Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes Blocking Access To A Potential Harmful Site


  • Please log in to reply
8 replies to this topic

#1 Mista99

Mista99

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 19 April 2012 - 10:24 PM

Hi,
I am wondering just why my malwarebytes program keeps blocking incoming and outgoing access to a potential harmful website..I have the IP address and did a Whois on the address and it came up to a German website...www.3raphegatastus, as far as I know I do not have any dealings with these guys.

These are the sites details, am wondering if I can permanantely block this IP address somehow

IP Information for 83.133.124.191
IP Location: Germany Germany Hanau Lambdanet Communications Deutschland Ag
ASN: AS31197
IP Address: 83.133.124.191 [Whois] [Reverse-Ip] [Ping] [DNS Lookup] [Traceroute]
Reverse IP: 2 websites use this address. (examples: 3raphegatastusus.com bmeyymltec-k98rws6sw.com)

inetnum: 83.133.96.0 - 83.133.127.255
netname: LNCDE-GREATNET-NEWMEDIA
descr: Greatnet New Media.
country: DE
admin-c: FL1331-RIPE
tech-c: FL1331-RIPE
status: ASSIGNED PA
mnt-by: LNC-MNT
mnt-lower: LNC-MNT
source: RIPE # Filtered

person: Frazzetta Lindner
address: Greatnet New Media
address: Brentenstrasse 4a
address: D-83734 Hausham
address: Germany
phone: +49 1805 47328638
fax-no: +49 1805 444894696
nic-hdl: FL1331-RIPE
abuse-mailbox:
mnt-by: LNC-MNT
source: RIPE # Filtered

route: 83.133.0.0/16
descr: Lambdanet Operations - German region
origin: AS13237
mnt-by: LNC-MNT
source: RIPE # Filtered

BC AdBot (Login to Remove)

 


#2 jburd1800

jburd1800

  • Members
  • 565 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 19 April 2012 - 10:40 PM

Sounds like MBam is doing it's job :thumbup2:

“May the sun bring you new energy by day, may the moon softly restore you by night, may the rain wash away your worries, may the breeze blow new strength into your being, may you walk gently thorugh the world and know it's beauty all the days of your life.”


#3 Mista99

Mista99
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 19 April 2012 - 11:05 PM

That it is, but is this a harmful site?

#4 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,752 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:03:40 AM

Posted 19 April 2012 - 11:11 PM

What are you doing or what site are you on when that MBAM block appears?

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#5 Mista99

Mista99
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 19 April 2012 - 11:20 PM

I am doing nothing but being on this site

#6 Mista99

Mista99
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 19 April 2012 - 11:44 PM

am getting alerts from my Panda Scanner now saying

Adware Detected
Adware name: Adware/FakeAv
file found in C:\Windows\System32\randomly named.dll file

ran my Mbam it found nothing

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:40 AM

Posted 20 April 2012 - 08:29 AM

Did Panda successfully remove the file and stop notifying about the detection?

Malwarebytes Anti-Malware IP Protection (malicious website blocking) is part of the Protection Module and works after it is enabled. When attempting to go to a potential malicious website, Malwarebytes will block the attempt and provide an alert. Notification that an IP address has been blocked does not necessarily mean the computer is infected. Some legitimate programs on your computer (i.e. iTunes, Instant Messenger client, P2P programs, web browsers)) have access to the Internet and that action can trigger an IP alert if it tried to access a malicious IP address. These events are stored in the "protection-log". Your firewall should be able to give you a list of such programs so you can confirm if they are legitimate. IP Protection is also designed to block incoming connections it determines to be malicious. Botnets and Zombie computers scour the net, randomly scanning a block of IP addresses, searching for vulnerable ports - commonly probed ports and make repeated attempts to access them. Hackers use "port scanning", a popular reconnaissance technique, to search for vulnerable computers with open ports using IP addresses or a group of random IP address ranges so they can break in and install malicious programs. Malwarebytes is doing its job by blocking this kind of traffic and alerting you about these intrusion attempts and the events are stored in the "protection-log".

More information about IP Protection can be found in the Malwarebytes Anti-Malware IP Protection FAQs.

What does IP Protection do?
IP Protection provides an additional layer of security for your computer, by preventing access to known malicious IP addresses and IP ranges...

What does this notification mean?
This notification means quite simply, that an IP address has been blocked. It does NOT necessarily mean you are infected, it simply means a program on your computer (e.g. your browser, IM program, P2P program etc), tried accessing a malicious IP address...

Other FAQs about IP Protection
How does it do this?
How does it inform you?
I got an alert and I wasn't even surfing, how's that happen?
I received a notification on a safe site, why?
How do I disable this?
I got an alert for an IP or website I think is safe, how can I report it?
Does the IP Protection replace my firewall?
Where do I find the IP Protection logs?
How can I add an IP so it won't be detected and can access a site I need to?[/b]


If you are using peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, Kontiki, BitTorrent, uTorrent, BitLord, BitLord, BearShare, Azureus/Vuze, etc) or an Instant messaging (IM) client, be aware they can trigger IP Protection alerts. Why? P2P programs are a security risk which can make your system susceptible to a smörgåsbord of malware infections and remote attacks. Malwarebytes IP Protection will block access to some of the peers a P2P client attempts connection to because they are classified or detected as malicious. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup and to allow other P2P users on the same network open access to a shared directory on your computer.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Mista99

Mista99
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 20 April 2012 - 03:34 PM

Yes Panda asks me to delete the program which I do, but it catches another dll file every hour or so, sometimes 2 in a row

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:40 AM

Posted 20 April 2012 - 05:12 PM

Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!
-- The tool is frequently updated...if you used TDSSKiller previously, delete that version and download the most current one before using again.

Be sure to print out and follow these instructions for performing a scan.
  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
  • Alternatively, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.
  • When the program opens, click the Change parameters.

    Posted Image

  • Under "Additional options", check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.

    Posted Image

  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
  • If Malicious objects are detected, they will show in the Scan results - Select action for found objects and offer three options.

    Posted Image

  • Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.

    Posted Image

  • Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else before beginning the download and saving to the computer or to perform the scan in "safe mode".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users