Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Remote Connection Detected by Avast


  • Please log in to reply
7 replies to this topic

#1 bl33p

bl33p

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:27 PM

Posted 08 February 2017 - 06:47 PM

Hey there fellow bleepers,

 

I was wondering if could receive your opinion on whether or not one of my computers is infected - it seems that every time I connect to my home internet connection, avast proceeds to block a malware object named "https://131.253.61.66". After doing a small amount of research, I found that this specific IP is (more or less) associated with microsoft; is it possible that this is a legit connection being recognized as a false positive? 

 

Some other information: 

  • P2P windows updates are disabled. 
  • This computer is connected via VPN 99% of the time. 
  • Rkill, adwcleaner, and a quick MBAM scan all came back clean (logs for the first two are available if necessary).
  • OS is Win10 Professional, 64-bit.

Thanks!


Edited by bl33p, 08 February 2017 - 06:49 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,881 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:27 PM

Posted 08 February 2017 - 07:52 PM

Welcome to BC...

 

My search using the IP tells me the same....a Microsoft address.

 

Attempting to go that address using Firefox browser I get this warning from Firefox:

Your connection is not secure

The owner of 131.253.61.66 has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

Learn more…

Copied from: What does "Your connection is not secure" mean? - Mozilla Support Community

When Firefox connects to a secure website (the URL begins with "https://"), it must verify that the certificate presented by the website is valid and that the encryption is strong enough to adequately protect your privacy. If the certificate cannot be validated or if the encryption is not strong enough, Firefox will stop the connection to the website and instead show an error page.

 

Avast and Firefox are seeing the same problem with that IP address....

My recommendation is to report this to Avast and let them deal with Microsoft.

 

I know Windows 10 does more "spying"  than other Microsoft  OSes. There are websites that will offer instructions for securing and protecting your privacy on Windows 10.

Here is one: What does "Your connection is not secure" mean? - Mozilla Support Community

Another One: Windows 10 violates your privacy by default, here's how you can protect yourself - TechRepublic


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 bl33p

bl33p
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:27 PM

Posted 08 February 2017 - 08:06 PM

Hello,

 

Thank you for the comprehensive analysis. I'll get right onto reporting this to Avast and implementing the changes you've referenced below. 

Mods are welcome to close this post if they wish (though if anyone else has some input to give before that, please feel free).

 

Thank you! :)


Edited by bl33p, 08 February 2017 - 08:07 PM.


#4 buddy215

buddy215

  • BC Advisor
  • 12,881 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:27 PM

Posted 09 February 2017 - 10:42 AM

I edited my last post....

Here is one: How to Configure Windows 10 to Protect Your Privacy

Another One: Windows 10 violates your privacy by default, here's how you can protect yourself - TechRepublic

 

You're welcome...would be interesting to know what Avast has to say.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 RolandJS

RolandJS

  • Members
  • 4,478 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:06:27 PM

Posted 09 February 2017 - 10:55 AM

Possibly, Spybot Anti-Beacon might be useful.  There are several very good utilities that will help minimize telemetry and other "ET calling home" operations.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)

"I heard Spock finally got colander!"  "I believe the word is Kolinahr."  "Oh."


#6 bl33p

bl33p
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:27 PM

Posted 09 February 2017 - 05:28 PM

UPDATE: I created a post on the avast forum space here - if this does not lead to fruition, I will attempt to get into direct contact with Avast's team. 



#7 bl33p

bl33p
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:27 PM

Posted 09 February 2017 - 10:54 PM

UPDATE 2: 

 

Pondus over on the Avast forums linked me to a couple of resources: 

 

 

 

Blacklist check
https://virustotal.com/en/url/1d219b113e1c9014d8c415eebbc83593b6bb0f12cb01d5baf86870544c64b452/analysis/1486679299/

IP history  >>  https://virustotal.com/en/ip-address/131.253.61.66/information/

IP scan  >>  https://www.metadefender.com/#!/results/ip/MTMxLjI1My42MS42Ng==

 

7.8% of VirusTotal's engines report this IP as a malicious site, while around 8.3% of MetaD's engines report the same. Now I'm unsure what to think about this, as it is indeed still associated with Microsoft. A few links looked similar to this:

 

 

1/68 2016-10-27 04:33:55 http://login.live.com/oauth20_authorize.srf?client_id=000000004C14E53C&scope=wl.signin%20wl.ba...

 

Is it possible that this is related to Games for Windows Live?


Edited by bl33p, 09 February 2017 - 10:56 PM.


#8 buddy215

buddy215

  • BC Advisor
  • 12,881 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:06:27 PM

Posted 10 February 2017 - 05:59 AM

Is Avast still blocking the IP address at bootup? It probably is because I'm still getting the Insecure connection warning from Firefox.

 

Free Windows games are ad supported so it is possible that it is calling home to connect to a related Microsoft ad server.

 

You can use CCleaner to view Windows Startups, Tasks and Installed programs. It allows you to Disable or Delete Startups and Tasks.

If you would like me to take a look at those...follow the directions below.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.

 

 

Suggestions not related to what Avast is blocking:

I suggest installing an ad blocker such as Adblock Plus. Once installed, click on the ABP icon at the top of

the browsers it is installed on and choose Filter Preferences. UNcheck the box next to Allow some non-intrusive advertisements.

Adblock Plus :: Add-ons for Firefox   Adblock Plus - Chrome Web Store   Adblock Plus for Edge browser

Adblock Plus for IE

 

Block Third party (ad/ tracking) cookies from installing. Once blocked,  run CCleaner to delete the existing ones.

How to disable third-party cookies in all major web browsers


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users