Jump to content

Recommended Posts

Hello, MBAM Forum. I play Mount and Blade: Warband, and its expansion, Napoleonic Wars quite a bit on Steam. Starting a few weeks ago (3-5), I began getting IP Blocks from my copy of MBAM Pro. Each time, its the same address from the same location. Using a IP lookup (whatismyipaddress), I've discovered that its in the geographic center of Ukraine. I was wondering, What does it mean?

 

 

I've been running scans each day with all programs that I have (MBAM Pro, Avast! Free antivirus, and Norton 360), and none come up with anything wrong except Norton and random Tracking Cookies with what is usually does. I've posted on the makers of the game's forum for support, but to no avail. Mind helping me out on this one?

Link to post
Share on other sites

Hello and welcome, DisgruntledCarthaginian: :)

 

Disclaimer: I do not personally use Steam & I am only a home user, not staff or a computer expert.

Without the protection logs showing the process and the IP being blocked, it's hard to say for sure.

 

Some general information:

IP blocks can indicate a number of things:

  • They could indicate that MBAM is doing its job of blocking bad content on websites.
  • In some cases the blocks are a false positive.
  • However, they can also be a sign of infection, especially if the blocks are outgoing and they occur when no browsers are open.

--> There is more information about the IP blocking module in the in the Help Desk topics HERE and HERE and HERE, and in the FAQ - Section G.
They also contain instructions on how to determine what process might be trying to make the connections.
You may also research the IP in question at www.ip-lookup.net or a similar site.

On the other hand, if you think the IP blocks might be a false positive, then please read this pinned topic before starting a new topic in the Website Blocking False Positives sub-forum.

Alternatively, if you think you might be infected, based on the IP blocks and/or other suspicious computer behavior, then please read the following for the available options to have a malware expert assist you with the cleaning process Available Assistance For Possibly Infected Computers.

Under the circumstances, this would probably be the safest plan of action at this time.

The expert help in the malware removal section of the forum is free.

 

>>Also, you said that you ran both Avast! and Norton 360?

Having more than 1 anti-virus (AV) installed on your system actually increases your vulnerability; it can also cause system slowdowns, crashes and other problems.

When you get assistance for the IP blocks, the expert helping you will undoubtedly suggest that you completely uninstall one or the other.

Thanks,

daledoc1

Link to post
Share on other sites

Hello and welcome, DisgruntledCarthaginian: :)

 

Disclaimer: I do not personally use Steam & I am only a home user, not staff or a computer expert.

Without the protection logs showing the process and the IP being blocked, it's hard to say for sure.

 

Some general information:

IP blocks can indicate a number of things:

  • They could indicate that MBAM is doing its job of blocking bad content on websites.
  • In some cases the blocks are a false positive.
  • However, they can also be a sign of infection, especially if the blocks are outgoing and they occur when no browsers are open.

--> There is more information about the IP blocking module in the in the Help Desk topics HERE and HERE and HERE, and in the FAQ - Section G.

They also contain instructions on how to determine what process might be trying to make the connections.

You may also research the IP in question at www.ip-lookup.net or a similar site.

On the other hand, if you think the IP blocks might be a false positive, then please read this pinned topic before starting a new topic in the Website Blocking False Positives sub-forum.

Alternatively, if you think you might be infected, based on the IP blocks and/or other suspicious computer behavior, then please read the following for the available options to have a malware expert assist you with the cleaning process Available Assistance For Possibly Infected Computers.

Under the circumstances, this would probably be the safest plan of action at this time.

The expert help in the malware removal section of the forum is free.

 

>>Also, you said that you ran both Avast! and Norton 360?

Having more than 1 anti-virus (AV) installed on your system actually increases your vulnerability; it can also cause system slowdowns, crashes and other problems.

When you get assistance for the IP blocks, the expert helping you will undoubtedly suggest that you completely uninstall one or the other.

Thanks,

daledoc1

 

Well, its been happening alot, and nothings been happening, so I just was wondering what it meant.

Link to post
Share on other sites

Hi:
 
Well, the various links I provided explain what it means, how it works, etc. :)
 
It's impossible to say what's specifically happening on your machine without additional information (e.g. the IPs being blocked, the process making the connections, etc).

The location of the IPs in the Ukraine is certainly suspicious.
 
If you would like one of the staff/experts to assist you with this, please post back with the protection logs and both DDS logs, as explained below.
Depending on what these show, you may be referred to the malware removal section of the forum or to the help desk for further assistance.

 

Please post back with these logs as ATTACHMENTS to your next reply:

  • A couple of protection logs, if you have them
  • DDS.txt from DDS
  • Attach.txt from DDS

 
Thanks,
daledoc1

-----------------------------

Step 1 --  Please also upload your 3 most recent Protection module logs:

In Windows XP, these logs are located in: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
In Windows Vista/7/8, these logs are located in: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs


Step 2 -- Run DDS and create 2 logs:

Download DDS from one of the locations below and save it to your Desktop:
dds.scr
dds.com


Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once it is downloaded, you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr or dds.com to run the tool.
Click the Run button if prompted with an Open File - Security Warning dialog box.
A black DOS console should open and run for a moment.

  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please attach both of the following logs to your next reply: DDS.txt and Attach.txt
    --->You can ignore the note about zipping the Attach.txt file in most cases.
Link to post
Share on other sites

 

-----------------------------

Step 1 --  Please also upload your 3 most recent Protection module logs:

In Windows XP, these logs are located in: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

In Windows Vista/7/8, these logs are located in: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs

 

I'll see if I can work on that.

Link to post
Share on other sites

OK, please post back with the protection logs and DDS logs (both of them) when you have them.

 

In the interim, can you at least tell us the exact IP or IPs that is/are being blocked, for starters?

 

Thanks,

 

daledoc1

Want it on the forum or a private message? I can do both, however, I'd like doing the MBAM ones first, and only doing the DDS if needed.

Link to post
Share on other sites

  • Root Admin

IP address: 91.222.138.41

Host name: vps-7524.vps-ukraine.com.ua

91.222.138.41 is from Ukraine(UA) in region Eastern Europe

I'll have one of our Research members check on this and see if I can obtain more information on why we block it and get back to you.

Thanks

Link to post
Share on other sites

Hi, again:
 
Please refer to the previous replies to your inquiry: :)
 

The block is in place due to a plethora of malicious content across the entire /24, and the AS being unresponsive.
https://forums.malwarebytes.org/index.php?showtopic=136005#entry750234


We have no idea. We don't own or play this game and have no control over how it functions. Please contact the game author and ask them why it's reaching out to these sites.

https://forums.malwarebytes.org/index.php?showtopic=136005#entry751300


And as was already suggested.... :)

 

...If you would like a malware expert to assist you with scanning your computer for malware and any cleanup that might be needed, please follow the recommendations in this pinned topic: Available Assistance For Possibly Infected Computers.


Thanks,

daledoc1

Link to post
Share on other sites

  • Root Admin

Just look up any IP yourself on the Web and you can find out where it comes from.  If we're blocking it then its because we feel its a threat to your computer.

If you feel it's a false positive then you can submit it as such.

 

https://forums.malwarebytes.org/index.php?showforum=123

 

Thanks

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.