BleepingComputer.com: Malwarebytes Pro Notice Balloon

Hi, I'm running my pc on Windows XP Professional, and just upgraded to Malwarebytes Pro. Every ten minutes or less, it displays a yellow notice balloon with this message:

Quote

I've run Full Scan Malwarebyte, but it doesn't find anything. Any ideas of what the problem might be?

This post has been edited by boopme: 19 February 2011 - 08:54 PM
Reason for edit: Moved to Antivirus discussion from AII ~~boopme

I also use MBAM Pro and I sometimes receive messages like you are getting. I use IPNetInfo to see who, or what is trying to acces my pc. If it is something you don't want you can call your ISP and request they block that IP address.

Thanks Dmacf10! This was just one of several ip's, though. When I ran this particular IP through IPNetInfo, it just told me this information, (Owner: ChinaUnicom Hostmaster).

I'd like to ferret out the malware that's connecting from my pc.

IPNetInfo:

% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 218.7.0.0 - 218.10.255.255
netname: UNICOM-HL
country: CN
descr: China Unicom Heilongjiang province network
descr: China Unicom
admin-c: CH1302-AP
tech-c: LZ31-AP
status: ALLOCATED PORTABLE
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-HL
mnt-routes: MAINT-CNCGROUP-RR
changed: hm-changed@apnic.net 20031110
changed: hm-changed@apnic.net 20040927
changed: hm-changed@apnic.net 20050511
changed: hm-changed@apnic.net 20060124
changed: hm-changed@apnic.net 20090508
source: APNIC

route: 218.8.0.0/15
descr: CNC Group CHINA169 Heilongjiang Province Network
country: CN
origin: AS4837
mnt-by: MAINT-CNCGROUP-RR
changed: abuse@cnc-noc.net 20060118
source: APNIC

person: ChinaUnicom Hostmaster
nic-hdl: CH1302-AP
e-mail: abuse@chinaunicom.cn
address: No.21,Jin-Rong Street
address: Beijing,100140
address: P.R.China
phone: +86-10-66259940
fax-no: +86-10-66259764
country: CN
changed: abuse@chinaunicom.cn 20090408
mnt-by: MAINT-CNCGROUP
source: APNIC

person: Liu Zhiyong
nic-hdl: LZ31-AP
e-mail: gaobh@mail.hl.cn
address: Data Communication Bureau of HLJ
phone: +86-451-542931
country: CN
changed: gaobh@mail.hl.cn 20030801
mnt-by: MAINT-CNCGROUP-HL
source: APNIC

You can block a range of ip addresses with your built-in windows firewall. According to IpNetInfo, the "person" trying to access you computer has an ip address range of : 218.7.0.0 - 218.10.255.255. The process of blocking this range of ip addresses with windows firewall will vary depending on which windows operating system you have. I googled around a bit and found this tutorial for windows vista. Let me know if you have a different operating system and i'll see if i can find specific instructions on blocking ip addresses with that particular firewall.

It doesn't find anything because it was successfully blocked. It is merely alerting you to activity that took place without your involvement. It did it's job and said so. Blocking the IP's won't do anything to stop the balloons. This type of activity happens millions of times a day through out the internet. You block those IP's and they will find new ones with which to probe for an open port on the network.

I don't have the pro version, but I would see if there is a way to turn off the balloons and just read the logs at your leisure.

Would you happen to do any Torrent sharing?

Reason I ask is I've seen these blocks happen during, and for a while after running a torrent client.

Dmacf10, on 19 February 2011 - 09:45 PM, said:

I'm using Windows XP Professional.

Ichben Einberliner, on 20 February 2011 - 10:48 AM, said:

On the PC I do use µtorrent at least once a month, but I hadn't noticed any increased frequency of the messages.

Animal, on 20 February 2011 - 12:21 AM, said:

Yeah, I haven't found the setting for a change in notifications yet.

Still, I'll try to copy down more block messages, because some of them say


Malwarebytes Anti-Malware
Successfully blocked access to a potentially malicious website:
ipwhatever

Type: outgoing

Would outgoing indicate something on my PC is probing out?

Information that explains IP Protection feature can be found in the Malwarebytes Anti-Malware IP Protection FAQs.

Quote

If you are using peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, Kontiki, BitTorrent, uTorrent, BitLord, BitLord, BearShare, Azureus/Vuze, etc) or an (IM) client, be aware they can trigger alerts. Why? Because these kind of programs are a security risk which can make your system susceptible to a smörgåsbord of malware infections and remote attacks for several reasons to include pop-up ads and malicious Flash ads that can lead to rogue sites where the IP address has been blocked. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. Even your Browser is susceptible to ads so just surfing the net or going to unsafe sites may trigger alerts in order to protect you.