Jump to content

Trying to Track Blocked Outgoing IP w/ TCPView


Recommended Posts

About two weeks ago, an update to Malwarebytes added an IP address to block, 174.127.96.30, which resolves to a hosting company in UTAH, USA. (Mormon terrorists? :unsure: )

Exactly what in my system is attempting to 'call out' to this address has puzzled me, and in trying to run it down tried the 'TCPView' program which you suggest in your FAQ, but this program will not run on W2K.

Is there some other program that will work on W2K? With absolutely nothing running on a freshly booted machine, it still is trying to 'call out'. Nothing is found after running a full scan on the machine. I have several programs that 'call home' to trigger updates and such, and some may indeed be going through this Utah hosting company.

Sill would be nice to know. Is there a way to figure it out with W2K?

Link to post
Share on other sites

I've done TWO complete scans of my entire system with the most updated database, ZERO crud found, yet I still am getting the IP Block on "174.127.96.30" about every 5 minutes according to the log files.

Where is this coming from? Why doesn't Malwarebytes give a full explanation anywhere (that I can find) as to why this (or anything else for that matter) is being blocked?

Link to post
Share on other sites

Hello Beck38:

Are your IP-BLOCKS incoming or outgoing? Under Windows 7, MBAM would tell you the executable that calls the IP address.

On occasions I've found TCPView a bit too quick to dismiss a capture, hence I've tried Nir Sofer's CurrPorts, with success but I don't know if it's W2K compatible.

HTH :)

Link to post
Share on other sites

I got some other sniffing programs to grab the packets, and they were a bit lean on info.

Started up a support ticket, did some basic clean-ups (didn't do much if anything) and finally ran Combofix which dug deep and found the critter that was causing the problem.

But in researching that Utah/UK posting company, found they had been on several black lists for several years for some of their 'bad practices'. So that's why Malwarebytes blocks the IP, my only question is what did I do to get the crud on my machine... I don't think I'll ever know, or did Malwarebytes add it to the ban list kinda out of the blue although it probably should have been on it for forever - but the latest on them from several sources is they were involved in a DOS attack just a couple weeks ago, which was when it started popping up on my Malwarebytes log. So it might have been there since who knows, but reared it's head when the address was added to the ban list.

All clean now. Super service!

Link to post
Share on other sites

  • 2 weeks later...

After the 'fun' of two weeks ago, after which everything was running perfectly with no problems or alerts, this morning while doing an update of Malwarebytes, a new version (1.51.1.1800) was downloaded and installed.

Virtually immediately, the machine was re-infected by the Malwarebyes s/w, taking me back to something 'calling out' to that blocked IP address, 174.127.96.30.

How did this happen? Is Malwarebytes spreading malware? Sure seems so to me. Will report back later.

Link to post
Share on other sites

Hello Beck38:

It is MBAM PRO that has successfully kept your system from communicating with the IP address you reported via its IP Protection Module.

This suggests your system may be infected and here are the steps needed to get your computer cleaned:

Please read the following so that you can begin the cleaning process:

You have 3 Options that you can choose from as listed below:

  • Option 1 —— Free Expert advice in the Malware Removal Forum
  • Option 2 —— Paying customer -- Contact Support via email
  • Option 3 —— Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in the
General Malwarebytes' Anti-Malware Forum
, you need to start a topic in the
Malware Removal - HijackThis Logs subforum
so a qualified helper can help you fix any malware related problems/infections you may have.

  • Please read and follow the
    , skipping any steps you are unable to complete. Then post a
    .

  • After posting your new post, make sure under
    options
    , you select
    Track this topic
    and choose
    Immediate Email Notification
    , so that you're alerted when someone has replied to your post.

  • One of the
    there will give you one-on-one assistance when one becomes available.

  • Please refrain from making any further changes to your computer such as (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.

NOTE:
Please DO NOT post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post.
    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.

      Or

    • You may send a Private Message to a Moderator asking for assistance.

OPTION 2

Alternatively, as a paying customer, you can contact the help desk at
or
.

OPTION 3

If you would like to use our Malwarebytes Premium Services, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our
support site.

Please be patient, someone will assist you as soon as it is possible.

PS: Please use the Add-Reply.png button instead of other ones when you start replying. :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.