Jump to content

Recommended Posts

Yesterday, I went to a green site and immediately received a pop-up from Malwarebytes Pro, so I closed the site and went elsewhere to get the information I was seeking.

I noticed later that there are about 5 outgoing contacts trying to reach 83.167.224.76. Up until that time I have been receiving potentially malicious incoming contacts from 60.173.10.27 everyday, all day.

I disconnected my modem and went to sleep.

This morning, I go online and Malwarebytes Pro was not working. It seemed to go through a new download of the program and said I was 8 days out of date (I believe this is when I validated it), and did totally update.

Since this morning....not a peep from the 60.173.10.27 where usually by this time of day there would be at least 12. Only one potentially malicious incoming reference when I wasn't doing anything and no more outgoing instances.

Did the new "update" make the difference or do I need go through the "possibly infected" routine?

Link to post
Share on other sites

Hi, and welcome, dontrunwithscissors:

Until someone more expert has a chance to weigh in, the fact that MBAM has quit working and that you are getting both inbound (and more importantly) outbound IP blocks definitely suggests to this home user that you might be infected. (Although there are other, less sinister reasons for certain IP blocks, such as certain software programs, e.g. Skype, etc.)

So, yes, I would personally suggest that you proceed with the I'm Infected process and then please start a new post at the malware removal forum.

In the interim, you might want to take a look at the excellent, self-help troubleshooting info for getting MBAM to run on an infected machine here.

Hope this helps a bit,

daledoc1

Link to post
Share on other sites

MBAM is working, and it does update. There have not been any more outgoing contacts since last night but I am being hit by incoming (blocked) by 3 different Chinese IP's.

I don't use Skype (don't know how), no peer2peer networks and no im's.

I scanned everything last night after the incident using Avast Free, Superantispyware, MBAM, and today made sure that Spyware Blaster was up to date and ran a check with SpyBot.

The one thing I don't have yet is a firewall. I am just using the XP Pro SP3 version for now and made sure it had not been disabled.

I was researching firewall information when I came across the bad site.

Since MBAM is working even though the intruders have changed, can I go ahead and install Comodo FW (only) after disabling Avast? This will help ease my mind that I am somewhat more safe.

Then I plan to proceed with the "I think I am infected" instructions and post results in the proper forum.

Thank you for all of your help!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.