Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes gave me a pop up


  • Please log in to reply
15 replies to this topic

#1 garybear

garybear

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 12 March 2011 - 07:44 PM

Hello friends!
Malwarebytes gave me a pop up saying this was a malicious web site. 84.16.235.125.
Would some one please report this to MBAM. as a FP
I have been banned from their forum or I would report it myself.
Thank you!!:thumbsup:
01:01:51 Owner MESSAGE Scheduled update executed successfully
01:01:51 Owner MESSAGE IP Protection stopped
01:02:12 Owner MESSAGE Database updated successfully
01:02:24 Owner MESSAGE IP Protection started successfully
03:01:41 Owner MESSAGE Scheduled update executed successfully
03:01:41 Owner MESSAGE IP Protection stopped
03:02:02 Owner MESSAGE Database updated successfully
03:02:14 Owner MESSAGE IP Protection started successfully
06:01:43 Owner MESSAGE Scheduled update executed successfully
06:01:43 Owner MESSAGE IP Protection stopped
06:02:06 Owner MESSAGE Database updated successfully
06:02:18 Owner MESSAGE IP Protection started successfully
08:01:39 Owner MESSAGE Scheduled update executed successfully
08:01:39 Owner MESSAGE IP Protection stopped
08:02:03 Owner MESSAGE Database updated successfully
08:02:14 Owner MESSAGE IP Protection started successfully
11:01:39 Owner MESSAGE Scheduled update executed successfully
11:01:40 Owner MESSAGE IP Protection stopped
11:02:02 Owner MESSAGE Database updated successfully
11:02:15 Owner MESSAGE IP Protection started successfully
12:01:46 Owner MESSAGE IP Protection stopped
12:01:46 Owner MESSAGE Scheduled update executed successfully
12:02:18 Owner MESSAGE Database updated successfully
12:02:32 Owner MESSAGE IP Protection started successfully
12:36:34 Owner MESSAGE Protection started successfully
12:36:40 Owner MESSAGE IP Protection started successfully
14:01:42 Owner MESSAGE IP Protection stopped
14:01:42 Owner MESSAGE Scheduled update executed successfully
14:01:51 Owner MESSAGE Database updated successfully
14:01:58 Owner MESSAGE IP Protection started successfully
15:15:00 Owner MESSAGE Scheduled scan executed successfully
16:01:41 Owner MESSAGE Scheduled update executed successfully
16:01:41 Owner MESSAGE IP Protection stopped
16:01:53 Owner MESSAGE Database updated successfully
16:02:00 Owner MESSAGE IP Protection started successfully
17:01:43 Owner MESSAGE Scheduled update executed successfully
17:01:43 Owner MESSAGE IP Protection stopped
17:02:00 Owner MESSAGE Database updated successfully
17:02:10 Owner MESSAGE IP Protection started successfully
18:31:00 Owner IP-BLOCK 84.16.235.152 (Type: outgoing)
18:31:03 Owner IP-BLOCK 84.16.235.152 (Type: outgoing)
18:31:09 Owner IP-BLOCK 84.16.235.152 (Type: outgoing)
18:31:58 Owner IP-BLOCK 84.16.235.152 (Type: outgoing)
18:32:01 Owner IP-BLOCK 84.16.235.152 (Type: outgoing)
18:32:07 Owner IP-BLOCK 84.16.235.152 (Type: outgoing)
18:37:15 Owner IP-BLOCK 84.16.235.152 (Type: outgoing)
18:37:18 Owner IP-BLOCK 84.16.235.152 (Type: outgoing)
18:37:24 Owner IP-BLOCK 84.16.235.152 (Type: outgoing)

Edited by garybear, 12 March 2011 - 07:50 PM.


BC AdBot (Login to Remove)

 


#2 garybear

garybear
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 13 March 2011 - 01:21 AM

Hello!!
I'm not understanding what's going on. I clicked on this and Malwarebytes said it was a malicious web site. Now it's been moved. Why are you moving a pinned topic and why is MBAM saying it's a malicious web site??
Please help me understand what's going on!! I'm confused and I don't understand.
Just to make sure you understand me.
I'm clicking on this topic (Windows XP Tweak Guide) a pinned topic and MBAM is saying it's a malicious web site. Now you have moved it and MBAM is sill saying it's a malicious web site???????????? Is this a FP??
I have never seen this before and I don't have a clue what's going on.
Why is my PC trying to connect to a malicious web site.
Please help me understand!! 84.16.235.152 This is a German IP address and MBAM says it's malicious.
This is very strange and over my head.

#3 garybear

garybear
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 13 March 2011 - 02:13 PM

Hello!
It appears that I'm not going to get a explanation about this.
I guess I'll just have to wonder. Either no one knows what's going on ,or I'm just being ignored for some reason.
MBAM is saying this is a malicious web site when I click on (Windows XP Tweek Guide)
When I search for this IP adress (84.16.235.152); which MBAM blocks, it takes me here.
Surely someone on this forum knows what's going on.This topic was on Tips and Tricks for ever and now it's been moved?????????????????
Thank you!!
http://www.20six.co.uk/

#4 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,068 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:06:16 AM

Posted 13 March 2011 - 06:07 PM

I'll explain part of the problem.

You hijacked a long time thread that was for an XP guide. That was not the forum or topic with which to report false positives by a malware program. I have split off your three posts and returned the original topic back to it's proper forum. Why and how the topic with your hijacked replied got moved to this forum is not relevant for this discussion. It was a staff error. You posted in the wrong topic and forum, I have corrected that.

As for your false positive reporting this is the forum for that. Maybe someone will see this and help. I personally have no idea what you are talking about.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#5 garybear

garybear
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 13 March 2011 - 07:40 PM

You hijacked a long time thread that was for an XP guide. That was not the forum or topic with which to report false positives by a malware program. I have split off your three posts and returned the original topic back to it's proper forum. Why and how the topic with your hijacked replied got moved to this forum is not relevant for this discussion. It was a staff error. You posted in the wrong topic and forum, I have corrected that.

Hello my friend!
I didn't mean to hijack any thread. I'm a fairly new user to this forum, but I'm not a newbie to forums.
I clicked on this thread because it caught my attention. I immediately got a pop up balloon saying MBAM was blocking this thread because it was a malicious web site.
Sense this thread gave me that warning, I just replied on the same thread that gave me the warning with no intention of hijacking any thing.
When I went looking for the thread, I discovered it had been moved and that made me very courteous. This is very strange behavior to say the least.
You sound like I'm trying to cause trouble and that simply is not true. I only wish to report what happened and find out why it's happening.
This IP address that is being blocked is host to over 3000 sites. If it's a FP then it should be reported to MBAM.
I have stated why I haven't done that.
I could have started a new thread, but sense this thread gave me the warning, I just posted on it.
I have never seen any thing like this before and I assure you I'm no stranger to forums, and yes I have been banned from forums because I'm a true teller.
If this is some thing BC doesn't want to discuss, a simple PM will be enough for me to drop this.
I wish to cause no problems to BC and only want to help.
I will monitor this thread, but will not post further unless asked to by staff.
Thank you sir for understanding.Thank you for this new thread. I did not intend to hijack any thread, only looking for answers and do not wish to cause any problems or trouble for anyone.
PS you have to understand that the blocked IP address came when I clicked on a long time XP guide. I have never seen this happen before and wanted to report this to BC. I have no malicious reasons for reporting this!!

#6 garybear

garybear
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 13 March 2011 - 08:45 PM

Hello!
Sense I have caused so much trouble, I feel like I should try to help clear this mystery up.
When I click on the thread in Tips and Tricks(Windowns XP Tweak Guide) I get a pop up saying MBAM blocked this site.It only happens when I click on page no1 of that thread.All other pages on that thread don't give me a warning. MBAM doesn't block the thread, it just warns me that it is a malicious web site. This is very strange behavior and is the first time I have ever seen this. I don't believe it's a big deal, but I wanted to let BC know that this is happening and I find it very strange behavior.
Thank you BC!!

#7 FlannelBack

FlannelBack

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 14 March 2011 - 01:29 AM

Maybe you should try something like TCPView or CurrPorts to see if you can find out what application is trying to access IP address "84.16.235.152".

If you click on the Windows XP Tweak Guide topic you should stay at the current IP address of "208.43.87.2".
If you click on the link: http://www.tweakguides.com/XPTC.html you should end up at the IP address of "77.235.57.87".

From the information given, why MBAM is picking up "84.16.235.152" is a mystery.

Edit:
Found the link to your "84.16.235.152", the image link in post #15 on the first page of the "Windows XP Tweak Guide" thread. Why MBAM is flagging it, idk.

The actual link is: "http://pub.20six.co.uk/pub/AkaAlias1/New_banner_small_.jpg" and leads to a blank page.

Edited by FlannelBack, 14 March 2011 - 02:49 AM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:16 AM

Posted 14 March 2011 - 09:46 AM

IP Protection (malicious website blocking) is part of the Protection Module and works after it is enabled. When attempting to go to a malicious website, Malwarebytes will block the attempt and provide an alert. Some programs on your computer have access to the Internet and that action can also trigger an IP alert. These events are stored in the "protection-log". Your firewall should be able to give you a list of such programs so you can confirm if they are legitimate. IP Protection is also designed to block incoming connections it determines to be malicious.

It is not unusual for Malwarebytes' (just like your firewall) to provide alerts regarding probing and intrusion attempts to access your computer. Botnets and Zombie computers scour the net, randomly scanning a block of IP addresses, searching for vulnerable ports - commonly probed ports and make repeated attempts to access them. Hackers use "port scanning", a popular reconnaissance technique, to search for vulnerable computers with open ports using IP addresses or a group of random IP address ranges so they can break in and install malicious programs. Your security tools are doing their job by blocking this kind of traffic and alerting you about these intrusion attempts. However, not all unrequested traffic is malevolent. Even your ISP will send out regular checks to see if your computer is still there, so you may need to investigate an attempted intrusion.

Information that explains IP Protection feature can be found in the Malwarebytes Anti-Malware IP Protection FAQs.

What does IP Protection do?
IP Protection provides an additional layer of security for your computer, by preventing access to known malicious IP addresses and IP ranges...

What does this notification mean?
This notification means quite simply, that an IP address has been blocked. It does NOT necessarily mean you are infected, it simply means a program on your computer (e.g. your browser, IM program, P2P program etc), tried accessing a malicious IP address...

Other FAQs about IP Protection
How does it do this?
How does it inform you?
I got an alert and I wasn't even surfing, how's that happen?
I received a notification on a safe site, why?
How do I disable this?
I got an alert for an IP or website I think is safe, how can I report it?
Does the IP Protection replace my firewall?
Where do I find the IP Protection logs?
How can I add an IP so it won't be detected and can access a site I need to?[/b]


If you suspect false detections, report them to Malwarebytes' Anti-Malware Support > False Positives so the Research Team can investigate and make corrections.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 jburd1800

jburd1800

  • Members
  • 565 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 14 March 2011 - 10:50 AM

How does one get banned from the Malwarebytes forum.......just curious?

“May the sun bring you new energy by day, may the moon softly restore you by night, may the rain wash away your worries, may the breeze blow new strength into your being, may you walk gently thorugh the world and know it's beauty all the days of your life.”


#10 garybear

garybear
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 14 March 2011 - 11:32 AM

Hello !!
Wow very impressive reply's. Thanks Quiteman for your explanation of the way MBAM blocks IP's. I'm very aware of the incoming blocked IP's. I get them all the time from China. I just change my IP and that stops the incoming port scans. It's sad we have to put up with this behavior from China, or any where else. This is the first outgoing IP block that I have gotten with MBAM. I researched the IP and discovered it was a host address for over 3000 sites. I have been told before that my router should block these and record them. I have talked to my ISP and they tell me no, so I have given up on that. I guess I could get a wireless router, but MBAM seems to be getting the job done for me. I'm using the free version of Online Armor for a firewall and I really like it, but I don't think it blocks IP addresses. It does warn me when some thing tries to get in or out of my PC and gives me the option to allow or deny or trust. I'm self taught and I don't talk the puter language very well. I think I understand how MBAM works and really appreciate your time to explain it sir. Thank you! My PC is running very well and I'm sure I'm not infected, but I know BC can help me if I think I might have a bug.
Thank you quiteman, you are greatly appreciated by this old man.

Wow FlannelBack
You are some kind of detective. Thanks for solving this mystery. I'm very impressed that MBAM found this IP on post#15. I would have never figured that out. I suspect that this is a FP, but a very impressive response from MBAM. That IP address is host to over 3000 sites, so there is no telling which one is putting up the red flag. I would report it to MBAM but I have been banned from their forum. They don't take criticism very well and have some big ego problems. I haven't seen big ego's here on BC and you can agree to disagree here, and that's good. Some really nice people here ready to help their members. I'm really impressed with BC and even more so after these reply's to my thread.
Thank you friend for solving this mystery. I have learned a lot today and that's a good thing.

#11 garybear

garybear
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 14 March 2011 - 12:05 PM

How does one get banned from the Malwarebytes forum.......just curious?

Hello friend! I probably shouldn't post this here, but BC seems to be a friendly forum and they can delete this if it's not acceptable, and I do not want to seem rude and not answer your reply. I have been banned from 4 forums .
It started out with IObit forum. I was banned there for exposing their program IObit 360 for a terrible memory leak.
Next I was banned from Wilders for ranting about IOBit's memory leak on their forum.
I was banned from Malwarebytes and Superantispyware for posting on Superantispyware's forum that my good friend and neighbor was banned on Malwarebytes forum for not filling out his profile, which someone will show up here and deny ,but it's the truth.
I'm not doing very well on forums, but I hope I can stay out of trouble here because I really like what I see here.
There are some very smart and friendly people here and I'm really enjoying this forum.
Fell free to scold me BC, I know this is way off topic,but I didn't want to be rude and not answer jburd.
The reason I hesitated to post this is because stalkers will show up here and try to make me look bad and cause me trouble and I don't want BC to have to put up with that.It has happened before.

Edited by garybear, 14 March 2011 - 12:11 PM.


#12 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:09:16 AM

Posted 15 March 2011 - 09:26 PM

Hi,
look. It's actually quite difficult to get in trouble here. And off topic discussions are very much encouraged at this community. I getoff topic all the time. No one ever says anything. And I to am a member of the MbAM forum, but I can't find a place in which I can make myself useful there, so I figure as well better not post, for I definitely see the same strictness you do. It wasn't your fault. I got yelled at every other post at one forum I was on, so to save the mods the trouble of banning me, for they thought I was a nuissance, I just abandoned the board leaving my own account for dead, hoping somebody will just delete it anyway. And I don't blame you for criticizing iObit.


The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#13 garybear

garybear
  • Topic Starter

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 15 March 2011 - 09:47 PM

Hi,
look. It's actually quite difficult to get in trouble here. And off topic discussions are very much encouraged at this community. I getoff topic all the time. No one ever says anything. And I to am a member of the MbAM forum, but I can't find a place in which I can make myself useful there, so I figure as well better not post, for I definitely see the same strictness you do. It wasn't your fault. I got yelled at every other post at one forum I was on, so to save the mods the trouble of banning me, for they thought I was a nuissance, I just abandoned the board leaving my own account for dead, hoping somebody will just delete it anyway. And I don't blame you for criticizing iObit.



Hello my friend!
You will never know how much your reply has meant to me.Let's just say you not only made my day, but you made my whole week. I wasn't expecting any thing like your reply. I was starting to think that I just didn't belong any place.Thank you from the bottom of this old man's heart.
I hope I can make a difference here at BC. Those other forums mean nothing to me except I made several friends there and I will miss them.Thank you chromebuster more than you will ever know my friend! I hope to make a lot of new friends here on BC.
I have just made one!!

Edited by garybear, 15 March 2011 - 09:51 PM.


#14 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:09:16 AM

Posted 15 March 2011 - 09:54 PM

And you can be assured that it was no problem at all! I'm glad I've been able to give somebody a hand. That's why I signed up here. You can count on that that you'll make lots of friends here. We are one of the most friendly communities.

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#15 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:09:16 AM

Posted 15 March 2011 - 09:56 PM

How does one get banned from the Malwarebytes forum.......just curious?



:hysterical: :hysterical:

The same thought occured to me, but having been a registered member @MBAM for about a year (I've made maybe a dozen posts) I can understand it happening. Bunch of tight-azzes over there IMO.


Now the Avast forum is another matter entirely... pretty much anything goes.


Edited by Union_Thug, 15 March 2011 - 09:58 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users