Jump to content

MBAM shows popup alert (OUTGOING) when attempting to download a trial game on a website. Reason?


Guest spc3rd

Recommended Posts

Good evening,

While on a few game websites (where you can download games for a trial period), I noticed that every time I clicked on the download button, MBAM immediately displayed a popup warning it had blocked access to a potentially-malicious website (OUTGOING). The download of the game would also not complete. The screen would then change to say that "Internet Explorer could not display the page." (Please see the log excerpts shown below).

This blocking action occurred on several different game sites I visited. When checking the sites' web rep, nothing seemed amiss. I would appreciate it if someone could explain the significance of this activity & just what it means?

Thank you for your time and any enlightenment!--------------------------------------------------------------------------------------------------

20:37:01 Administrator MESSAGE Protection started successfully

20:37:16 Administrator MESSAGE IP Protection started successfully

22:03:17 Administrator IP-BLOCK 218.93.248.120 (Type: outgoing)

22:03:20 Administrator IP-BLOCK 218.93.248.120 (Type: outgoing)

22:03:26 Administrator IP-BLOCK 218.93.248.120 (Type: outgoing)

22:12:36 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:12:39 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:12:45 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:12:57 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:13:00 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:13:06 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:13:26 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:13:29 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:13:35 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:13:38 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:13:41 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:13:47 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:13:50 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:13:56 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:13:59 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:14:02 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:14:08 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:30:20 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:30:23 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:30:29 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:30:41 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:30:44 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:30:50 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

Link to post
Share on other sites

Hi, spc3rd:

Looks like MBAM was doing its job.

Until someone more expert comes along...

...You can check out that IP in question here at ip-lookup.net.

(Looks like it's hosted in the US but owned by someone in Eastern Europe.)

IP blocking can occur as a result of certain legitimate programs such as Skype, and it can happen when MBAM is doing its job by preventing bad content from websites from infecting your computer.

Sometimes the web site itself is legit/clean, but the IP range on which it is being hosted is not.

(IP blocking can also be the result of infection, of course, especially if the blocks are outgoing and occur when no browsers are open.)

Please have a look at the FAQ - Section G for information about the IP blocking module.

After doing so, if you think these IP blocks are false positives, then please read this sticky and then please start a new thread here.

OTOH, If you are concerned that you might be infected, then please start a new topic in the malware removal forum, after reading the stickies pinned to the top of that forum.

I'm sure the pros might have some additional advice, so let's see what they advise.

Best regards,

daledoc1

Link to post
Share on other sites

I appreciate all the info you've imparted here daledoc1!

The OUTGOING blocks only occurred when I tried to download a trial game from a few different game websites on the Internet. I've had no other popup blocks (Incoming or Outgoing) since those game download attempts yesterday.

I think you're right about either the site or IP range not being clean, rather than it being perhaps a false positive, or possible infection. (Ever since I had several experiences between January - April of this year...I've beefed-up my security and am meticulous about running scans with my AV, MBAM, & SAS EVERY day...just to have a little piece of mind, so to speak).

Again...thanks very much for all the info and enlightenment you've (once again) provided!

Link to post
Share on other sites

Looks like MBAM was doing its job.

Until someone more expert comes along...

After doing so, if you think these IP blocks are false positives, then please read this sticky and then please start a new thread here.

Hi, spc3rd:

If you follow the advice in the snippet above and start a topic in the FP section of the Research Center with the information requested, one of the MBAM engineers can investigate it and provide definitive info as to whether it might be a FP or (more likely) why that particular IP range is being blocked.

Or, you might just wish to steer a wide berth from that particular game download site. ;)

Best regards,

daledoc1

PS You might also wish to check out the excellent information in Tony Klein's article about minimizing security vulnerabilities.

Link to post
Share on other sites

Hi again daledoc1!

I read through all the info from your last two posts. When checking the two IP addresses MBAM alerted on, I see that 218.93.248.120 is located in China (NO host name is given). The other one, 208.76.172.2 belongs to awem.awem.com, here in the USA. (I know the name awem as it is associated with a number of pc game downloads, like Star Defender).

I also tried the TCPView you mentioned, but the Remote Address listing only contained the most recent info for today. Since these MBAM alerts occurred on 9/3...it wasn't of any use.

I DID start a new topic in the FP section as you suggested, though I don't know if I posted properly or not.

I'm of the opinion at this point that perhaps the best thing for me is to simply avoid ALL game sites...period!

As always...thanks very much for all your help & Best Regards!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.