Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAM shows OUTGOING block when viewing a post on an AV forum site??


  • Please log in to reply
4 replies to this topic

#1 spc3rd

spc3rd

  • Members
  • 292 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Mid-Atlantic region (USA)
  • Local time:08:50 AM

Posted 01 March 2012 - 06:56 PM

Good evening everyone,

I have experienced a few occasions over the past 3 days where MBAM Pro will display an OUTGOING block alert while viewing particular posts in an AV forum. (It does not display this alert on every topic post, just certain ones).

The IP being shown is: 87.118.92.88. When checking the hosts-file(dot)net site, the RIPE database info shows the address is in Germany, but there doesn't appear to be any known malicious activity associated with this IP.

As I understand it, when MBAM generates an OUTGOING block, it means some program on my computer is attempting to access the particular IP address.

My question: Why would this be occuring only when I'm viewing certain posts in the aforementioned forum?

Since there is no way for me to determine which program on my machine is attempting to access this supposedly malicious site...this is really puzzling to me. (And, yes...I have tried using TcpView, but it's a waste of time and shows nothing). All AV, MBAM, & SAS scans are clean.

Any thoughts or ideas on the reason for this activity would be appreciated.

Regards,

spc3rd

Dell Optiplex 755 Desktop | Win 7 Pro, SP 1, 64-bit | Intel Core 2 Duo, 3.00 gHz CPU | 8 GB RAM | 400 GB Seagate SATA HDD | Outpost Security Suite Pro | MBAM Premium 2.0 | Spywareblaster | SAS (on-demand) | Blocklist Pro | IE 11 & FF w/ NoScript | Disconnect | Adblock Plus | Flagfox


BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:05:50 AM

Posted 01 March 2012 - 08:35 PM

I've had the same thing happen here when people have added links, signature blocks, or images in a forum posts, profiles and post signatures that MBAM has decided is risky. Doesn't happen here very often, but it has a couple of times to me. It's all in how the link, or image is rendered on the forum.

Thats one explanation I can give. Maybe someone else has more information on other methods.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:50 AM

Posted 01 March 2012 - 09:29 PM

As I understand it, when MBAM generates an OUTGOING block, it means some program on my computer is attempting to access the particular IP address.

Notification that an IP address has been blocked does not necessarily mean the computer is infected. Some legitimate programs on your computer (i.e. browser, IM program, P2P program) have access to the Internet and that action can trigger an IP alert if it tried to access a malicious IP address. These events are stored in the "protection-log". Your firewall should be able to give you a list of such programs so you can confirm if they are legitimate.

If you find a particular site is being blocked and don't know why or you're not sure if it's safe, the Malwarebytes Team advises that you report it at the False Positive Forum.

More information about IP Protection can be found in the Malwarebytes Anti-Malware IP Protection FAQs.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 spc3rd

spc3rd
  • Topic Starter

  • Members
  • 292 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Mid-Atlantic region (USA)
  • Local time:08:50 AM

Posted 02 March 2012 - 06:10 AM

Thanks very much for your respective views and information, Quietman7 and Animal!

spc3rd

Dell Optiplex 755 Desktop | Win 7 Pro, SP 1, 64-bit | Intel Core 2 Duo, 3.00 gHz CPU | 8 GB RAM | 400 GB Seagate SATA HDD | Outpost Security Suite Pro | MBAM Premium 2.0 | Spywareblaster | SAS (on-demand) | Blocklist Pro | IE 11 & FF w/ NoScript | Disconnect | Adblock Plus | Flagfox


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:50 AM

Posted 02 March 2012 - 07:04 AM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users