Jump to content

IP-BLOCK 93.190.143.52 (Type: outgoing)


Gramps33
 Share

Recommended Posts

On July 27, 2011 I converted from Malwarebytes free version to its full trial period version. For almost a year I’ve been running AT&T’s Full Mcafee Security Suite with automatic updates, Panda Cloud’s free

Antivirus program concurrently with Malwarebytes free antivirus program without any problems or conflicts.

All of a sudden early Tuesday morning after Malware updated its database I have been continuously receiving about 108 IP-BLOCK messages from MBAM according to its 8/02/11 protection log. Below is an excerpt from the log. As far as I can tell everything is working as usual except for these IP-BLOCK messages.

Who does IP 93.190.143.50 belong to, and what, if anything, can I do to stop these MBAM IP-BLOCK messages.

04:54:03 xxxxxx x xxxxxxx MESSAGE Scheduled update executed successfully

04:54:26 xxxxxx x xxxxxxx MESSAGE IP Protection stopped

05:02:59 xxxxxx x xxxxxxx MESSAGE Database updated successfully

05:03:28 xxxxxx x xxxxxxx MESSAGE IP Protection started successfully

06:50:44 xxxxxx x xxxxxxx IP-BLOCK 93.190.143.50 (Type: outgoing)

. . . . " " " "

. . . . " " " "

. . . . " " " "

21:27:39 xxxxxx x xxxxxxx IP-BLOCK 93.190.143.52 (Type: outgoing)

21:27:45 xxxxxx x xxxxxxx IP-BLOCK 93.190.143.52 (Type: outgoing)

21:30:47 xxxxxx x xxxxxxx IP-BLOCK 93.190.143.52 (Type: outgoing)

21:30:50 xxxxxx x xxxxxxx IP-BLOCK 93.190.143.52 (Type: outgoing)

21:30:56 xxxxxx x xxxxxxx IP-BLOCK 93.190.143.52 (Type: outgoing)

Thanx for your assistance.

Gramps33 08/02/11

Link to post
Share on other sites

This isn't an F/P.

Can you get me a packet log please?

FD,sorry I took so long getting back to you, but I was busy running and rerunning my three anti-virus programs – McAfee’s Security Suite, MalwareBytes 30 day Trial Program, and Panda Cloud AntiVirus to see what they would do. The Answer NADA.Finally because of its excellent reviews*** I decided to give the latest version of SuperAntiSpyware a whirl, with the following great results.

SUPERAntiSpyware Scan Log http://www.superantispyware.com

Generated 08/04/2011 at 11:41 AM

Application Version : 5.0.1108

Core Rules Database Version : 7508

Trace Rules Database Version: 5320

Scan type : Quick Scan

Total Scan Time : 00:56:51

Operating System Information

Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)

Administrator

Memory items scanned : 769

Memory threats detected : 0

Registry items scanned : 33138

Registry threats detected : 16

File items scanned : 8838

File threats detected : 79

Needless to say No More Aggravating IP- Block 93.190.143.52 (Type: outgoing) pop-up messages. However, in the course of trying to find a solution I came across the following on the bleepingcomputer forum.

08/03/2011 - Security researcher Xylitol recently wrote an article about a new malware that performs some tricks to make you think your computer is running normally, when it is in fact infected with a variety of malware. Typically when a brand new computer infection is released, your antivirus program is hard-pressed to update its malware database fast enough to protect you from it. Even if the malware is installed before your antivirus can detect it, the hopes are that once the malware is added to the security software's virus database, it will then be detected and removed.

What is a malware to do then to protect itself from this tactic? Most malware will terminate known antivirus programs and other security programs when they are started. This, though, can quickly become suspicious when various programs you try to run are immediately terminated.

This new malware offers a sneakier solution; simply uninstall the antivirus software installed on the computer and then run a malware that pretends to be it :angry: This is exactly what Xylitol found when researching a new Trojan that has been labeled Trojan.FakeAV.LVT See http://www.bleepingcomputer.com/forums/topic412702.html/page__p__2357986__hl__superantispyware__fromsearch__1#entry2357986 for rest of comment about this new really sneaky piece of s__t malware

Gramps33

***

http://www.ghacks.net/2011/08/04/superantisypware-pro-5-review-giveaway/

http://www.thejakartapost.com/news/2011/08/01/my-pc-slow-now-what.html

http://www.marketwatch.com/story/supportcom-announces-superantispywarer-5-major-update-of-popular-malware-and-spyware-detection-removal-and-protection-software-2011-08-02?reflink=MW_news_stmp

http://www.betanews.com/article/SUPERAntiSpyware-5-Big-changes-in-a-small-package/1312381872

PS: What is a "packet log", and how would I get one to you?

Link to post
Share on other sites

My apologies for not being clear. A packet log contains details of every packet (traffic) going in and out of the network and any surrounding machines (if they're on the same network).

You can record a packet log with Wireshark;

http://www.wireshark.org

Link to post
Share on other sites

My apologies for not being clear. A packet log contains details of every packet (traffic) going in and out of the network and any surrounding machines (if they're on the same network).

You can record a packet log with Wireshark;

http://www.wireshark.org

FP After my last reply to you I ran a complete scan SUPERAntiSpyware Scan. Below are the results of the scan:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 08/05/2011 at 01:32 AM

Application Version : 5.0.1108

Core Rules Database Version : 7511

Trace Rules Database Version: 5323

Scan type : Complete Scan

Total Scan Time : 09:54:27

Operating System Information

Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)

Administrator

Memory items scanned : 830

Memory threats detected : 0

Registry items scanned : 40811

Registry threats detected : 0

File items scanned : 89786

File threats detected : 390

388 Adware.Tracking Cookies

2 Trogans:

Trojan.Agent/Gen-Krpytik C:\COREL\SUITE8\MACROS\WPWIN\CORCMS01.EXE

Trojan.Agent/Gen-Nullo[short] C:\SYSTEM VOLUME INFORMATION\_RESTORE{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP171\A0018535.EXE

After rebooting my computer and running IExplorer for a few hours tonight I have not received any more IP-BLOCK 93.190.143.52 (Type: outgoing) messages. So, for now I’ll skip your packet log suggestion. BTW, what is your educated guess about what internet site was attached to the IP 93.190.143.52 address.

Gramps33

Link to post
Share on other sites

I've been seeing everything from malware/exploits to drop zones across that and others. Some are also running as dual-purpose (meaning they run as drop zones for keyloggers for example, aswell as serving the malicious content itself).

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.