Malwarebytes keeps blocking a malicous IP, outgoing

Discussion in 'Computer Information' started by Julie Bove, Apr 18, 2013.

  1. Julie Bove

    Julie Bove Guest

    I know that this happened before but I can't remember why. And now it's
    happening again. Really annoying because I am going to known websites. How
    can I stop this?
     
    Julie Bove, Apr 18, 2013
    #1
    1. Advertising

  2. Julie Bove

    Paul Guest

    Julie Bove wrote:
    > I know that this happened before but I can't remember why. And now it's
    > happening again. Really annoying because I am going to known websites. How
    > can I stop this?
    >
    >


    "Malwarebytes keeps blocking an IP address?"

    http://answers.yahoo.com/question/index?qid=20091023200702AADBXYE

    It could be something minor, as the original poster in that
    question discovered.

    One of the other answerers, is basically claiming that Malwarebytes
    blocks ranges of IP addresses. It's either that, or perhaps
    Malwarebytes is subscribing to one of the services that collects
    "bad guy" lists. A couple of the search engines keep their own lists,
    and there are sites like siteadvisor.com (McAfee). Here, I'm testing
    "google.com" to see if it is safe :) So this is site specific, rather
    than just blacklisting the ISP or host providing their services.

    http://www.siteadvisor.com/sites/google.com

    I see that when I re-tried a site I searched for, a while ago,
    siteadvisor had not indexed or tested it. So when that web server
    has no information on a web site, there's no guarantee they'll ever
    check it. I guess more than one person has to do a query, before
    they waste the (automated) effort.

    *******

    To answer your question, you figure out how your machine has
    been (very slightly) compromised. Maybe it's just something
    updating cookies.

    I use a packet sniffer (which would be a way to see what
    conversations might be getting Malwarebytes upset), and
    such a tool offers no guarantees about anything. Malware
    could modify the response of such a tool, with great ease
    (since the number of packet sniffer programs isn't that large,
    and source is probably available for this one).

    The packet sniffer collects a log of IP addresses visited.
    I can sort of backtrack through that log, for the last couple
    hours surfing, and sometimes figure out what's been happening.
    A lot of the scummy activity on the web now,
    the people behind it use providers like Akamai, and then the
    node names are pretty well meaningless. So the odds of
    seeing something in such a log, that answers your question,
    is strictly limited. Still, I keep running mine, in the hope
    that if my machine is compromised some day, I can at least
    trace back to T=0 and figure out what site is hosting the
    stuff (to warn others).

    http://en.wikipedia.org/wiki/Wireshark

    At one time, that tool was very easy on CPU. Now, I find it
    using maybe 5-7% in the background, and I don't know why
    it is doing that. It should really be event based, and
    there should only be a tiny bit of activity, when a
    packet is sent or received. I don't know why it's chewing
    up cycles. But it's certainly better than just wondering
    why the network light is flashing on the router. I don't like
    to see flashing, that I can't account for.

    Paul
     
    Paul, Apr 18, 2013
    #2
    1. Advertising

  3. Julie Bove

    Julie Bove Guest

    "Paul" <> wrote in message
    news:kkocpq$1p5$...
    > Julie Bove wrote:
    >> I know that this happened before but I can't remember why. And now it's
    >> happening again. Really annoying because I am going to known websites.
    >> How can I stop this?

    >
    > "Malwarebytes keeps blocking an IP address?"
    >
    > http://answers.yahoo.com/question/index?qid=20091023200702AADBXYE
    >
    > It could be something minor, as the original poster in that
    > question discovered.
    >
    > One of the other answerers, is basically claiming that Malwarebytes
    > blocks ranges of IP addresses. It's either that, or perhaps
    > Malwarebytes is subscribing to one of the services that collects
    > "bad guy" lists. A couple of the search engines keep their own lists,
    > and there are sites like siteadvisor.com (McAfee). Here, I'm testing
    > "google.com" to see if it is safe :) So this is site specific, rather
    > than just blacklisting the ISP or host providing their services.
    >
    > http://www.siteadvisor.com/sites/google.com
    >
    > I see that when I re-tried a site I searched for, a while ago,
    > siteadvisor had not indexed or tested it. So when that web server
    > has no information on a web site, there's no guarantee they'll ever
    > check it. I guess more than one person has to do a query, before
    > they waste the (automated) effort.
    >
    > *******
    >
    > To answer your question, you figure out how your machine has
    > been (very slightly) compromised. Maybe it's just something
    > updating cookies.
    >
    > I use a packet sniffer (which would be a way to see what
    > conversations might be getting Malwarebytes upset), and
    > such a tool offers no guarantees about anything. Malware
    > could modify the response of such a tool, with great ease
    > (since the number of packet sniffer programs isn't that large,
    > and source is probably available for this one).
    >
    > The packet sniffer collects a log of IP addresses visited.
    > I can sort of backtrack through that log, for the last couple
    > hours surfing, and sometimes figure out what's been happening.
    > A lot of the scummy activity on the web now,
    > the people behind it use providers like Akamai, and then the
    > node names are pretty well meaningless. So the odds of
    > seeing something in such a log, that answers your question,
    > is strictly limited. Still, I keep running mine, in the hope
    > that if my machine is compromised some day, I can at least
    > trace back to T=0 and figure out what site is hosting the
    > stuff (to warn others).
    >
    > http://en.wikipedia.org/wiki/Wireshark
    >
    > At one time, that tool was very easy on CPU. Now, I find it
    > using maybe 5-7% in the background, and I don't know why
    > it is doing that. It should really be event based, and
    > there should only be a tiny bit of activity, when a
    > packet is sent or received. I don't know why it's chewing
    > up cycles. But it's certainly better than just wondering
    > why the network light is flashing on the router. I don't like
    > to see flashing, that I can't account for.
    >
    > Paul


    Thanks! I think the last time this happened, I merely updated the
    Malwarebytes database and it cured the problem. But I can't remember who
    told me to do that. I did try it last night and it didn't help. But I did
    it again just a little while ago and it seems like it is no longer doing it.
    I will look into the packet sniffer.
     
    Julie Bove, Apr 18, 2013
    #3
  4. Julie Bove

    Paul Guest

    Julie Bove wrote:
    > "Paul" <> wrote in message
    > news:kkocpq$1p5$...
    >> Julie Bove wrote:
    >>> I know that this happened before but I can't remember why. And now it's
    >>> happening again. Really annoying because I am going to known websites.
    >>> How can I stop this?

    >> "Malwarebytes keeps blocking an IP address?"
    >>
    >> http://answers.yahoo.com/question/index?qid=20091023200702AADBXYE
    >>
    >> It could be something minor, as the original poster in that
    >> question discovered.
    >>
    >> One of the other answerers, is basically claiming that Malwarebytes
    >> blocks ranges of IP addresses. It's either that, or perhaps
    >> Malwarebytes is subscribing to one of the services that collects
    >> "bad guy" lists. A couple of the search engines keep their own lists,
    >> and there are sites like siteadvisor.com (McAfee). Here, I'm testing
    >> "google.com" to see if it is safe :) So this is site specific, rather
    >> than just blacklisting the ISP or host providing their services.
    >>
    >> http://www.siteadvisor.com/sites/google.com
    >>
    >> I see that when I re-tried a site I searched for, a while ago,
    >> siteadvisor had not indexed or tested it. So when that web server
    >> has no information on a web site, there's no guarantee they'll ever
    >> check it. I guess more than one person has to do a query, before
    >> they waste the (automated) effort.
    >>
    >> *******
    >>
    >> To answer your question, you figure out how your machine has
    >> been (very slightly) compromised. Maybe it's just something
    >> updating cookies.
    >>
    >> I use a packet sniffer (which would be a way to see what
    >> conversations might be getting Malwarebytes upset), and
    >> such a tool offers no guarantees about anything. Malware
    >> could modify the response of such a tool, with great ease
    >> (since the number of packet sniffer programs isn't that large,
    >> and source is probably available for this one).
    >>
    >> The packet sniffer collects a log of IP addresses visited.
    >> I can sort of backtrack through that log, for the last couple
    >> hours surfing, and sometimes figure out what's been happening.
    >> A lot of the scummy activity on the web now,
    >> the people behind it use providers like Akamai, and then the
    >> node names are pretty well meaningless. So the odds of
    >> seeing something in such a log, that answers your question,
    >> is strictly limited. Still, I keep running mine, in the hope
    >> that if my machine is compromised some day, I can at least
    >> trace back to T=0 and figure out what site is hosting the
    >> stuff (to warn others).
    >>
    >> http://en.wikipedia.org/wiki/Wireshark
    >>
    >> At one time, that tool was very easy on CPU. Now, I find it
    >> using maybe 5-7% in the background, and I don't know why
    >> it is doing that. It should really be event based, and
    >> there should only be a tiny bit of activity, when a
    >> packet is sent or received. I don't know why it's chewing
    >> up cycles. But it's certainly better than just wondering
    >> why the network light is flashing on the router. I don't like
    >> to see flashing, that I can't account for.
    >>
    >> Paul

    >
    > Thanks! I think the last time this happened, I merely updated the
    > Malwarebytes database and it cured the problem. But I can't remember who
    > told me to do that. I did try it last night and it didn't help. But I did
    > it again just a little while ago and it seems like it is no longer doing it.
    > I will look into the packet sniffer.
    >
    >


    There is this report. I noticed this when checking
    the daily news here. This doesn't sound like your problem,
    but the fact this happened Wednesday might not be a
    coincidence.

    http://www.theinquirer.net/inquirer...urity-update-wipes-out-thousands-of-computers

    Paul
     
    Paul, Apr 18, 2013
    #4
  5. Julie Bove

    Julie Bove Guest

    "Paul" <> wrote in message
    news:kkoh7o$sbc$...
    > Julie Bove wrote:
    >> "Paul" <> wrote in message
    >> news:kkocpq$1p5$...
    >>> Julie Bove wrote:
    >>>> I know that this happened before but I can't remember why. And now
    >>>> it's happening again. Really annoying because I am going to known
    >>>> websites. How can I stop this?
    >>> "Malwarebytes keeps blocking an IP address?"
    >>>
    >>> http://answers.yahoo.com/question/index?qid=20091023200702AADBXYE
    >>>
    >>> It could be something minor, as the original poster in that
    >>> question discovered.
    >>>
    >>> One of the other answerers, is basically claiming that Malwarebytes
    >>> blocks ranges of IP addresses. It's either that, or perhaps
    >>> Malwarebytes is subscribing to one of the services that collects
    >>> "bad guy" lists. A couple of the search engines keep their own lists,
    >>> and there are sites like siteadvisor.com (McAfee). Here, I'm testing
    >>> "google.com" to see if it is safe :) So this is site specific, rather
    >>> than just blacklisting the ISP or host providing their services.
    >>>
    >>> http://www.siteadvisor.com/sites/google.com
    >>>
    >>> I see that when I re-tried a site I searched for, a while ago,
    >>> siteadvisor had not indexed or tested it. So when that web server
    >>> has no information on a web site, there's no guarantee they'll ever
    >>> check it. I guess more than one person has to do a query, before
    >>> they waste the (automated) effort.
    >>>
    >>> *******
    >>>
    >>> To answer your question, you figure out how your machine has
    >>> been (very slightly) compromised. Maybe it's just something
    >>> updating cookies.
    >>>
    >>> I use a packet sniffer (which would be a way to see what
    >>> conversations might be getting Malwarebytes upset), and
    >>> such a tool offers no guarantees about anything. Malware
    >>> could modify the response of such a tool, with great ease
    >>> (since the number of packet sniffer programs isn't that large,
    >>> and source is probably available for this one).
    >>>
    >>> The packet sniffer collects a log of IP addresses visited.
    >>> I can sort of backtrack through that log, for the last couple
    >>> hours surfing, and sometimes figure out what's been happening.
    >>> A lot of the scummy activity on the web now,
    >>> the people behind it use providers like Akamai, and then the
    >>> node names are pretty well meaningless. So the odds of
    >>> seeing something in such a log, that answers your question,
    >>> is strictly limited. Still, I keep running mine, in the hope
    >>> that if my machine is compromised some day, I can at least
    >>> trace back to T=0 and figure out what site is hosting the
    >>> stuff (to warn others).
    >>>
    >>> http://en.wikipedia.org/wiki/Wireshark
    >>>
    >>> At one time, that tool was very easy on CPU. Now, I find it
    >>> using maybe 5-7% in the background, and I don't know why
    >>> it is doing that. It should really be event based, and
    >>> there should only be a tiny bit of activity, when a
    >>> packet is sent or received. I don't know why it's chewing
    >>> up cycles. But it's certainly better than just wondering
    >>> why the network light is flashing on the router. I don't like
    >>> to see flashing, that I can't account for.
    >>>
    >>> Paul

    >>
    >> Thanks! I think the last time this happened, I merely updated the
    >> Malwarebytes database and it cured the problem. But I can't remember who
    >> told me to do that. I did try it last night and it didn't help. But I
    >> did it again just a little while ago and it seems like it is no longer
    >> doing it. I will look into the packet sniffer.

    >
    > There is this report. I noticed this when checking
    > the daily news here. This doesn't sound like your problem,
    > but the fact this happened Wednesday might not be a
    > coincidence.
    >
    > http://www.theinquirer.net/inquirer...urity-update-wipes-out-thousands-of-computers
    >
    > Paul


    Oh wow! That doesn't look good. But I don't think it is my problem. I
    actually started having problems about a week prior to this but not the same
    problems. And the problem does continue although I am not getting that
    popup as frequently as I was before. Thanks!
     
    Julie Bove, Apr 19, 2013
    #5
  6. Julie Bove

    Julie Bove Guest

    "Julie Bove" <> wrote in message
    news:kkpv64$bsa$...
    >
    > "Paul" <> wrote in message
    > news:kkoh7o$sbc$...
    >> Julie Bove wrote:
    >>> "Paul" <> wrote in message
    >>> news:kkocpq$1p5$...
    >>>> Julie Bove wrote:
    >>>>> I know that this happened before but I can't remember why. And now
    >>>>> it's happening again. Really annoying because I am going to known
    >>>>> websites. How can I stop this?
    >>>> "Malwarebytes keeps blocking an IP address?"
    >>>>
    >>>> http://answers.yahoo.com/question/index?qid=20091023200702AADBXYE
    >>>>
    >>>> It could be something minor, as the original poster in that
    >>>> question discovered.
    >>>>
    >>>> One of the other answerers, is basically claiming that Malwarebytes
    >>>> blocks ranges of IP addresses. It's either that, or perhaps
    >>>> Malwarebytes is subscribing to one of the services that collects
    >>>> "bad guy" lists. A couple of the search engines keep their own lists,
    >>>> and there are sites like siteadvisor.com (McAfee). Here, I'm testing
    >>>> "google.com" to see if it is safe :) So this is site specific, rather
    >>>> than just blacklisting the ISP or host providing their services.
    >>>>
    >>>> http://www.siteadvisor.com/sites/google.com
    >>>>
    >>>> I see that when I re-tried a site I searched for, a while ago,
    >>>> siteadvisor had not indexed or tested it. So when that web server
    >>>> has no information on a web site, there's no guarantee they'll ever
    >>>> check it. I guess more than one person has to do a query, before
    >>>> they waste the (automated) effort.
    >>>>
    >>>> *******
    >>>>
    >>>> To answer your question, you figure out how your machine has
    >>>> been (very slightly) compromised. Maybe it's just something
    >>>> updating cookies.
    >>>>
    >>>> I use a packet sniffer (which would be a way to see what
    >>>> conversations might be getting Malwarebytes upset), and
    >>>> such a tool offers no guarantees about anything. Malware
    >>>> could modify the response of such a tool, with great ease
    >>>> (since the number of packet sniffer programs isn't that large,
    >>>> and source is probably available for this one).
    >>>>
    >>>> The packet sniffer collects a log of IP addresses visited.
    >>>> I can sort of backtrack through that log, for the last couple
    >>>> hours surfing, and sometimes figure out what's been happening.
    >>>> A lot of the scummy activity on the web now,
    >>>> the people behind it use providers like Akamai, and then the
    >>>> node names are pretty well meaningless. So the odds of
    >>>> seeing something in such a log, that answers your question,
    >>>> is strictly limited. Still, I keep running mine, in the hope
    >>>> that if my machine is compromised some day, I can at least
    >>>> trace back to T=0 and figure out what site is hosting the
    >>>> stuff (to warn others).
    >>>>
    >>>> http://en.wikipedia.org/wiki/Wireshark
    >>>>
    >>>> At one time, that tool was very easy on CPU. Now, I find it
    >>>> using maybe 5-7% in the background, and I don't know why
    >>>> it is doing that. It should really be event based, and
    >>>> there should only be a tiny bit of activity, when a
    >>>> packet is sent or received. I don't know why it's chewing
    >>>> up cycles. But it's certainly better than just wondering
    >>>> why the network light is flashing on the router. I don't like
    >>>> to see flashing, that I can't account for.
    >>>>
    >>>> Paul
    >>>
    >>> Thanks! I think the last time this happened, I merely updated the
    >>> Malwarebytes database and it cured the problem. But I can't remember
    >>> who told me to do that. I did try it last night and it didn't help.
    >>> But I did it again just a little while ago and it seems like it is no
    >>> longer doing it. I will look into the packet sniffer.

    >>
    >> There is this report. I noticed this when checking
    >> the daily news here. This doesn't sound like your problem,
    >> but the fact this happened Wednesday might not be a
    >> coincidence.
    >>
    >> http://www.theinquirer.net/inquirer...urity-update-wipes-out-thousands-of-computers
    >>
    >> Paul

    >
    > Oh wow! That doesn't look good. But I don't think it is my problem. I
    > actually started having problems about a week prior to this but not the
    > same problems. And the problem does continue although I am not getting
    > that popup as frequently as I was before. Thanks!


    Whatever this was, it resolved itself. But... I do think that it somehow
    related to some banner ad.
     
    Julie Bove, Apr 23, 2013
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. ~BD~

    Malwarebytes' Anti-Malware

    ~BD~, Feb 12, 2009, in forum: Computer Security
    Replies:
    10
    Views:
    1,101
  2. Craig Sutton

    Re: Malwarebytes Anti-Malware

    Craig Sutton, Apr 28, 2009, in forum: NZ Computing
    Replies:
    4
    Views:
    434
    Lawrence D'Oliveiro
    May 1, 2009
  3. Woger

    Re: Malwarebytes Anti-Malware

    Woger, Apr 28, 2009, in forum: NZ Computing
    Replies:
    9
    Views:
    431
    Lawrence D'Oliveiro
    Apr 30, 2009
  4. Replies:
    3
    Views:
    2,037
    David H. Lipman
    Sep 9, 2009
  5. Beauregard T. Shagnasty

    Re: AdAware vs. Malwarebytes

    Beauregard T. Shagnasty, Dec 23, 2009, in forum: Computer Support
    Replies:
    4
    Views:
    1,683
    Beauregard T. Shagnasty
    Dec 23, 2009
Loading...

Share This Page