62-45-137-129

[CrazeeT]

I sometimes get a message saying that malicious something or other from the number noted in the topic title has tried to access my computer or something. It started after my son snuck onto the computer and downloaded Maple Story. I removed the program but still get the pop-up notice. I have run Avast and Malwarebytes but they found nothing. The message doesn't stay up very long, so I don't remember exactly what it says. I'm not usually doing the same thing on the same website, so I'm wondering what it is about. Is this something that should concern me?

[Esetisthebest]

Hang on until a staff member is coming. He will help you out.

Just some suggestion from me:

- Did you update before you scanned? Please do.

- Check the task manager, choose "Show all processes", and look if there are anything with randoms letter, like "12321843df" or "fedafjeu.exe". It's a high chance that if you have something running in memory, and it's random letters, it's malware.

- Scan with different anti malware applications to increase your detection ratio.

- Download CCleaner, open it, Hit "Options", now you hit "Advanced", and lastly you untick "Only delete files in Windows Temp folders older than 24 hours". After you've done that, hit "Cleaner", and now you hit "Run Ccleaner".

- Keep in mind, there are several programs that looks like adware, but aren't considered as adware because of some reasons.

And one more thing, for malware removal, please post in the right forum.

[daledoc1]

Hello and welcome to MBAM, CrazeeT:

I'll leave it to the experts to determine if that particular IP is malicious or not.

In the interim, here is some info about MBAM's IP blocking module:

IP blocking can occur as a result of certain legitimate programs such as Sype, and it can happen when MBAM is doing its job by preventing bad content from websites from infecting your computer.

But it can also be the result of infection on your system, especially if the IP blocks are "outgoing" and they occur when no browsers are open.

Please have a look at the FAQ - Section G for information about the IP blocking module.

After doing so, if you think these IP blocks are false positives, then please start a new thread here.

To have Malwarebytes' Anti-Malware ignore an individual IP address, visit the website in question to incur a block. When you see the tray notification that Malwarebytes' Anti-Malware has blocked the address, right-click on the red M tray icon and use the Add to Ignore List menu to have the IP ignored. You should then be able to refresh your web browser and visit the page. If not, then you may need to close and then open your browser and try again or clear your browser's cache to be able to see the page.

If at any time you decide to remove the selected IP from the Ignore List, you can do so by opening Malwarebytes' Anti-Malware and clicking on the Ignore List tab.

If a program you use is being detected as a threat by the protection module, you can use the Add button on the Ignore List tab to have Malwarebytes' Anti-Malware ignore that application.

Or, if you think your system might be infected -- based on the IP blocks or other suspicious computer behavior -- then please do the following, as we do not work on malware removal in this part of the forum.

1. First, please go to THIS PAGE, print out, read and follow as many instructions as you can, skipping any you are unable to complete.

2. Then, please describe your computer's symptoms as best you can and post the requested MBAM and DDS logs by starting a new thread at the Malware Removal-HJT forum . Please post the results of the requested scans directly into your post, using copy/paste, rather than attaching them.

One of the authorized, trained experts will then assist you as soon as possible for free, one-on-one malware detection and removal.

When you post, please be sure to select Track This Topic & choose one of the email options, so that you will be notified when someone responds.

Please be patient and allow at least 48 hours before bumping your thread -- otherwise it may appear to the experts that you are already being helped

(The "0" reply count is the easiest way for the experts to spot your thread as still needing help.)

Other Support Options:

--- Alternatively, if you are a paying customer using MBAM PRO, you may wish instead to start a free support ticket by contacting support at: support@malwarebytes.org; or

--- Premium, fee-based support options are available here.

I hope this helps a bit,

daledoc1

PS: Please use the button instead of other ones when you reply here and at the other forums, so that it will be easier to read.

[CrazeeT]

I just remembered that it also said 'outgoing' on the pop-up message - in case that matters.

[daledoc1]

Hello and welcome to MBAM, CrazeeT:

I'll leave it to the experts to determine if that particular IP is malicious or not....

But it can also be the result of infection on your system, especially if the IP blocks are "outgoing" and they occur when no browsers are open.

Hi, again, CrazeeT:

While we await an expert opinion on the particular IP you mention, please have a look at that FAQ article for more information.

It should help you to determine if the IP blocks are coming from a legitimate program on your computer (such as Skype), from a false positive, from MBAM doing it's job by blocking bad content on a particular website, or from an infection.

If, as I mentioned above, you suspect that you might be infected because of the IP blocks and other suspicious behavior, then please follow my suggestions for posting in the malware removal forum to get expert assistance with cleaning your system.

HTH,

daledoc1

[MysteryFCM]

62.45.137.129 is a residential IP, not a server IP.

Can you get me a packet log please?

[shadowwar]

After confering with Steven.. Something is causing this connection and your pc should be checked out. This actually belongs to a known malicous range of ip's

Daledoc,

Can you please post instructions on how to use malware removal forums and please let me know what is found.

Thanks.

[fatfish_cc]

yes, seems to be home users.

--By www.rootever.com--

Address Lookup

Domain name: 129-137-045-062.dynamic.caiway.nl.

IP Address: 62.45.137.129

IP Location

Delft, Netherlands[NL]

Domain Name Whois

[Querying whois.domain-registry.nl]

[whois.domain-registry.nl]

Domain name: caiway.nl

Status: active

Registrar:

CAIW Diensten B.V.

industriestraat 30

2671CT NAALDWIJK

Netherlands

Domain nameservers:

ns1.kabelfoon.nl 62.45.45.44

ns4.kabelfoon.nl 62.45.63.3

Record maintained: NL Domain Registry

IP Whois

[Querying whois.ripe.net]

[whois.ripe.net]

% This is the RIPE Database query service.

% The objects are in RPSL format.

%

% The RIPE Database is subject to Terms and Conditions.

% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Information related to '62.45.128.0 - 62.45.191.255'

inetnum: 62.45.128.0 - 62.45.191.255

netname: KABELFOON

descr: Postbus 45

descr: NL-2670 AA Naaldwijk

country: NL

remarks: ------------------------------------------------

remarks: Abuse notifications to abuse@caiw.nl

remarks: Spam notifications to abuse@caiw.nl

remarks: Peering requests to: peering@caiw.nl

remarks: Problems to: noc@caiw.nl

remarks: ------------------------------------------------

admin-c: KB7504-RIPE

tech-c: KB7504-RIPE

status: ASSIGNED PA

mnt-by: KABELFOON-MNT

source: RIPE # Filtered

role: Kabelfoon Beheer

address: CAIW Diensten BV

address: Postbus 45

address: NL-2670 AA Naaldwijk

address: The Netherlands

phone: +31 174 615430

fax-no: +31 174 615433

e-mail: netwerkbeheer@office.caiw.nl

remarks: trouble: see remarks

admin-c: AM9055-RIPE

admin-c: PK1998-RIPE

admin-c: KH1055-RIPE

tech-c: PH7808-RIPE

tech-c: PK1998-RIPE

tech-c: KH1055-RIPE

tech-c: AM9055-RIPE

nic-hdl: KB7504-RIPE

remarks: ------------------------------------------------

remarks: Abuse notifications to abuse@caiw.nl

remarks: Spam notifications to abuse@caiw.nl

remarks: Peering requests to: peering@caiw.nl

remarks: Problems to: noc@caiw.nl

remarks: ------------------------------------------------

mnt-by: KABELFOON-MNT

source: RIPE # Filtered

% Information related to '62.45.128.0/17AS15435'

route: 62.45.128.0/17

descr: KABFOON-BLK-62-45-128

origin: AS15435

remarks: ------------------------------------------------

remarks: Abuse notifications to: abuse@caiw.nl

remarks: Spam notifications to: abuse@caiw.nl

remarks: Please do not send abuse or spam complaints to any other

remarks: email addresses. They will *NOT* be answered.

remarks: ------------------------------------------------

remarks: Peering requests to: peering@caiw.nl

remarks: Problems to: noc@caiw.nl

remarks: ------------------------------------------------

mnt-by: KABELFOON-MNT

source: RIPE # Filtered

% Information related to '62.45.128.0/19AS15435'

route: 62.45.128.0/19

descr: KABFOON-BLK-62-45-128

origin: AS15435

remarks: ------------------------------------------------

remarks: Abuse notifications to: abuse@caiw.nl

remarks: Spam notifications to: abuse@caiw.nl

remarks: Please do not send abuse or spam complaints to any other

remarks: email addresses. They will *NOT* be answered.

remarks: ------------------------------------------------

remarks: Peering requests to: peering@caiw.nl

remarks: Problems to: noc@caiw.nl

remarks: ------------------------------------------------

mnt-by: KABELFOON-MNT

source: RIPE # Filtered

DNS Records

caiway.nl. 86400 IN SOA ns1.kabelfoon.nl. postmaster.caiway.nl. 2011080545 28800 7200 1814400 86400

caiway.nl. 86400 IN MX 10 mx3.caiw.net.

caiway.nl. 86400 IN MX 5 mx1.caiw.net.

caiway.nl. 86400 IN MX 5 mx2.caiw.net.

caiway.nl. 86400 IN TXT "v=spf1 mx ptr ip4:62.45.0.0/16 ip4:83.128.0.0/16 include:caiw.nl include:kabelfoon.nl ~all"

caiway.nl. 86400 IN A 62.45.56.66

caiway.nl. 86400 IN NS ns1.kabelfoon.nl.

caiway.nl. 86400 IN NS ns4.kabelfoon.nl.

[Firefox]

Hello CrazeeT, and Welcome to Malwarebytes

Seems like you may have an infection going on, and as adviced it would be better to have an expert help you with the cleanup process, please follow the instructions below....

Sorry to hear your infected.... you can try and follow the steps located in THIS FAQ to see if you can remove the infection yourself, or if you prefer to have an expert help you one on one, here are the steps needed to get your computer cleaned....

Please read the following so that you can begin the cleaning process:

You have 3 Options that you can choose from as listed below:

• Option 1 —— Free Expert advice in the Malware Removal Forum
  
• Option 2 —— Paying customer -- Contact Support via email
  
• Option 3 —— Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in the

General Malwarebytes' Anti-Malware Forum

, you need to start a topic in the

Malware Removal forum

so a qualified helper can help you fix any malware related problems/infections you may have.

• Please read and follow the
  directions here
  , skipping any steps you are unable to complete. Then post a
  NEW topic here
  .
  
  
• After posting your new post, make sure under
  options
  , you select
  Track this topic
  and choose
  Immediate Email Notification
  , so that you're alerted when someone has replied to your post.
  
  
• One of the
  expert helpers
  there will give you one-on-one assistance when one becomes available.
  
  
• Please refrain from making any further changes to your computer such as (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.
  
  

NOTE:

Please DO NOT post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post.

• • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
    
    
    Or
    
    
  • You may send a Private Message to a Moderator asking for assistance.
    
    

OPTION 2

Alternatively, as a paying customer, you can contact the help desk at

support@malwarebytes.org

or

here

.

OPTION 3

If you would like to use our Malwarebytes Premium Services, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our

Malwarebytes Premium Services

support site.

Please be patient, someone will assist you as soon as it is possible.

PS: Please use the "ADDREPLY" button instead of other ones when you start replying.

[daledoc1]

After confering with Steven.. Something is causing this connection and your pc should be checked out. This actually belongs to a known malicous range of ip's

Daledoc,

Can you please post instructions on how to use malware removal forums and please let me know what is found.

Thanks.

@shadowwar and MysteryFCM:

OOPS!

Sorry about that!

I actually did post the instructions back in post #3, but I assumed the pros were taking care of the OP.

@ Firefox:

Thanks for reposting the instructions.

@ CrazeeT:

Please follow the expert suggestions of the other folks.

The malware removal experts will help you diagnose and clean up your system.

Much obliged to all,

daledoc1