Jump to content

Malwarebytes keeps blocking IP connections


Recommended Posts

Hi guys,

Had some trouble with a work PC so installed MB and ran a full scan. It found 8 infections which I have removed.

However, MB keeps popping up with a message saying:

Successfully blocked access to a potentially malicious website: 212.95.38.58

Here's a log from today underneath:

13:36:45 lee IP-BLOCK 212.95.38.58 (Type: outgoing, Port: 52484, Process: firefox.exe)

13:44:38 lee IP-BLOCK 212.95.38.58 (Type: outgoing, Port: 52670, Process: firefox.exe)

13:44:38 lee IP-BLOCK 212.95.38.58 (Type: outgoing, Port: 52673, Process: firefox.exe)

16:11:38 lee IP-BLOCK 212.95.38.58 (Type: outgoing, Port: 54387, Process: firefox.exe)

16:24:53 lee IP-BLOCK 212.95.38.58 (Type: outgoing, Port: 54513, Process: firefox.exe)

The IP resolves to a Dutch ISP but I take it it's not that simple. Any ideas how I stop this? I've run another MB scan as well as a TrendMicro scan and found nothing. I also have Windows Defender and Sophos installed on this machine and nothing is coming up.

Many thanks for any help you can provide.

Link to post
Share on other sites

Hello and welcome to MBAM,

IP blocking can occur as a result of certain legitimate programs such as Sype, and it can happen when MBAM is doing its job by preventing bad content from websites from infecting your computer.

But it can also be the result of infection on your system, especially if the IP blocks are "outgoing" and they occur when no browsers are open.

Please have a look at the FAQ - Section G for information about the IP blocking module.

After doing so, if you think these IP blocks are false positives, then please start a new thread here.

To have Malwarebytes' Anti-Malware ignore an individual IP address, visit the website in question to incur a block. When you see the tray notification that Malwarebytes' Anti-Malware has blocked the address, right-click on the red M tray icon and use the Add to Ignore List menu to have the IP ignored. You should then be able to refresh your web browser and visit the page. If not, then you may need to close and then open your browser and try again or clear your browser's cache to be able to see the page.

If at any time you decide to remove the selected IP from the Ignore List, you can do so by opening Malwarebytes' Anti-Malware and clicking on the Ignore List tab.

If a program you use is being detected as a threat by the protection module, you can use the Add button on the Ignore List tab to have Malwarebytes' Anti-Malware ignore that application.

---------------------------------------------

Or, if you think your system might be infected -- based on the IP blocks or other suspicious computer behavior -- then please do the following, as we do not work on malware removal in this part of the forum.

1. First, please go to THIS PAGE, print out, read and follow as many instructions as you can, skipping any you are unable to complete.

2. Then, please describe your computer's symptoms as best you can and post the requested MBAM and DDS logs by starting a new thread at the Malware Removal-HJT forum . Please post the results of the requested scans directly into your post, using copy/paste, rather than attaching them.

One of the authorized, trained experts will then assist you as soon as possible for free, one-on-one malware detection and removal.

When you post, please be sure to select Track This Topic & choose one of the email options, so that you will be notified when someone responds.

Please be patient and allow at least 48 hours before bumping your thread -- otherwise it may appear to the experts that you are already being helped

(The "0" reply count is the easiest way for the experts to spot your thread as still needing help.)

Other Support Options:

--- Alternatively, if you are a paying customer using MBAM PRO, you may wish instead to start a free support ticket by contacting support at: support@malwarebytes.org; or

--- Premium, fee-based support options are available here.

HTH,

daledoc1

PS: Please use the zMn2t.jpg button instead of other ones when you reply here and at the other forums, so that it will be easier to read. :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.