Jump to content

Recommended Posts

This issue may be outside the strict remit of Malwarebytes, however I would greatly appreciate help with stopping persistent malware IP accesses, that are evidenced by MBAM IP block messages. The blocked IP address is usually 94.75.228.175 but others sometimes occur.

The affected computer is a Dell XPS 700 running WinXP SP3. The IP blocks always occur when browsing, however only with a search results page showing (Google, Bing, Yahoo, etc). This is the trigger that starts the blocks - I do not have to visit any site other than Google, etc.

Key point: the problem occurs only on this one computer. I have worked with five other computers (similarly configured) in the past two years and none of them have this problem. I have rechecked four of these computers in the last half hour and confirm this problem is completely absent.

I have never knowingly installed any P2P software, don't have IM enabled, have never run Skype. I am using a Draytek router in full stealth mode, therefore I believe the malicious IP accesses are being triggered by something running on this computer. The problem is I don't know what. I am very happy to investigate further and to delete / uninstall anything that might be suspicious. I used to have Avast running also - I uninstalled it and the problem persists.

I have full logs available: HijackThis, ActivePorts, MBAM-info, which I can email or upload to my website for access, but would prefer to do this privately.

Thanks very much!

Link to post
Share on other sites

Thanks for you reply and welcome! Yes, I have been in contact with the help desk. They said this problem is 'normal'. However it can't be normal for a computer to be constantly bombarded by malware IP addresses, and this is proven by the fact that the problem is completely absent on 5 other computers with similar configuration. I haven't been able to get any further via the help desk and therefore I would greatly appreciate some help from the forum - people who have experienced this (or a similar) issue and have found a solution.

I am using a Draytek router in full stealth mode, so the malware IP accesses must be triggered by something running on the computer. I am very keen to get rid of it!

Many thanks!

Link to post
Share on other sites

Hello again Philip Perkins

I suggest letting one of the Experts have a look at it to check this out. It is a FREE service

As we don't work on Malware removal in the General Malwarebytes' Anti-Malware Forum as it is for issues with the program itself,

only in the Malware Removal - HijackThis Logs section

Please print out, read and follow the Directions Here, skipping any steps you are unable to complete. Then post a NEW Topic Here

One of the Expert helpers there will give you one-on-one assistance when one becomes available.

Please note that it may take 48 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 48 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help. If no one has replied within 48 hours then please go ahead and either reply to your post or send a private message to a Moderator and let them know that you're still needing assistance.

Logs to reply with:(If possible)

MBAM

DDS/GMER

If you are unable to do all or any of the steps in the link to the directions above, just post your problem into the forum I gave you a link to anyway and someone will be able to assist you.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options(Immediate Email Notification) so that you're alerted when someone has replied to your post.

Email Notification of new messages

Also, when replying, please use the ADDREPLYa8JTu.jpg button located at the bottom of the page, as this makes the forum easier to read.

Thanks :)

Link to post
Share on other sites

Hello again Philip Perkins

I suggest letting one of the Experts have a look at it to check this out. It is a FREE service

As we don't work on Malware removal in the General Malwarebytes' Anti-Malware Forum as it is for issues with the program itself,

only in the Malware Removal - HijackThis Logs section

Please print out, read and follow the Directions Here, skipping any steps you are unable to complete. Then post a NEW Topic Here

One of the Expert helpers there will give you one-on-one assistance when one becomes available.

Please note that it may take 48 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 48 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help. If no one has replied within 48 hours then please go ahead and either reply to your post or send a private message to a Moderator and let them know that you're still needing assistance.

Logs to reply with:(If possible)

MBAM

DDS/GMER

If you are unable to do all or any of the steps in the link to the directions above, just post your problem into the forum I gave you a link to anyway and someone will be able to assist you.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options(Immediate Email Notification) so that you're alerted when someone has replied to your post.

Email Notification of new messages

Also, when replying, please use the ADDREPLYa8JTu.jpg button located at the bottom of the page, as this makes the forum easier to read.

Thanks :)

Link to post
Share on other sites

  • 2 weeks later...

Hello again Wide Glide

This problem is completely resolved. I posted in the Malware Removal section as advised and received very generous help from RPMcMurphy who clearly has great expertise. It was a very nasty unknown virus but was completely gone after a few days.

Thanks very much for your referral. This topic can be closed now (or should I close it?)

--

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.