Jump to content

MBAM Blocking outgoing traffic but why no fix?

techengr
 Share

Recommended Posts

techengr

techengr

Posted
Posted

I am running the trial verion of MBAM and it repeatedly reports that it is blocking outgoing traffic to pottentially dangerous website IP addresses. When I google the IP addresses, they seem to be porn sites. That is awesome BUT why can't the program backtrack to the offending program on my computer and blow it away? If it will do that I will buy it but I have run just about every antimalware/AV tool on the market and I can't find anything active on my system.

Thanks,

Link to post
Share on other sites
techengr

techengr

Posted
  • Author
Posted

THANKS 4 the quick reply!!!

Nope. I have been battle the google redirect virus and finally got rid of it so my system is fairly clean from what I can tell. I have SUPERAntispyware, Norton Antivirus corporate and MBAM running.

:welcome:

Are you running any p2p programs such as Limewire, Frostwire, utorrent etc? Most of the time these are the case as they often connect to shady servers which are known to deliver malware.

Link to post
Share on other sites
DarkSnakeKobra

DarkSnakeKobra

Posted
Posted

You're welcome.:)

Ah you probably still have some leftovers on your computer. Follow the directions below and we'll get you cleaned up.:)

We don't work on Malware removal or diagnostics in the general forums.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Link to post
Share on other sites
techengr

techengr

Posted
  • Author
Posted

Thanks! I may may buy it just because of the high level of tech support! PLEASE pass my praise on to your boss! I work in computers and this is very rare these days, sadly.

Anyway, One more quick question: Is it possible to embed a worm or some type of malware into a favorites list? I use browser add-ons that sync my favorite lists but I am pretty sure they only communicate when I initiate them. If I understood how the redirect virus worked, I could probably answer my own question. Thanks again.

You're welcome.:)

Ah you probably still have some leftovers on your computer. Follow the directions below and we'll get you cleaned up.:)

We don't work on Malware removal or diagnostics in the general forums.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Link to post
Share on other sites
techengr

techengr

Posted
  • Author
Posted

I just read through the instructions and I have done all of that just recently (except for posting the DDS logs and have someone look at them) I will do as you suggested. So, can you tell me if MBAM has the capacity to tell the user what program is generating the outgoing traffic that it is blocking? If I knew that, I would be way ahead in the game.. Thanks.

Link to post
Share on other sites
DarkSnakeKobra

DarkSnakeKobra

Posted
Posted

Ok. It does show a notification in the tray for blocked outgoing application, but some other programs like Avast! or possibly Norton may intercept the process first causing it to show Avast! or whatever as the outgoing application. You're welcome.:)

Link to post
Share on other sites
techengr

techengr

Posted
  • Author
Posted

Sorry, I don't mean to bug the crap out of you but I have attached a screencap of the popup at the lower right hand side of the screen. That is all it tells me. The log file tells me the same thing:

00:00:05 loginname IP-BLOCK 67.29.139.153 (Type: outgoing)

00:00:06 loginname IP-BLOCK 208.73.210.29 (Type: outgoing)

00:00:07 loginname IP-BLOCK 95.143.193.138 (Type: outgoing)

etc...

Am I not looking in the right place or is it a feature of the paid version?

Thanks

post-83439-0-65694700-1307202389.jpg

Link to post
Share on other sites
techengr

techengr

Posted
  • Author
Posted

Geez! All I can say is WOW!! Thanks ShyWriter. I knew all of the instances of svhost had to be up to no good but I had no idea that all of that was going on. This will help a ton.

It appears to me that we are aproaching these people the wrong way. We need to turn their game around on them!! If they want our info, then send them info. Send a TON of bogus info which includes all of the programs in our quarantine caches and let them deal with it!!

.

post-35425-0-77968900-1307204190.png

http://technet.micro...us/sysinternals

Download TCPView from the right side of this page - TOP 10 DOWNLOADS

Install and run it.. It'll give you an idea of what is running and what might be trying to contact the outside.

Shy

Link to post
Share on other sites
ShyWriter

ShyWriter

Posted
Posted

Geez! All I can say is WOW!! Thanks ShyWriter. I knew all of the instances of svhost had to be up to no good but I had no idea that all of that was going on. This will help a ton.

It appears to me that we are aproaching these people the wrong way. We need to turn their game around on them!! If they want our info, then send them info. Send a TON of bogus info which includes all of the programs in our quarantine caches and let them deal with it!!

My pleasure, my friend.. Hope you are able to narrow down the problem. ;)

Shy

Link to post
Share on other sites
techengr

techengr

Posted
  • Author
Posted

Many thanks to you, as well, Buttons!! You provided the bulk of my answers. I lucked out by placing my inguiry in the wrong forum!! The forum that you steered me to where they do the "real work"....LOL Haven't had a chance to look at my posted files yet. Such is life. One more "You guys are awesome!" and I am outahere.... Take Care.

My pleasure, my friend.. Hope you are able to narrow down the problem. ;)

Shy

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.