Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAM question


  • Please log in to reply
5 replies to this topic

#1 dcJeff

dcJeff

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:05:15 PM

Posted 12 June 2011 - 10:58 AM

Hi everybody,

A friend asked me a question about his MBAM, and I didn't know the answer, so I thought I'd see if somebody on here might know the answer. He has the real-time scanning version of MBAM. Every once in a while, he will get a little popup from the system tray saying that MBAM has blocked an outbound potentially malicious transmission and then it will give an ip address. He was wondering if that means he has some sort of infection on his machine. I didn't even know what to tell him. Is this something you guys experience too, or is something wrong with his machine?

Thanks

BC AdBot (Login to Remove)

 


#2 TulsaRose

TulsaRose

  • Members
  • 367 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Tulsa OK
  • Local time:05:15 PM

Posted 12 June 2011 - 08:10 PM

I would recommend your friend go to the forums at MalwareBytes, become a member and post his problem. It is an excellent forum.

WinXP Pro sp3 \ Firefox, Panda, MBAM, SAS, SpywareBlaster


#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:15 PM

Posted 12 June 2011 - 10:09 PM

He was wondering if that means he has some sort of infection on his machine

It won't hurt to check.
Ask him to create new topic in our "Am I Infected?" forum.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,124 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:15 PM

Posted 13 June 2011 - 07:07 AM

IP Protection (malicious website blocking) is part of the Protection Module and works after it is enabled. When attempting to go to a malicious website, Malwarebytes will block the attempt and provide an alert. Some legitimate programs on your computer have access to the Internet and that action can also trigger an IP alert. These events are stored in the "protection-log". Your firewall should be able to give you a list of such programs so you can confirm if they are legitimate. IP Protection is also designed to block incoming connections it determines to be malicious.

Information that explains IP Protection feature can be found in the Malwarebytes Anti-Malware IP Protection FAQs.

What does IP Protection do?
IP Protection provides an additional layer of security for your computer, by preventing access to known malicious IP addresses and IP ranges...

What does this notification mean?
This notification means quite simply, that an IP address has been blocked. It does NOT necessarily mean you are infected, it simply means a program on your computer (e.g. your browser, IM program, P2P program etc), tried accessing a malicious IP address...

Other FAQs about IP Protection
How does it do this?
How does it inform you?
I got an alert and I wasn't even surfing, how's that happen?
I received a notification on a safe site, why?
How do I disable this?
I got an alert for an IP or website I think is safe, how can I report it?
Does the IP Protection replace my firewall?
Where do I find the IP Protection logs?
How can I add an IP so it won't be detected and can access a site I need to?[/b]


You can investigate IP addresses and gather additional information at:
If you are using peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, Kontiki, BitTorrent, uTorrent, BitLord, BitLord, BearShare, Azureus/Vuze, etc) or an (IM) client, be aware they can trigger alerts. Why? Because these kind of programs are a security risk which can make your system susceptible to a smörgåsbord of malware infections and remote attacks for several reasons to include pop-up ads and malicious Flash ads that can lead to rogue sites where the IP address has been blocked. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. Even your Browser is susceptible to ads so just surfing the net or going to unsafe sites may trigger alerts in order to protect you.

If your friend is not using these types of programs, then I recommend further investingation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 dcJeff

dcJeff
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:05:15 PM

Posted 13 June 2011 - 08:30 AM

Thanks everybody for your replies.

He doesn't use any P2P programs, so it would probably be best for him to post logs somewhere and let the experts look at them.

But thanks again for the replies.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:15 PM

Posted 13 June 2011 - 11:05 AM

You're very welcome Posted Image

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users