Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Outbound Connection Blocked by Malwarebytes, not being picked up by scan


  • Please log in to reply
1 reply to this topic

#1 tommyboy611

tommyboy611

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 30 January 2017 - 09:45 PM

Hi all,

 

Today I opened a phishing email (first time ever, I feel pretty bad). I immediately deleted the file attachment that came from the email and downloaded and ran Malwarebytes and Windows Defender. Neither of these programs found any threats. However, this evening Malwarebytes has notified me a few times that it has blocked outbound connections coming from msiexec.exe --- I pasted one of the reports below this post. I again ran the different scans (Malwarebytes, ESET, etc) and again they found no threats. Is Malwarebytes being picky about outbound connections or do I have a virus? Thanks in advance for your help,

 

Tommyboy611

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Protection Event Date: 1/30/17
Protection Event Time: 9:28 PM
Logfile: 
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1140
License: Trial
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System
 
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
 
-Website Data-
Domain: rowatterding.ru
IP Address: 198.105.244.69
Port: [61479]
Type: Outbound
File: C:\Windows\SysWOW64\msiexec.exe
 
 
 
(end)

Edited by tommyboy611, 30 January 2017 - 09:51 PM.


BC AdBot (Login to Remove)

 


#2 tommyboy611

tommyboy611
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 30 January 2017 - 10:13 PM

Update: Just noticed that ESET is also blocking some connections. Example log below:

 

Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here
1/30/2017 10:09:18 PM;HTTP network protection;file;http://hecknoforheg.ru/bdk/gate.php;Win32/Spy.Zbot.ABV trojan;connection terminated;LAPTOP-B73NHQ88\Thomas Cummings;Threat was detected upon access to web by the application: C:\Windows\SysWOW64\msiexec.exe.;F181781772CE5377493DFE0C88F266766B3048AF;





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users