Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes-popup


  • Please log in to reply
10 replies to this topic

#1 mattytun1514

mattytun1514

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 28 January 2014 - 09:42 AM

Hi ive noticed over the last few days that "Malwarebytes pro" keeps popping up on the bottom right of my windows 7 laptop it pops up about every 5 mins

 

ive ran my antivirus plus Malwarebytes but they come back clean

Any ideas


hhhhhhhh_zpsa828380d.jpg



BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:52 AM

Posted 28 January 2014 - 10:35 AM

Malwarebytes Anti-Malware Malicious Website Blocking (IP Protection) is part of the Protection Module in the Pro version and works after it is enabled. When attempting to go to a potential malicious website, Malwarebytes will block the attempt and provide an alert. An outgoing IP alert indicates that a process on the system tried to load a malicious IP and was prevented from loading content. No action is required unless you're also experiencing malware symptoms or there are multiple IPs. A browser does not have to be running...just an active Internet connection with processes running. Notification that an outgoing IP address has been blocked does not necessarily mean the computer is infected. Some legitimate programs on your computer (i.e. iTunes, Instant Messenger client, SKYPE, P2P software, web browsers) have access to the Internet and that action can trigger an IP alert if it tried to access a malicious IP address. Your firewall should be able to give you a list of such programs so you can confirm if they are legitimate. IP alerts are also triggered by banner ads running on websites.

IP Protection is also designed to block incoming connections it determines to be malicious. Botnets and Zombie computers scour the net, randomly scanning a block of IP addresses, searching for vulnerable ports - commonly probed ports and make repeated attempts to access them. Hackers use "port scanning", a popular reconnaissance technique, to search for vulnerable computers with open ports using IP addresses or a group of random IP address ranges so they can break in and install malicious programs. Malwarebytes is doing its job by blocking this kind of traffic and alerting you about these intrusion attempts.

As noted above, if you are using peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, Kontiki, BitTorrent, uTorrent, BitLord, BitLord, BearShare, Azureus/Vuze, Skype, etc) or an Instant messaging (IM) client, they can trigger Malicious Website Blocking alerts. Why? P2P programs are a security risk which can make your system susceptible to a smörgåsbord of malware infections and remote attacks. Malwarebytes IP Protection will block access to some of the peers a P2P client attempts connection to because they are classified or detected as malicious. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup and to allow other P2P users on the same network open access to a shared directory on your computer.

For more information about Malicious Website Blocking (IP Protection), please refer to:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 mattytun1514

mattytun1514
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 28 January 2014 - 12:32 PM

Thanks ill have a read at the information you sent.. Thanks



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:52 AM

Posted 28 January 2014 - 01:00 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,620 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:52 PM

Posted 28 January 2014 - 05:35 PM

Port 6881 is used by BitTorrent, but explorer.exe is not a BitTorrent client.

 

First impression: looks like a remote BitTorrent client tried to connect to your machine.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:52 AM

Posted 28 January 2014 - 05:54 PM

Good eyes Didier...I couldn't read that with my bifocals even with the screenshot enlarged.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 mattytun1514

mattytun1514
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 29 January 2014 - 08:48 AM

Well the good people at Beeping computers I found "utorrent" on my laptop-windows 7

 

The reason it got there was I went on a long weekend break last week and my brother went onto my laptop and installed a program that was bundled with utorrent... arrrrrrrrrrrrrrg

 

Since I removed Utorrent ive had no Malwarebytes pop-up......... :bananas:



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:52 AM

Posted 29 January 2014 - 09:07 AM

Log in to BC with your brother sometime and have him read the following.

Using any torrent, peer-to-peer (P2P) file sharing program (i.e. Limewire, eMule, Kontiki, BitTorrent, BitComet, uTorrent, BitLord, BearShare, Azureus/Vuze, Skype, etc) or visiting such sites is a security risk which can make your system susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some cases the computer could be turned into a virus honeypot or zombie. File sharing networks are thoroughly infected and infested with malware according to Senior Virus Analyst, Norman ASA. As such, it is not uncommon for some anti-virus/anti-malware disinfection tools to detect torrent related files and programs as a threat and attempt to remove them.

The reason for this is that file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. This practice can make you vulnerable to data and identity theft, system infection and remote access exploit by attackers who can take control of your computer without your knowledge. Even if you change the risky default settings to a safer configuration, downloading files from an anonymous source increases your exposure to infection because the files you are downloading may actually contain a disguised threat. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install malware. Many malicious worms and Trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities. In some instances the infection may cause so much damage to your system that recovery is not possible and a Repair Install will NOT help!. In those cases, the only option is to wipe your drive, reformat and reinstall the OS.

Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The best way to eliminate these risks is to avoid using P2P applications and torrent web sites.

File sharing programs are often bundled with other software (sometimes without the knowledge or consent of the user) and can be the source of various issues and problems to include Adware, and browser hijackers as well as malware.Using such programs or browsing torrent sites is almost a guaranteed way to get yourself infected!!
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 mattytun1514

mattytun1514
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 29 January 2014 - 10:14 AM

:thumbup2:



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:52 AM

Posted 29 January 2014 - 10:17 AM

Safe surfing and have a malware free day.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,620 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:52 PM

Posted 29 January 2014 - 04:24 PM

That explains is

 

Well the good people at Beeping computers I found "utorrent" on my laptop-windows 7

 

The reason it got there was I went on a long weekend break last week and my brother went onto my laptop and installed a program that was bundled with utorrent... arrrrrrrrrrrrrrg

 

Since I removed Utorrent ive had no Malwarebytes pop-up......... :bananas:

That explains it.

 

But also check if nothing else was installed.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users