IP False positive?

[td1]

Hi,

My protection module keeps coming up with the message: Malicious IP blocked 58.65.47.206 every so often, even when i'm not surfing the internet.

However, I have no idea what IP this is, and when I looked it up on the internet it seemed to be from somewhere in Japan...

Also when I ran full scans using Malwarebytes' Anti-Malware, Mcafee, and Ccleaner, nothing was found.

Since nothing's coming up in scans could it be a false positive?

Thanks!

[DragonBoy]

When you get this message do you have any other programs active that are connected to the internet.

[td1]

Well if I don't have a browser open it's still coming up sometimes. I probably do have other programs using the internet though like msn.

[MysteryFCM]

If it's still popping up with the browser closed, the likely cause is a P2P program, especially given 58.65.47.206 is a residential IP. However, I'd still recommend having your computer checked for infection as IP's within this range are also known for bot activity.

[td1]

If it's still popping up with the browser closed, the likely cause is a P2P program, especially given 58.65.47.206 is a residential IP. However, I'd still recommend having your computer checked for infection as IP's within this range are also known for bot activity.

Could removing the p2p programs stop it and is there any way of removing it otherwise? Also, since I've scanned with Malwarebytes, Mcafee and ccleaner (and they haven't found anything), how else could I get it checked for infection? Would downloading hijackthis and posting a log help? Thanks.

[MysteryFCM]

Removing the P2P programs and closing the respective ports in your firewall/router, should stop the alerts, yes.

As far as having your machine checked, you can do so by following the instructions at;

http://forums.malwarebytes.org/index.php?showtopic=9573

[td1]

Removing the P2P programs and closing the respective ports in your firewall/router, should stop the alerts, yes.

As far as having your machine checked, you can do so by following the instructions at;

http://forums.malwarebytes.org/index.php?showtopic=9573

Thanks. How do you close the right ports in your firewall? Sorry about this! Also, I'll follow all the checks when I'm able to connect to a server which doesn't block download of those programs automatically.

[MysteryFCM]

The easiest method is to delete all current rules in your firewall filter, and start by opening port 80 and 443, which is required for HTTP/HTTPS, and opening for example, SMTP/POP/FTP only as required by whichever program you're using.

[td1]

The easiest method is to delete all current rules in your firewall filter, and start by opening port 80 and 443, which is required for HTTP/HTTPS, and opening for example, SMTP/POP/FTP only as required by whichever program you're using.

Is there not a way to configure windows firewall that can just entirely block access to that IP address? That would make things much easier once it's done. Thanks for your time.

[MysteryFCM]

Not via the Windows Firewall. I'd actually not recommend staying with the Wndows firewall, and instead recommend you switch to either Online Armour or Outpost (both have free versions)

[td1]

Not via the Windows Firewall. I'd actually not recommend staying with the Wndows firewall, and instead recommend you switch to either Online Armour or Outpost (both have free versions)

Sorry, it's actually Windows firewall with Advanced security. I don't know if that makes a difference!! Ok thanks, unfortunately as I've mentioned my network blocks downloads like that and same with antivirus downloads. I'll do it in a couple of weeks though. Can I post on the same thread in a couple of weeks once I've downloaded them and let you know if the recommended procedures for checking for infection came up with anything etc? Thanks!!!

[MysteryFCM]

Feel free to come back and post, yes

[td1]

Feel free to come back and post, yes

Hi again, a few days ago I restarted my computer and when it started up again it said a few programs had stopped working, like Java, iTunes and internet explorer (although this doesn't really matter because I use google chrome). Also now, on the malwarebytes tab at the bottom of the screen, the IP protection option is off and when I click on it, it doesn't come on. This might be because of the proxy settings on this college network (which also blocks certain download sites). Any way to turn this back on without using the icon at the bottom-right of the screen?

My friend is really good with computers and he recommended that I download spy bot search and destroy to check my computer. This got rid of several tricky spyware and adware things although I had to restart and rescan. (Also if I can now re-activate the malwarebytes IP protection then I can tell if the malicious IP is no longer being contacted) Thing is, some of the Windows popups which say that programs have stopped working are still there. My friend says that it might be because on Ccleaner I deleted some registry files which it said had become unused after uninstalling programs (and taking up space).

BUT, although I reinstalled Java (and that seems fine) and I can probably reinstall iTunes when I get home, I can't reinstall Internet Explorer. When I downloaded internet explorer version 8 and tried to reinstall it a message popped up saying that I had a newer version I couldn't install. I also couldn't uninstall IE in order to reinstall it! Any way of fixing this?

Thanks!

T

[MysteryFCM]

To re-install Malwarebytes properly;

1. Download:

http://www.malwarebytes.org/mbam-clean.exe

2. Uninstall Malwarebytes AntiMalware.

3. Restart your computer

4. Run mbam-clean.exe

5. Re-start your computer

6. Re-install Malwarebytes AntiMalware

[td1]

To re-install Malwarebytes properly;

1. Download:

http://www.malwarebytes.org/mbam-clean.exe

2. Uninstall Malwarebytes AntiMalware.

3. Restart your computer

4. Run mbam-clean.exe

5. Re-start your computer

6. Re-install Malwarebytes AntiMalware

When I do that will that allow me to use my IP protection and other protection module once malwarebytes is reinstalled? I don't want to have to pay for it again!!! Also, any idea about how to re-install internet explorer?

Thanks

[MysteryFCM]

You'll not need to pay for it again , it'll correct whatever is causing the problem for you.

To re-install Internet Explorer, please see;

http://support.microsoft.com/kb/318378

Or;

1. Click the Start button > Control Panel > Programs and Features

2. Select View installed updates

3. Select Windows Internet Explorer 8 from the list of available updates, click uninstall.

4. Restart Windows.

[td1]

You'll not need to pay for it again , it'll correct whatever is causing the problem for you.

To re-install Internet Explorer, please see;

http://support.microsoft.com/kb/318378

Or;

1. Click the Start button > Control Panel > Programs and Features

2. Select View installed updates

3. Select Windows Internet Explorer 8 from the list of available updates, click uninstall.

4. Restart Windows.

Hi again, the only problem now (it seems) is that I still can't activate the IP blocker function although I cleaned and reinstalled as suggested. Internet explorer works fine now as do those other internet programs. Spybot, mcaffee and malwarebytes all now say my system is free from infection. BUT, still can't activate the malwarebytes IP blocker... Any other way to activate it other than right clicking on the icon? I've had problems with activating or deactivating it that way in the past- it didn't always respond properly.

Thanks

[MysteryFCM]

We've got a beta in testing that provides an additional route to enable it. You may want to contact support via the helpdesk and if they can't find a solution for you, enquire about trying the beta to see if that resolves it for you.

[td1]

We've got a beta in testing that provides an additional route to enable it. You may want to contact support via the helpdesk and if they can't find a solution for you, enquire about trying the beta to see if that resolves it for you.

sorry, how do i contact support via the helpdesk...?

Thanks

[MysteryFCM]

My apologies;

support@malwarebytes.org

[GT500]

My apologies;

helpdesk@malwarebytes.org

Actually, it's support@malwarebytes.org

[td1]

My apologies;

support@malwarebytes.org

Hi, I downloaded the beta that was suggested to me by support, and reinstalled the new version after uninstalling the old one. The protection module activated but only for a couple of seconds. I did this a couple of times, and also used the mbam-clean thing when I had uninstalled it before reinstalling the beta. There's a protection log i noticed which shows that it failed to load and gives an error code. It says: 15:46:26 Tom ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753

What is this code and does it give you a better idea for what's wrong?

Thanks

[MysteryFCM]

FwpmEngineOpen0 is related to the Base Filtering Engine. Can you confirm this service is running please;

Start > Search, and type: services.msc

[td1]

FwpmEngineOpen0 is related to the Base Filtering Engine. Can you confirm this service is running please;

Start > Search, and type: services.msc

Hi, it says BFE where on your screenshot it says Base Filtering Engine, i assume they're the same thing. It also says: Description:<Failed to Read Description. Error Code: 2.> But above that it has an option to start the service. Should I just click that?

Thanks

[td1]

FwpmEngineOpen0 is related to the Base Filtering Engine. Can you confirm this service is running please;

Start > Search, and type: services.msc

Sorry, they obviously are the same thing, just saw that on your screenshot description. I tried pressing start it and it said: Windows could not start the BFE service on Local Computer. Error 193: 0xc1.