4 replies to this topic

[Hytec]

Version 1.40 added IP address blocking. My copy now is reporting that a valid IP address is infected. Also it appears that Malwarebytes is scanning the data being downloaded from that site before allowing it to be displayed, which takes 15-20 seconds. However, there does not appear to be any way that I can determine what conditions cause Malwarebytes to report this site, or to tell it that this site is OK.

The IP address is 206.44.108.236 which belongs to Netelligent Hosting Services, Inc. of Laval, QC. I am assuming that one of the 657 companies that Netelligent hosts is an advertiser or link on the primary website site that I'm downloading, which I do many times every day. Also, this is the only site where this condition occurs. BTW, Malwarebytes does not report or log this site after running a Full Scan which is surprising since it has been detected and reported as infected.

Does anyone have a suggestion as to how to correct this condition?

Thanks

[GT500]

Well, I'm not seeing anything bad about that IP, but Steven will have to be the one to take a look at it.

What website are you browsing while this comes up, and what are you trying to download?

You can always right-click on the Malwarebytes' Anti-Mawlare icon down in the lower-right corner of your screen, and select to turn off IP Protection. This is, of course, just a temporary fix.

[Hytec]

The threat report only occurs when I download from Trainboard.com. Unfortunately it occurs with every page associated with that site. Trainboard.com is powered by vBulletin, if that helps.

[Raid]

I have informed Steven of this issue, as soon as is possible we'll see what we can do about this. Sorry for any inconvenience caused.

[MysteryFCM]

Netelligent are sadly, known as a crimeware friendly ISP, which is why their IP ranges are blackholed.

This particular IP however, is on a range owned by American Standard, Inc., and is not actually in the IPBL.

http://hosts-file.ne...=206.44.108.236