Malwarebytes keeps blocking a malicous IP, outgoing

Discussion in 'Computer Information' started by Julie Bove, Apr 18, 2013.

  1. Julie Bove

    Julie Bove Guest

    I know that this happened before but I can't remember why. And now it's
    happening again. Really annoying because I am going to known websites. How
    can I stop this?
     
    Julie Bove, Apr 18, 2013
    #1
    1. Advertisements

  2. Julie Bove

    Paul Guest

    "Malwarebytes keeps blocking an IP address?"

    http://answers.yahoo.com/question/index?qid=20091023200702AADBXYE

    It could be something minor, as the original poster in that
    question discovered.

    One of the other answerers, is basically claiming that Malwarebytes
    blocks ranges of IP addresses. It's either that, or perhaps
    Malwarebytes is subscribing to one of the services that collects
    "bad guy" lists. A couple of the search engines keep their own lists,
    and there are sites like siteadvisor.com (McAfee). Here, I'm testing
    "google.com" to see if it is safe :) So this is site specific, rather
    than just blacklisting the ISP or host providing their services.

    http://www.siteadvisor.com/sites/google.com

    I see that when I re-tried a site I searched for, a while ago,
    siteadvisor had not indexed or tested it. So when that web server
    has no information on a web site, there's no guarantee they'll ever
    check it. I guess more than one person has to do a query, before
    they waste the (automated) effort.

    *******

    To answer your question, you figure out how your machine has
    been (very slightly) compromised. Maybe it's just something
    updating cookies.

    I use a packet sniffer (which would be a way to see what
    conversations might be getting Malwarebytes upset), and
    such a tool offers no guarantees about anything. Malware
    could modify the response of such a tool, with great ease
    (since the number of packet sniffer programs isn't that large,
    and source is probably available for this one).

    The packet sniffer collects a log of IP addresses visited.
    I can sort of backtrack through that log, for the last couple
    hours surfing, and sometimes figure out what's been happening.
    A lot of the scummy activity on the web now,
    the people behind it use providers like Akamai, and then the
    node names are pretty well meaningless. So the odds of
    seeing something in such a log, that answers your question,
    is strictly limited. Still, I keep running mine, in the hope
    that if my machine is compromised some day, I can at least
    trace back to T=0 and figure out what site is hosting the
    stuff (to warn others).

    http://en.wikipedia.org/wiki/Wireshark

    At one time, that tool was very easy on CPU. Now, I find it
    using maybe 5-7% in the background, and I don't know why
    it is doing that. It should really be event based, and
    there should only be a tiny bit of activity, when a
    packet is sent or received. I don't know why it's chewing
    up cycles. But it's certainly better than just wondering
    why the network light is flashing on the router. I don't like
    to see flashing, that I can't account for.

    Paul
     
    Paul, Apr 18, 2013
    #2
    1. Advertisements

  3. Julie Bove

    Julie Bove Guest

    Thanks! I think the last time this happened, I merely updated the
    Malwarebytes database and it cured the problem. But I can't remember who
    told me to do that. I did try it last night and it didn't help. But I did
    it again just a little while ago and it seems like it is no longer doing it.
    I will look into the packet sniffer.
     
    Julie Bove, Apr 18, 2013
    #3
  4. Julie Bove

    Paul Guest

    There is this report. I noticed this when checking
    the daily news here. This doesn't sound like your problem,
    but the fact this happened Wednesday might not be a
    coincidence.

    http://www.theinquirer.net/inquirer...urity-update-wipes-out-thousands-of-computers

    Paul
     
    Paul, Apr 18, 2013
    #4
  5. Julie Bove

    Julie Bove Guest

    Oh wow! That doesn't look good. But I don't think it is my problem. I
    actually started having problems about a week prior to this but not the same
    problems. And the problem does continue although I am not getting that
    popup as frequently as I was before. Thanks!
     
    Julie Bove, Apr 19, 2013
    #5
  6. Julie Bove

    Julie Bove Guest

    Whatever this was, it resolved itself. But... I do think that it somehow
    related to some banner ad.
     
    Julie Bove, Apr 23, 2013
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.