Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAM Blocking Outgoing IP's


  • Please log in to reply
3 replies to this topic

#1 Hardieman

Hardieman

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 28 December 2014 - 10:09 PM

Hi

 

As stated in the title my Malwarebytes application is repeatedly blocking foreign outbound IP addresses.  I would take this as some type of malware infection?  However I have not been able to remove/stop it from happening.  

 

I have already followed the steps outlined here: "http://www.bleepingcomputer.com/forums/t/537233/constant-outgoing-traffice-from-random-ip-addresses-being-sent/" but this did not help.  I did run all of the same logs as requested in the above link so i have them ready to go if anyone is willing to help.

 

One last thing as you will notice i am running WHS 2003.

 

Thanks in advance :)



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,932 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:23 PM

Posted 29 December 2014 - 12:59 PM

An outgoing IP alert indicates that a process on your system tried to access a malicious IP and was prevented from loading content onto your system. A browser is not required to be running for an alert to occur...just an active Internet connection with processes running. IP alerts are also triggered by banner ads appearing on websites since in some case these ads are malicious. Notification that an outgoing IP address has been blocked does not necessarily mean the computer is infected. Some legitimate programs on your computer (i.e. iTunes, Instant Messenger client, SKYPE, P2P software, web browsers) have access to the Internet and that action can trigger an IP alert if it tried to access a malicious IP address. No action is required unless you're also experiencing malware symptoms or there are multiple IPs. Your firewall should be able to give you a list of such programs so you can confirm if they are legitimate.

As noted above, if you are using peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, Kontiki, BitTorrent, uTorrent, BitLord, BitLord, BearShare, Azureus/Vuze, Skype, etc) or an Instant messaging (IM) client, they can trigger Malicious Website Blocking alerts. Why? P2P programs are a security risk which can make your system susceptible to a smörgåsbord of malware infections and remote attacks. Malwarebytes IP Protection will block access to some of the peers a P2P client attempts connection to because they are classified or detected as malicious.If you're not using P2P programs, then further investigation is needed to include examining events in the Malicious Website Blocking protection-logs. Refer to this topic for instructions on how to properly save/export a Scan log...How do I access and save logs from Malwarebytes Anti-Malware?.

If the IP Block shows in the protection log for a legitimate site, that generally indicates when the block was implemented by Malwarebytes, there were sufficient domains housing malware to warrant it. Unfortunately where shared IPs are concerned there will usually be safe domains that get caught in the cross-fire.

You can investigate (search) IP addresses and gather additional information at:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Hardieman

Hardieman
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 30 December 2014 - 12:11 AM

Thank you for the information quietman.

 

I will monitor what IP addresses are now being blocked by MBAM, and investigate the related details from some of the sites you have given me.  I will also double check what services and programs are running that could be causing this issue.

 

Once I have some more information I will report back.  Once again thanks for your help.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,932 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:23 PM

Posted 30 December 2014 - 05:47 AM

You're welcome and good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users