Jump to content

Does several blocked outbound ip calls a day mean I'm infected?


Recommended Posts

Hi

I've not been getting anything found in the automated scans, but each day there is from 4 to 10 calls total to 1 or 2 different ip addresses a day that are blocked.

Is this a concern, or is there anything I should do?

Some ip addresses from the last week are:

77.78.208.76

203.200.180.196

94.96.83.55

62.45.89.237

222.64.57.78

89.28.47.238

194.143.137.146

87.248.186.82

Thanks

Struth

Link to post
Share on other sites

Hi

I've not been getting anything found in the automated scans, but each day there is from 4 to 10 calls total to 1 or 2 different ip addresses a day that are blocked.

Is this a concern, or is there anything I should do?

Some ip addresses from the last week are:

77.78.208.76

203.200.180.196

94.96.83.55

62.45.89.237

222.64.57.78

89.28.47.238

194.143.137.146

87.248.186.82

Thanks

Struth

Hello struth: :welcome:

This could be a concern. Those IP addresses are in many different countries.

1. Please tell us what Windows OS your computer is running.

2. Do you have any file sharing applications running such as a torrent, P2P client, Skype or similar?

3. What is the name and version of your antivirus application and what are the results of its scans?

Based on your answers, it might be best to move your inquire to another sub-forum where possibly infected systems are troubleshot with the aid of a trained expert.

Link to post
Share on other sites

Hi and thanks for the response,

The system is XP SP3 all updates applied.

The machine has no torrent clients, but does have skype (however set to offline as I don't use it).

There are 2 automated backup clients, mozyhome and crashplan.

It runs boinc (grid computing), hosted outlook and logmein (all run ok tho, meaning I can't see them failing because of false positives).

Antivirus is AVG (paid) which scans every night and has no record of anything.

It also has spybot (with immunisations aplied). Scans detect nothing.

Browsing is done via firefox with addons adblock plus, and noscript.

Thanks,

Struth

Link to post
Share on other sites

Hi and thanks for the response,

The system is XP SP3 all updates applied.

The machine has no torrent clients, but does have skype (however set to offline as I don't use it).

There are 2 automated backup clients, mozyhome and crashplan.

It runs boinc (grid computing), hosted outlook and logmein (all run ok tho, meaning I can't see them failing because of false positives).

Antivirus is AVG (paid) which scans every night and has no record of anything.

It also has spybot (with immunisations aplied). Scans detect nothing.

Browsing is done via firefox with addons adblock plus, and noscript.

Thanks,

Struth

You might consider running Microsoft's/Sysinternal's TCPView to check which application(s) are seeking outgoing communication.

You might also consult your MBAM logs to see if an outgoing port/application is specified when the blocking occurs and post it here.

If at anytime you believe malware may be the source of your IP blocks, you should move this thread to the Malware Removal - HijackThis Logs sub-forum for expert help.

Link to post
Share on other sites

Hi Struth

It still could be Skype, which does a lot in the background even though you are off-line.

To test if it is Skype, either right click on the icon and choose Exit Skype, or set it so that it does not start with Windows:

Tools / Options / General - untick "Start Skype when I start Windows", then Save and reboot

Link to post
Share on other sites

Thanks for the suggestions - I've disabled skypes start with windows capability. Plus will run TCPview to check.

Is there anywhere that lists the source ip addresses that are used as a reference and what they are? Or is that kept quiet so people don't know they are on the lists and then change their hosting?

Thanks, Struth

Link to post
Share on other sites

Following is the information received from Skype Support when I asked them why these ip addresses were being accessed. Blocking suspect ips by MalwareBytes does not cause any noticeable degradation of Skype's performance.

"We understand the inconvenience that might cause and we appreciate your patience and understanding. Skype is a peer-to-peer (P2P) application. Peer-to-peer makes it possible for multiple computers running the same P2P software to communicate and participate in traffic routing, processing and other bandwidth intensive tasks that are usually performed by a central server. P2P allows sharing files containing audio, video, data and real-time data.

Skype has no single

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.