Jump to content

Recommended Posts

I have seen this issue on this forum and others but always assume is a virus but instead of doing all the infection procedures thought I'd just raise the issue.

It seems Malwarebytes is doing its job. Every week or so I get for many hours many times a second attempts by an IP usually from China with popup warnings by MB.

I have run 5 other deep virus and Malware programs and all run even with deep scan as clean. My thought is for those that keep having these popups it is more proof MB is doing its job vs being infected?

If I reboot I can usually stop the attack or probe or whatever it is. The IP it comes from varies but usually from China or Asia. The current IP starting 58. comes from China. I am not running any torrant or any P2P.

Here is example of my attack/probe (running Win 7 64 bit)

00:00:17 davephx IP-BLOCK 58.240.188.133 (Type: outgoing, Port: 59287, Process: svchost.exe)

00:00:25 davephx IP-BLOCK 58.240.188.133 (Type: outgoing, Port: 59287, Process: svchost.exe)

00:00:25 davephx IP-BLOCK 58.240.188.133 (Type: outgoing, Port: 59287, Process: svchost.exe)

00:00:25 davephx IP-BLOCK 58.240.188.133 (Type: incoming, Port: 59287, Process: svchost.exe)

00:00:34 davephx IP-BLOCK 58.240.188.133 (Type: incoming, Port: 59287, Process: svchost.exe)

00:00:34 davephx IP-BLOCK 58.240.188.133 (Type: incoming, Port: 59287, Process: svchost.exe)

I also see it running TCPview but doesn't give me any other info that seems useful.

Link to post
Share on other sites

Hello and welcome, davephx:

Those IP blocks -- even if you are not running torrent or P2P software -- could be a sign of computer infection.

I'm just a home user, so I don't have the tools to safely research the particular IPs in question, but I suspect, as you do, that they are not "false positives".

So, the safest thing would be to have one of the experts assist you in checking & cleaning your system.

Alas, we do not work on malware removal in this particular sub-forum.

However, free, expert assistance can be found at the malware removal-HJT forum.

Instructions on how to proceed are posted in the 1st Important Topic pinned at the top of this forum: "I'm Infected - What Do I Do Now?".

Here's how to get started checking and cleaning your system:

1. First, please go to THIS PAGE, print out, read and follow as many instructions as you can, skipping any you are unable to complete.

2. Then, please describe your computer's symptoms as best you can and post the requested logs by starting a new thread at the Malware Removal-HJT forum.

One of the authorized, trained experts will then assist you as soon as possible for one-on-one malware detection and removal.

When you post, please be sure to select Track This Topic & choose one of the email options, so that you will be notified when someone responds.

Please allow 24-48 hours before bumping your thread.

Other Support Options:

Alternatively, as a paying customer using MBAM PRO, you may wish instead to start a support ticket by contacting support at: support@malwarebytes.org; or

Premium, fee-based support options are available here: http://www.malwarebytes.org/premium-support.php.

Also, please use the "Add Reply" button when replying here & at the other boards, so that it will be easier for everyone to follow the thread.

I hope this gets you started on cleaning up your system,

daledoc1

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.