
Share on other sites

We've got a beta in testing that provides an additional route to enable it. You may want to contact support via the helpdesk and if they can't find a solution for you, enquire about trying the beta to see if that resolves it for you.

Share this post


Link to post
Share on other sites
We've got a beta in testing that provides an additional route to enable it. You may want to contact support via the helpdesk and if they can't find a solution for you, enquire about trying the beta to see if that resolves it for you.

sorry, how do i contact support via the helpdesk...?

Thanks

Share this post


Link to post
Share on other sites

My apologies;

support@malwarebytes.org

Share this post


Link to post
Share on other sites
My apologies;

helpdesk@malwarebytes.org

Actually, it's support@malwarebytes.org :)

Share this post


Link to post
Share on other sites
My apologies;

support@malwarebytes.org

Hi, I downloaded the beta that was suggested to me by support, and reinstalled the new version after uninstalling the old one. The protection module activated but only for a couple of seconds. I did this a couple of times, and also used the mbam-clean thing when I had uninstalled it before reinstalling the beta. There's a protection log i noticed which shows that it failed to load and gives an error code. It says: 15:46:26 Tom ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753

What is this code and does it give you a better idea for what's wrong?

Thanks

Share this post


Link to post
Share on other sites

FwpmEngineOpen0 is related to the Base Filtering Engine. Can you confirm this service is running please;

Start > Search, and type: services.msc

post-1009-1269794715_thumb.png

Share this post


Link to post
Share on other sites
FwpmEngineOpen0 is related to the Base Filtering Engine. Can you confirm this service is running please;

Start > Search, and type: services.msc

post-1009-1269794715_thumb.png

Hi, it says BFE where on your screenshot it says Base Filtering Engine, i assume they're the same thing. It also says: Description:<Failed to Read Description. Error Code: 2.> But above that it has an option to start the service. Should I just click that?

Thanks

Share this post


Link to post
Share on other sites
FwpmEngineOpen0 is related to the Base Filtering Engine. Can you confirm this service is running please;

Start > Search, and type: services.msc

post-1009-1269794715_thumb.png

Sorry, they obviously are the same thing, just saw that on your screenshot description. I tried pressing start it and it said: Windows could not start the BFE service on Local Computer. Error 193: 0xc1.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.