Finding malicious sites

[dougham]

Everyday mbam pro shows me sites that it has "saved" me from.

How can I find out what program is trying to reach these sites.

I have a spare PC with a saved system image on which I have tried to access these sites. If it gets attacked I can boot from a special CD and restore the complete system. So far every site does not exist.

It would be worthwhile if the log file could show the calling program name when a site is rejected.

Is it possible that these sites do not exist, but should exist?

Regards

DOug

[Haider]

Hello dougham:

Please read Section G Post #7 IP Protection Module for a thorough understanding

IP Protection Module works on the basis of IP address i.e. it will block any inbound as well as outbound IP that is blacklisted and is in the database regardless of which URL it belongs

[noknojon]

Hi -

The problem is that there can be many sites at the same IP , but only one or two are "bad" sites -

The module will block the IP unless you know that one of the sites are 100% OK - Then you add that site to your exclusions list -

An Internet Protocol address (IP address) is a numerical label that is assigned to any device participating in a computer network that uses the Internet -

Thank You -

[Firefox]

Doug, your firewall may have logs that may be able to show you what program is trying to access those sites.

You should be concerned that these are happening to you everyday as you stated. Do you have any P2P programs running, Skype, or Messenger programs. These can produce these blocks. If not you need to find out if you have an infection that is not being detected, perhaps a rootkit.