Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes Pro Notice Balloon


  • Please log in to reply
9 replies to this topic

#1 otarsus

otarsus

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 AM

Posted 19 February 2011 - 03:28 PM

Hi, I'm running my pc on Windows XP Professional, and just upgraded to Malwarebytes Pro. Every ten minutes or less, it displays a yellow notice balloon with this message:


Malwarebytes Anti-Malware
Successfully blocked access to a potentially malicious website:
218.9.114.82

Type: incoming


I've run Full Scan Malwarebyte, but it doesn't find anything. Any ideas of what the problem might be?

Edited by boopme, 19 February 2011 - 08:54 PM.
Moved to Antivirus discussion from AII ~~boopme


BC AdBot (Login to Remove)

 


#2 Dmacf10

Dmacf10

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maine
  • Local time:02:35 AM

Posted 19 February 2011 - 04:28 PM

I also use MBAM Pro and I sometimes receive messages like you are getting. I use IPNetInfo to see who, or what is trying to acces my pc. If it is something you don't want you can call your ISP and request they block that IP address.

#3 otarsus

otarsus
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 AM

Posted 19 February 2011 - 06:08 PM

Thanks Dmacf10! This was just one of several ip's, though. When I ran this particular IP through IPNetInfo, it just told me this information, (Owner: ChinaUnicom Hostmaster).

I'd like to ferret out the malware that's connecting from my pc.

IPNetInfo:

% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 218.7.0.0 - 218.10.255.255
netname: UNICOM-HL
country: CN
descr: China Unicom Heilongjiang province network
descr: China Unicom
admin-c: CH1302-AP
tech-c: LZ31-AP
status: ALLOCATED PORTABLE
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-HL
mnt-routes: MAINT-CNCGROUP-RR
changed: hm-changed@apnic.net 20031110
changed: hm-changed@apnic.net 20040927
changed: hm-changed@apnic.net 20050511
changed: hm-changed@apnic.net 20060124
changed: hm-changed@apnic.net 20090508
source: APNIC

route: 218.8.0.0/15
descr: CNC Group CHINA169 Heilongjiang Province Network
country: CN
origin: AS4837
mnt-by: MAINT-CNCGROUP-RR
changed: abuse@cnc-noc.net 20060118
source: APNIC

person: ChinaUnicom Hostmaster
nic-hdl: CH1302-AP
e-mail: abuse@chinaunicom.cn
address: No.21,Jin-Rong Street
address: Beijing,100140
address: P.R.China
phone: +86-10-66259940
fax-no: +86-10-66259764
country: CN
changed: abuse@chinaunicom.cn 20090408
mnt-by: MAINT-CNCGROUP
source: APNIC

person: Liu Zhiyong
nic-hdl: LZ31-AP
e-mail: gaobh@mail.hl.cn
address: Data Communication Bureau of HLJ
phone: +86-451-542931
country: CN
changed: gaobh@mail.hl.cn 20030801
mnt-by: MAINT-CNCGROUP-HL
source: APNIC

#4 Dmacf10

Dmacf10

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maine
  • Local time:02:35 AM

Posted 19 February 2011 - 09:45 PM

You can block a range of ip addresses with your built-in windows firewall. According to IpNetInfo, the "person" trying to access you computer has an ip address range of : 218.7.0.0 - 218.10.255.255. The process of blocking this range of ip addresses with windows firewall will vary depending on which windows operating system you have. I googled around a bit and found this tutorial for windows vista. Let me know if you have a different operating system and i'll see if i can find specific instructions on blocking ip addresses with that particular firewall.

#5 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,546 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:11:35 PM

Posted 20 February 2011 - 12:21 AM

It doesn't find anything because it was successfully blocked. It is merely alerting you to activity that took place without your involvement. It did it's job and said so. Blocking the IP's won't do anything to stop the balloons. This type of activity happens millions of times a day through out the internet. You block those IP's and they will find new ones with which to probe for an open port on the network.

I don't have the pro version, but I would see if there is a way to turn off the balloons and just read the logs at your leisure.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#6 Ichben Einberliner

Ichben Einberliner

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nevada
  • Local time:10:35 PM

Posted 20 February 2011 - 10:48 AM

Would you happen to do any Torrent sharing?

Reason I ask is I've seen these blocks happen during, and for a while after running a torrent client.

#7 otarsus

otarsus
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 AM

Posted 20 February 2011 - 01:03 PM

You can block a range of ip addresses with your built-in windows firewall. According to IpNetInfo, the "person" trying to access you computer has an ip address range of : 218.7.0.0 - 218.10.255.255. The process of blocking this range of ip addresses with windows firewall will vary depending on which windows operating system you have. I googled around a bit and found this tutorial for windows vista. Let me know if you have a different operating system and i'll see if i can find specific instructions on blocking ip addresses with that particular firewall.


I'm using Windows XP Professional.

#8 otarsus

otarsus
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 AM

Posted 20 February 2011 - 01:07 PM

Would you happen to do any Torrent sharing?

Reason I ask is I've seen these blocks happen during, and for a while after running a torrent client.


On the PC I do use µtorrent at least once a month, but I hadn't noticed any increased frequency of the messages.

#9 otarsus

otarsus
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 AM

Posted 20 February 2011 - 01:12 PM

It doesn't find anything because it was successfully blocked. It is merely alerting you to activity that took place without your involvement. It did it's job and said so. Blocking the IP's won't do anything to stop the balloons. This type of activity happens millions of times a day through out the internet. You block those IP's and they will find new ones with which to probe for an open port on the network.

I don't have the pro version, but I would see if there is a way to turn off the balloons and just read the logs at your leisure.


Yeah, I haven't found the setting for a change in notifications yet.

Still, I'll try to copy down more block messages, because some of them say


Malwarebytes Anti-Malware
Successfully blocked access to a potentially malicious website:
ipwhatever

Type: outgoing

Would outgoing indicate something on my PC is probing out?

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,945 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:35 AM

Posted 20 February 2011 - 11:19 PM

Information that explains IP Protection feature can be found in the Malwarebytes Anti-Malware IP Protection FAQs.

What does IP Protection do?
IP Protection provides an additional layer of security for your computer, by preventing access to known malicious IP addresses and IP ranges...

What does this notification mean?
This notification means quite simply, that an IP address has been blocked. It does NOT necessarily mean you are infected, it simply means a program on your computer (e.g. your browser, IM program, P2P program etc), tried accessing a malicious IP address...

Other FAQs about IP Protection
How does it do this?
How does it inform you?
I got an alert and I wasn't even surfing, how's that happen?
I received a notification on a safe site, why?
How do I disable this?
I got an alert for an IP or website I think is safe, how can I report it?
Does the IP Protection replace my firewall?
Where do I find the IP Protection logs?
How can I add an IP so it won't be detected and can access a site I need to?[/b]


If you are using peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, Kontiki, BitTorrent, uTorrent, BitLord, BitLord, BearShare, Azureus/Vuze, etc) or an (IM) client, be aware they can trigger alerts. Why? Because these kind of programs are a security risk which can make your system susceptible to a smörgåsbord of malware infections and remote attacks for several reasons to include pop-up ads and malicious Flash ads that can lead to rogue sites where the IP address has been blocked. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. Even your Browser is susceptible to ads so just surfing the net or going to unsafe sites may trigger alerts in order to protect you.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users