Jump to content

Recommended Posts

I had a problem with a computer getting a rogue antivirus infection. Malwarebytes Free was able to clean it, however it would keep coming back.

I now have the paid version, and every time I bring up IE8, IP addresses get blocked. So far, no more virus. I know that MB is doing it's job, but

I want to find out what process or program is trying to go to these IP addresses. I had started up IE with no addons and still get the IP blocking messages.

Thanks for any ideas.

Link to post
Share on other sites

I have the same question:

- How can one tell which process or program is triggering the MBAM alerts?

- Is it possible to include the process or program data in the protection-log?

After clean installing firefox as well as scanning with a few AV suites (AVG, Avast), I still keep getting the Malwarebytes IP alerts.

In addition, I'm still getting intermittent blank pop-ups even though the MBAM (Full/Paid) scan return no results.

Any assistance in pinpointing the offending processes would be appreciated.

Thanks

Link to post
Share on other sites

@ erikig

Do you use any type of P2P software (ie. utorrent, limewire, or the like)?

@Firefox, not on this workstation.

The only applications (other than web browsers) that get any amount of use are:

- UltraEdit

- WebDrive

- A couple of trading apps

(all legit, no cracks etc)

The issue only rears its head when Firefox is open. Since it was a clean install I didn't expect any issues.

If only I could identify the source of the blocked requests, I think I could resolve this...

Link to post
Share on other sites

it could be a plugin that you have installed with firefox.....

Also you can use a program called CurrPorts to monitor your traffic and try and figure out what it is.

Thanks for the utility, I'll keep an eye on the traffic and see what it finds.

I was finally able to figure out what was wrong, just as a note to anyone else who keeps getting MBAM notices about requests from: 85.12.46.159, 91.212.226.67 etc. They were caused by a tdss variant, a particularly nasty trojan that infects a random system dll and then masks its existence by reporting the dll's correct attributes/contents to virus scanners.

http://www.symantec.com/security_response/...-091809-0911-99

I'm going to give Combofix a try and see whether it helps things: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Wish me luck...

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.