Jump to content

91.212.226.6 False positive?


kozmick
 Share

Recommended Posts

Any history on this IP...mbam IP blocker continues to block this IP...

protection-log-2011-06-21.txt

08:35:17 Michael MESSAGE Protection started successfully

08:35:21 Michael MESSAGE IP Protection started successfully

08:40:09 Michael IP-BLOCK 91.212.226.6 (Type: outgoing, Port: 49583, Process: svchost.exe)

08:50:50 Michael MESSAGE Protection started successfully

08:50:55 Michael MESSAGE IP Protection started successfully

08:58:09 Michael DETECTION C:\PROGRAM FILES (X86)\NETSPEED\NETMETER\HOONETMETER.EXE Adware.Agent ALLOW

09:02:53 Michael MESSAGE Protection started successfully

09:02:57 Michael MESSAGE IP Protection started successfully

09:04:01 Michael IP-BLOCK 91.212.226.6 (Type: outgoing, Port: 49240, Process: svchost.exe)

09:34:12 Michael IP-BLOCK 91.212.226.6 (Type: outgoing, Port: 49416, Process: svchost.exe)

09:44:52 Michael IP-BLOCK 91.212.226.6 (Type: outgoing, Port: 49428, Process: svchost.exe)

09:58:01 Michael MESSAGE Scheduled update executed successfully

09:58:02 Michael MESSAGE IP Protection stopped

09:58:03 Michael MESSAGE Database updated successfully

09:58:04 Michael MESSAGE IP Protection started successfully

11:56:13 Michael IP-BLOCK 91.212.226.6 (Type: outgoing, Port: 50574, Process: svchost.exe)

12:26:41 Michael IP-BLOCK 91.212.226.6 (Type: outgoing, Port: 50897, Process: svchost.exe)

12:27:33 Michael DETECTION C:\PROGRAM FILES (X86)\NETSPEED\NETMETER\HOONETMETER.EXE Adware.Agent ALLOW

12:32:09 Michael MESSAGE Protection started successfully

12:32:13 Michael MESSAGE IP Protection started successfully

12:32:53 Michael IP-BLOCK 91.212.226.6 (Type: outgoing, Port: 49179, Process: svchost.exe)

12:49:43 Michael IP-BLOCK 199.238.181.201 (Type: outgoing, Port: 49303, Process: firefox.exe)

12:50:07 Michael IP-BLOCK 199.238.181.201 (Type: outgoing, Port: 49305, Process: firefox.exe)

12:57:18 Michael MESSAGE IP Protection stopped

12:57:20 Michael MESSAGE Database updated successfully

12:57:21 Michael MESSAGE IP Protection started successfully

13:03:38 Michael IP-BLOCK 91.212.226.6 (Type: outgoing, Port: 49417, Process: svchost.exe)

13:14:03 Michael IP-BLOCK 91.212.226.6 (Type: outgoing, Port: 49441, Process: svchost.exe)

13:18:28 Michael MESSAGE IP Protection stopped

13:18:29 Michael MESSAGE IP Protection started successfully

13:20:04 Michael IP-BLOCK 91.212.226.6 (Type: outgoing, Port: 49461, Process: firefox.exe)

13:20:12 Michael IP-BLOCK 91.212.226.6 (Type: outgoing, Port: 49463, Process: firefox.exe)

13:20:12 Michael IP-BLOCK 91.212.226.6 (Type: outgoing, Port: 49465, Process: firefox.exe)

13:20:20 Michael IP-BLOCK 91.212.226.6 (Type: outgoing, Port: 49466, Process: firefox.exe)

14:24:46 Michael MESSAGE IP Protection stopped

14:24:47 Michael MESSAGE IP Protection started successfully

15:25:05 Michael IP-BLOCK 91.212.226.6 (Type: outgoing, Port: 50783, Process: svchost.exe)

15:55:30 Michael IP-BLOCK 91.212.226.6 (Type: outgoing, Port: 51337, Process: svchost.exe)

16:06:10 Michael IP-BLOCK 91.212.226.6 (Type: outgoing, Port: 51347, Process: svchost.exe)

18:17:33 Michael IP-BLOCK 91.212.226.6 (Type: outgoing, Port: 51557, Process: svchost.exe)

18:47:58 Michael IP-BLOCK 91.212.226.6 (Type: outgoing, Port: 51618, Process: svchost.exe)

18:57:59 Michael IP-BLOCK 91.212.226.6 (Type: outgoing, Port: 51680, Process: svchost.exe)

Whois:

IP address:

91.212.226.6

Server Location:

Zhirkov, Volgograd in Russian Federation

ISP:

Artem Zhirkov Alekseevich

Googled:

Many bad references to this IP for hacking...

Please advise.

Thanks,

~mak

Link to post
Share on other sites

Turns out that IP 91.212.226.6 is in fact NOT a false positive...this IP was going to a notorious hacker in Russia...

Here's the text on a related post by me re Netmeter False Positive...

Here's an update for others who may be experiencing similar woes:

After chasing this thing for days/weeks...finally out of desperation, turned to Comcast Online Malware Removal support - not cheap - $130US, but ultimately worth every penny, as I learned the process to be able to do this to my own system:

1. The Tech logged on to my computer remotely

2. Did many tests etc. cleaned up registry, services startup etc.

3. Finally upon running a battery of test software, most of which is available like Malwarebytes(first prog he installed and ran)Process Explorer and Autoruns from sysintervals.com, the Tech installed remotely, TDSS Killer scan by Kaspersky (free tool downloadable) a rootkit malware was found (Rootkit.win32.TDSS.tdl4)

4. TDSS then prompted to cure. Problem resolved....so far...

Netmeter was, BTW, very responsive to my concerns, and was most helpful in negating any possibility that the program Netmeter was causing the problem. I highly recommend the progrram and the support for it.

To the staff at Malwarebytes, thank for all your help.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.