Mbam detects outgoing connections

[challam]

I am a home user, and I've had MBAM for several months.

I've just upgraded to the Trial version and as soon as I did, I started to receive popup messages in the taskbar

I have had Virus and Malware infections over the past week.

Some were identified in MBAM full scans and others in in my AV (Trend Micro 2011)

I've just done full scans on both MBAM and Trend Micro and I'm still receiving the message even though nothing is found in the scans

I don't use Peer 2 Peer software, and have the latest trend micro Internet Security.

As you can see its almost constantly blocking something, and rather annoying and distracting.

protection-log-2011-06-15.txt

protection-log-2011-06-16.txt

I have attached the protection log and there are about 50 blocked IP's every last hour.

I have a few questions:

1) Would you expect the free version not to see this before?

2) Why would the Trial paid version suddenly find these? (I'm happy it has)

3) How can I find the infected file/s and get rid of them?

Thanks in anticipation.

Craig

[1PW]

I have a few questions:

1) Would you expect the free version not to see this before?

2) Why would the Trial paid version suddenly find these? (I'm happy it has)

3) How can I find the infected file/s and get rid of them?

Hello challum:

1. Without question.
   
2. The Real-Time Protection Module is now activated with Automatic Malicious Site Protection.
   
3. Follow the steps below.
   

Liklihood exists that your system is infected and here are the steps needed to get your computer cleaned....

Please read the following so that you can begin the cleaning process:

You have 3 Options that you can choose from as listed below:

[*]Option 1

[challam]

As a new user top this site, I tried to familiarise myself with the "Forum Protocols" before I posted.

I've been on forums where you get slapped, spanked, your head bitten off, what ever you'd like to call it but a dressing down for not knowing every rule before you place your first post.

Can I say that that in 24 hours I've now been pushed into "ANOTHER" room twice.

Now whilst I understand why I'm being pushed into another room, consider how frustrating this is for someone who is new to the Malwarebytes forum and ask yourself if your making it too hard for the general public.

[challam]

I think I forgot to say that I was told to come into this room and post this message in here.

[Firefox]

Hello and

I want to apologize if you feel you are getting the run around, its no ones intention to do so.

That being said, can you answer a few questions...

Please provide following details, so that someone may be able to assist you:

• OS version including 32/64-bit
  
• Installed Security Product(s) including Firewall and Program Versions (we know your av is Trend Micro 2011)
  
• MBAM version (current 1.51.0.1200) (Free or Pro) (we know its the Trial right)
  
• Definition version (current 6871)
  
• Do you use a router to connect to Internet
  
• Are you showing any signs of an infection aside from the blocks (like popups or virus warnings)
  
• Are you using any P2P programs such as bittorrent, skype or the like
  
• Did you run any scans and was anything found
  

[Mainard]

Hello Challum,

I want to apologize first and foremost if you feel you have been given the run-around.

The topic you posted in, mainly consisted of "This is happening to me too." Whereas these issues can be seen as linked most tend to be specific to the system. Creating a topic of your own ensures that all of your questions will be answered and it will apply to your system. Also, detailed information is key to diagnosing your issue. Had you have posted that you were infected and felt your system compromised I would have suggested posting in the malware removal topic initially. It makes me think of the old idiom, "The devil is in the details." Nonetheless if you feel you have been 'trucked' around I sincerely apologize.

Thank you very much for your understanding.

[challam]

I've answered your questions below

Today I downloaded and installed TCPEye.

Ive attached some screen shots showing the processes Maywarebytes is blocking.

Craig

• OS version including 32/64-bit
  - Windows XP home 32 bit I guess
  
• Installed Security Product(s) including Firewall and Program Versions (we know your av is Trend Micro 2011)
  - I have trend Micro Titanium Internet security with windows firewall
  
• MBAM version (current 1.51.0.1200) (Free or Pro) (we know its the Trial right)
  - 1.51.0.1200 Trial Pro I guess. I cant see where it identifies which one
  
• Definition version (current 6871)
  - version 6873
  
• Do you use a router to connect to Internet
  - Yes Netgear adsl2
  
• Are you showing any signs of an infection aside from the blocks (like popups or virus warnings)
  - No nothing at all.
  
• Are you using any P2P programs such as bittorrent, skype or the like
  - No, I did use Limewire but uninstalled it 6 months ago
  
• Did you run any scans and was anything found
  - No I did a Mapwarebytes scan, Trendmicro scan and a Symantec online system scan.
  

[AdvancedSetup]

Hello Craig,

Yes you do appear to be infected. The General forum is where one asks basic questions. The HJT forum is where someone will assist you in further detecting and removal of any infections. Please choose an options as requested in the 2nd post and someone will assist you in removing the infection.

IP Information - 94.244.80.223

IP address: 94.244.80.223

Reverse DNS: 94-244-80-223.ip.kis.lt.

Reverse DNS authenticity: [Could be forged: hostname 94-244-80-223.ip.kis.lt. does not exist]

ASN: 25190

ASN Name: KIS-AS (UAB "Kauno Interneto Sistemos")

IP range connectivity: 7

Registrar (per ASN): RIPE

Country (per IP registrar): LT [Lithuania]

Country Currency: Unknown

Country IP Range: 94.244.64.0 to 94.244.127.255

Country fraud profile: High

City (per outside source): Unknown

Country (per outside source): LT [Lithuania]

Private (internal) IP? No

IP address registrar: whois.arin.net

Known Proxy? No

Thank you.

[challam]

3rd room shove

Lets assume I'm a newby for a minute. Whats a HJT, and where do I find that.

When I get to this place, Does one need to repeat themselves for a 3th time, starting all over again, or will someone know whats going on.

Did you read my previous posts about being shoved from room to room, and the replies. Really makes one feel Frustrated.

- Craig

Hello Craig,

Yes you do appear to be infected. The General forum is where one asks basic questions. The HJT forum is where someone will assist you in further detecting and removal of any infections. Please choose an options as requested in the 2nd post and someone will assist you in removing the infection.

Thank you.

[challam]

Why would I be getting asked questions in this room if its not supposed to be dealt with here.

More Frustrated Craig.

[AdvancedSetup]

It is not a 3rd room shove. Please take your time and re-read the post here as thousands of users have been able to follow these directions, some with a little more guidance than others.

If you continue to find this difficult to use on a forum then perhaps you may want to email support who will work with you in email. There is also an option listed where you can pay for someone to remote control your system and fix it for you.

Thanks Craig.