TheCoach Posted June 4, 2010 ID:261819 Share Posted June 4, 2010 I had a problem with a computer getting a rogue antivirus infection. Malwarebytes Free was able to clean it, however it would keep coming back.I now have the paid version, and every time I bring up IE8, IP addresses get blocked. So far, no more virus. I know that MB is doing it's job, butI want to find out what process or program is trying to go to these IP addresses. I had started up IE with no addons and still get the IP blocking messages.Thanks for any ideas. Link to post Share on other sites More sharing options...
tbarber Posted June 5, 2010 ID:262158 Share Posted June 5, 2010 I had a similar thing yesterday with 2 computers.One was corrected by:IE8ToolsOptionsAdvanced tabReset Internet explorer settings.The other machine crashed - had to rebuildTom Link to post Share on other sites More sharing options...
erikig Posted June 8, 2010 ID:263977 Share Posted June 8, 2010 I have the same question: - How can one tell which process or program is triggering the MBAM alerts? - Is it possible to include the process or program data in the protection-log?After clean installing firefox as well as scanning with a few AV suites (AVG, Avast), I still keep getting the Malwarebytes IP alerts. In addition, I'm still getting intermittent blank pop-ups even though the MBAM (Full/Paid) scan return no results.Any assistance in pinpointing the offending processes would be appreciated.Thanks Link to post Share on other sites More sharing options...
Firefox Posted June 8, 2010 ID:264013 Share Posted June 8, 2010 @ erikigDo you use any type of P2P software (ie. utorrent, limewire, or the like)? Link to post Share on other sites More sharing options...
erikig Posted June 8, 2010 ID:264062 Share Posted June 8, 2010 @ erikigDo you use any type of P2P software (ie. utorrent, limewire, or the like)?@Firefox, not on this workstation. The only applications (other than web browsers) that get any amount of use are: - UltraEdit - WebDrive - A couple of trading apps(all legit, no cracks etc)The issue only rears its head when Firefox is open. Since it was a clean install I didn't expect any issues.If only I could identify the source of the blocked requests, I think I could resolve this... Link to post Share on other sites More sharing options...
Firefox Posted June 8, 2010 ID:264165 Share Posted June 8, 2010 it could be a plugin that you have installed with firefox.....Also you can use a program called CurrPorts to monitor your traffic and try and figure out what it is. Link to post Share on other sites More sharing options...
erikig Posted June 8, 2010 ID:264219 Share Posted June 8, 2010 it could be a plugin that you have installed with firefox.....Also you can use a program called CurrPorts to monitor your traffic and try and figure out what it is.Thanks for the utility, I'll keep an eye on the traffic and see what it finds.I was finally able to figure out what was wrong, just as a note to anyone else who keeps getting MBAM notices about requests from: 85.12.46.159, 91.212.226.67 etc. They were caused by a tdss variant, a particularly nasty trojan that infects a random system dll and then masks its existence by reporting the dll's correct attributes/contents to virus scanners. http://www.symantec.com/security_response/...-091809-0911-99I'm going to give Combofix a try and see whether it helps things: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWish me luck... Link to post Share on other sites More sharing options...
Firefox Posted June 8, 2010 ID:264227 Share Posted June 8, 2010 OK thanks for the heads up, if you need help from the experts to get you cleaned up let me know and I will give you instructions on how to do that. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now