How to find out which program is accessing bad IP address?

[DwayneR]

Good day to all.

Installed MBAM for the first time yesterday (Registered version) and see MANY warnings about blocking certain IP addresses.

How do I go about finding out which program or programs are attemtping those accesses? I'm reasonably sure that my machine is clean - but all these warnings (several per minute) worry me.

Typical IP addresses taken from the logs:

94.96.108.201

95.211.101.132

89.28.85.50

89.28.74.166

83.233.165.8

89.28.103.64

58.241.135.215

121.9.147.26

and many more.

Many thanks!

dwayne

[mountaintree16]

Hello DwayneR. Welcome to the forums here at Malwarebytes.org, and thank you for your purchase

Do you have any P2P programs installed perchance?

As a side note, when replying, please use the ADD REPLY button, as this makes the forum easier to read.

Thank you

[DwayneR]

Yes, in fact, I'm currently running uTorrent. Not downloading anything but left it running until my share ratio reaches 50 or so.

So: I'll exit uTorrent and see if the number of warnings decreases or stops.

Thanks for the suggestion.

Question: If it does turn out to be related to uTorrent, would the easiest thing to do to just do the registry entry to hide the warnings?

Question #2: if its not related to uTorrent, what do I look for next?

Many thanks!

dwayne

[mountaintree16]

Dwayne,

Ah hah! Has to be uTorrent then. I highly, highly recommend uninstalling that and never ever using it again!

If you must keep it, do the registry switch for a silent IP block.

However, if you can wait, the new version of Malwarebytes coming out will have a silent IP block option built into the program, so no need to make the registry switch anymore.

Again, I recommend uninstalling uTorrent...

If its NOT uTorrent, you should have your machine looked at as you may be infected. To get checked, just follow Buttons's directions below

As I hope you know, torrents are largely responsible for many infections and make it easy to spread infections among many users very quickly.

You are quite welcome

[DarkSnakeKobra]

Hi DwayneR and welcome to malwarebytes'!

1. The registry entry doesn't actually turn it off, but silence it. But some files may not get downloaded if blocked. Personally I would remove Utorrent all together.

2. I would follow these directions to get yourself checked out.

We don't work on Malware removal or diagnostics in the general forums.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Edit: Another user was reading this thread and got the wrong name. Sorry.

[DwayneR]

Many thanks for your suggestions.

I have had no more reports of blocked IP addresses since shortly after I exited uTorrent. I highly suspect that you found the cause of those reports.

I am reluctant to un-install uTorrent - I use it several times per year to download books or other out-of-print articles and magazines as well as downloading old music that is not available for sale ANYWHERE.

I'm an old fart (my first computer was a home-built 6800, my first PC was a Columbia PC clone) and thus never did get into the whole video / ripped-off movies / ripped-off TV shows that many users use torrents for.

And, of course, I *do* scan everything that I download with my local AV (Eset's NOD32), and, sometimes, on-line scanners.

I guess that I won't always run uTorrent, though.

Question:

I'm currently running both NOD32 as well as MalwareBytes Active Protection. Is there any problem with doing that? I have not noticed any issues since installing MBAM (registered version) yesterday afternoon.

Many thanks!

dwayne

[mountaintree16]

Dwayne,

I do understand why you are using it but still, its not exactly legal, even for your usages.

I've been able to find some old music for sale on iTunes though, have you tried that at all, at least for the music?

Ask yourself this question: is your uTorrent usage of more priority to you than the fact that you are putting your machine at risk (and maybe your personal information as well) every time you use uTorrent? As I said, they are responsible for spreading many infections, repeat infections, including some of the worst infections out there such as the TDSS rootkit and Virut file infectors.

That being said, it is good that you scan everything after you download it.

If you haven't experienced any issues between Malwarebytes and NOD32, then there isn't really anything else you should need to do. Mbam is designed to complement your AV program

It doesn't hurt to add exclusious to NOD32 for Mbam though:

Step 3: Exclude Malwarebytes' Anti-Malware's Files and Folders From Other Active Security Programs:

For Windows XP:

• C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  
• C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  
• C:\Windows\System32\drivers\mbam.sys
  
• C:\Windows\System32\drivers\mbamswissarmy.sys
  

For Windows Vista or Windows 7:

• C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
  
• C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
  
• C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
  
• C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  
• C:\Windows\System32\drivers\mbam.sys
  
• C:\Windows\System32\drivers\mbamswissarmy.sys
  

For 64 bit versions of Windows Vista or Windows 7:

• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\zlib.dll
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
  
• C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
  
• C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
  
• C:\Windows\System32\drivers\mbam.sys
  
• C:\Windows\SysWoW64\drivers\mbamswissarmy.sys
  

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude them from it as well

The FAQ contains examples of setting file exclusions for some known AV products.

[mylanta3]

Great catch mountaintree! And you are so right this is behind most malware issues today.

[mountaintree16]

Thanks mylanta3

Mind not quoting me, though, and taking it out? It's unnecessary, I know that you mean me, and it makes the thread more confusing.

Edit: Thanks mylanta3

[mylanta3]

No problem done!