Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Successfully blocked access to a potentially malicious website: 37.1.206.9


  • Please log in to reply
7 replies to this topic

#1 allwinkjoy

allwinkjoy

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 21 February 2014 - 08:39 AM

I have been having an issue with my assembled desktop computer running on Windows 7 32 bit. I have installed MalwareBytes Anti-malware. Recently, it started showing pop ups saying "Successfully blocked access to a potentially malicious website (IP No. 37.1.206.9)" and the process is shown to be  svchost.exe (outgoing). I have tried scanning with Malwarebytes, both quick and full scan, but still the pop ups come back time and again. I fear there is some serious breach of security. Please advise.



BC AdBot (Login to Remove)

 


#2 bassfisher6522

bassfisher6522

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:57 PM

Posted 21 February 2014 - 09:31 AM

No no...that's Malwarebytes doing it's job of blocking bots looking for backdoors to infiltrate your system....those popups are normal. I see them all the time...especially more so on certain websites and forums I use. It just depends on what kind of security those website have in place...some have better protection than others.


Edited by bassfisher6522, 21 February 2014 - 09:32 AM.


#3 bassfisher6522

bassfisher6522

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:57 PM

Posted 21 February 2014 - 09:33 AM

If you do get an infection you will see a different message altogether.



#4 allwinkjoy

allwinkjoy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 21 February 2014 - 09:50 AM

Yes, I understand that Malwarebytes is doing its job quite well, but there is another thing i noticed. I use a wifi hotspot on my desktop computer to share its broadband internet with my laptop. My laptop, which is connected to the internet via wifi hotspot on my desktop PC, doesn't face any such intrusion. But when I directly connect my laptop to the broadband router, the same popups continue on my laptop also.

 

The malwarebyte popup is something like this

 

"Successfully blocked access to a potentially malicious website: 37.1.206.9"

type: outgoing

process: svchost.exe

 

This happens to any computer that is connected to my Dlink broadband router. These pop ups come up frequently, and are quite annoying. Please advise how to make the intrusion stop and the pop ups as well.



#5 allwinkjoy

allwinkjoy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 21 February 2014 - 09:59 AM

Since, the process is outgoing, I feel something in the system is trying to access a malicious website, and Malwarebyte is blocking it. I want to find out what the malicious program is, and get it quarantined or deleted. So, far, I have tried Malwarebytes, TDSSKiller, Combofix. Got some adwares removed, but still the popups continue. Please help me.



#6 bassfisher6522

bassfisher6522

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:57 PM

Posted 21 February 2014 - 10:24 AM

Have you tried googling the IP number? I get a bunch of hits related to that IP address you posted. Then start looking through the registy for any of the names listed in the search and remove accordingly. Also check your programs list from the control panel for anysoftware installed that might fit the profile of any thing from the searched IP list. Then remove if any is found.


Edited by bassfisher6522, 21 February 2014 - 10:25 AM.


#7 allwinkjoy

allwinkjoy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 21 February 2014 - 10:34 AM

Yes, I googled the ip address and traced it to a 3NT Solutions LLC, under the name of Neil Young. No idea which adware they put in my PC. Can you tell me how and where to look for it in the registry?



#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:57 PM

Posted 21 February 2014 - 01:20 PM

Hi,

 

Since the process is svchost.exe, that's not normal. If you are using peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, Kontiki, BitTorrent, uTorrent, BitLord, BitLord, BearShare, Azureus/Vuze, Skype, etc) or an Instant messaging (IM) client, they can trigger Malicious Website Blocking alerts. Are you using any of these programs, or ones similar?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users