3 replies to this topic

[KingRad]

Recently I had a redirect issue with my computer. When we'd click to go to certain known websites it would direct us other places. I did a system restore and scanned with Malwarebytes and that doesn't seem to be an issue anymore. However, Malwarebytes keeps saying that it has blocked a potentially harmful incoming intrusion. I looked up the IP and it says it's from China. However, after running more scans there are no results coming back. This intrusion will occur even if we aren't at the computer so it has flagged some concern on my end. Here's the log from the last block. Also, It never shows anything as outgoing.

2012/03/28 11:59:53 -0400 RAD MESSAGE Starting protection
2012/03/28 12:00:31 -0400 RAD Owner MESSAGE Protection started successfully
2012/03/28 12:00:34 -0400 RAD Owner MESSAGE Starting IP protection
2012/03/28 12:01:30 -0400 RAD Owner MESSAGE IP Protection started successfully
2012/03/28 12:01:57 -0400 RAD Owner MESSAGE Executing scheduled update: Daily
2012/03/28 12:03:14 -0400 RAD Owner MESSAGE Scheduled update executed successfully: database updated from version v2012.03.26.04 to version v2012.03.28.05
2012/03/28 12:03:14 -0400 RAD Owner MESSAGE Starting database refresh
2012/03/28 12:03:14 -0400 RAD Owner MESSAGE Stopping IP protection
2012/03/28 12:03:14 -0400 RAD Owner MESSAGE IP Protection stopped
2012/03/28 12:03:21 -0400 RAD Owner MESSAGE Database refreshed successfully
2012/03/28 12:03:21 -0400 RAD Owner MESSAGE Starting IP protection
2012/03/28 12:03:23 -0400 RAD Owner MESSAGE IP Protection started successfully
2012/03/28 13:20:07 -0400 RAD Owner IP-BLOCK 221.192.199.49 (Type: incoming)

[orubio]

Hello and welcome to the Malwarebytes support forum. Thank you for choosing Malwarebytes' Anti-Malware as your malware security solution, my name is Oscar Rubio and I'll be assisting you today.

Please click on the link below for more information on our IP Protection Module.

Section G

http://forums.malwar...00

[Haleo]

Hello KingRad and welcome to the Malwarebytes forums!

If you had a redirect issue that you were able to resolve but you are still getting IP blocks that are NOT caused by you surfing the net and happen even when you are not using the computer then there is a chance that you are still infected.

If you think you are infected, here are the steps needed to get your computer cleaned....
Please read the following so that you can begin the cleaning process:
Don't use any temporary file cleaners unless requested - this can cause data loss and make recovery difficult
You have 3 Options that you can choose from as listed below:

• Option 1 —— Free Expert advice in the Malware Removal Forum
  
• Option 2 —— Paying customer -- Contact Support via email
  
• Option 3 —— Premium, Fee-Based Support

OPTION 1

[indent]As we don't deal with malware removal in the General Malwarebytes Anti-Malware Forum, you need to start a topic in the
Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have.

• Please read and follow the directions here, skipping any steps you are unable to complete.
  
• After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification,
  so that you're alerted when someone has replied to your post.
  [indent]

NOTE: Please do not post back to (bump) your topic within the first 48 hours.
Replying to your own posts changes the post count and helpers are looking for topics with zero replies.
If you reply to your own post helpers may think that you're already being helped and thus overlook your post.

• If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
  Or
  
• You may send a Private Message to a Moderator asking for assistance.[/indent]

[/indent]
OPTION 2
[indent]Alternatively, as a paying customer, you can contact the help desk by filling out the form here.[/indent]

OPTION 3

[indent]If you would like to use our Malwarebytes Premium Services, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our Malwarebytes Premium Services support site.[/indent]


Please be patient, someone will assist you as soon as possible.

PS: Please use the "Add Reply" button not the Reply button when you start replying.

[Firefox]

Hello and welcome to MBAM:

Just to add to what orubio has already posted....

IP blocks can indicate that MBAM is doing its job of blocking bad content on websites.

They can also occur when running certain P2P and other programs, such as Skype.
For example, please see this recent post by forum Admin AdvancedSetup about IP blocks and Skype.

See this post explaining the issue from a SKYPE support member regarding IP alerts:
http://forums.malwarebytes.org/index.php?showtopic=83655&view=findpost&p=424248

Until SKYPE is fully uninstalled, these will continue to appear. However there should not be any reduced functionality in SKYPE.


In some cases the blocks are a false positive.

However, they can also be a sign of infection, especially if the blocks are outgoing and they occur when no browsers are open.

There is more information about the IP blocking module in the FAQ - Section G.
It includes instructions on how to set MBAM to ignore a particular IP, if you wish to do so.
It also contains instructions on how to determine what process might be trying to make the connections.
And you may also research the IP in question at www.ip-lookup.net or a similar site.

On the other hand, if you think the IP blocks might be a false positive, then please read this article before starting a new topic in the False Positives forum.

Alternatively, if you think you might be infected, based on the IP blocks and/or other suspicious computer behavior, then please read the following to begin the cleaning process.

• Please print out, read and carefully follow the instructions in the "I'm Infected - What Do I Do Now?" article.
  
• If the infection has so crippled the computer that you cannot complete some or all of the steps, then just do the best you can and start a new topic as described below.

• Then please start a new post in the Malware Removal forum.
  
• When starting your new post, please note the following:
  
• Please do NOT post in a topic started by someone else, even if their problem sounds similar.
  
• Please COPY/PASTE the requested logs into your post, rather than attaching them.
  
• Under options, please be sure to select "track this topic" and "immediate email notification", so you'll know when a helper responds.

• An authorized, trained malware expert will provide free, one-on-one assistance as soon as one becomes available.

• Please be patient - it may be 48 hours or more before a helper can assist you, especially when the forum is very busy.
  
• Please do NOT "bump" your topic or reply back to it for at least 48 hours.
  
• Doing so may cause your topic to be overlooked, as it will appear that you are already being helped.

Please be patient - someone will assist you as soon as possible.

Thanks!