Jump to content


Photo

Persistent Blocking of Outgoing Access


  • Please log in to reply
6 replies to this topic

#1 Cheemag

Cheemag

    New Member

  • Members
  • Pip
  • 23 posts
  • Gender:Male
  • Location:English Region, European Union
  • Interests:Computing, radio.

Posted 14 April 2012 - 05:22 AM

This morning MWB is persistently blocking outgoing access to 199.27.135.184.

I don't understand the concept of outgoing access. Does this mean malware on my
computer is trying to contact 199.27.135.184. MWB scans find nothing. Avast scans
find nothing.

--

Regards,

Cheemag
Regards,

Cheemag.

[Windows-7 Professional 64-bit]

#2 Firefox

Firefox

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 9,991 posts
  • Gender:Male
  • Location:USA

Posted 14 April 2012 - 08:34 AM

Hello and welcome to MBAM:

IP blocks can indicate that MBAM is doing its job of blocking bad content on websites.

They can also occur when running certain P2P and other programs, such as Skype.
For example, please see this recent post by forum Admin AdvancedSetup about IP blocks and Skype.

See this post explaining the issue from a SKYPE support member regarding IP alerts:
http://forums.malwarebytes.org/index.php?showtopic=83655&view=findpost&p=424248

Until SKYPE is fully uninstalled, these will continue to appear. However there should not be any reduced functionality in SKYPE.


In some cases the blocks are a false positive.

However, they can also be a sign of infection, especially if the blocks are outgoing and they occur when no browsers are open.

There is more information about the IP blocking module in the FAQ - Section G.
It includes instructions on how to set MBAM to ignore a particular IP, if you wish to do so.
It also contains instructions on how to determine what process might be trying to make the connections.
And you may also research the IP in question at www.ip-lookup.net or a similar site.

On the other hand, if you think the IP blocks might be a false positive, then please read this article before starting a new topic in the False Positives forum.

Alternatively, if you think you might be infected, based on the IP blocks and/or other suspicious computer behavior, then please read the following to begin the cleaning process.
  • Please print out, read and carefully follow the instructions in the "I'm Infected - What Do I Do Now?" article.
  • If the infection has so crippled the computer that you cannot complete some or all of the steps, then just do the best you can and start a new topic as described below.
  • Then please start a new post in the Malware Removal forum.
  • When starting your new post, please note the following:
  • Please do NOT post in a topic started by someone else, even if their problem sounds similar.
  • Please COPY/PASTE the requested logs into your post, rather than attaching them.
  • Under options, please be sure to select "track this topic" and "immediate email notification", so you'll know when a helper responds.
  • Please be patient - it may be 48 hours or more before a helper can assist you, especially when the forum is very busy.
  • Please do NOT "bump" your topic or reply back to it for at least 48 hours.
  • Doing so may cause your topic to be overlooked, as it will appear that you are already being helped.
Please be patient - someone will assist you as soon as possible.

Thanks!

post-2065-0-92797800-1392234217.jpg


Dell Precision T7500, Win7 Ultimate 64bit fully updated, McAfee Corp Edition v8.8,
Watchguard Firewall, Intel Xeon E5606CPU, Dual Quad Core Processors, 16GB Ram,
E5606 @ 2.13GHz, Nvidia Quadro NVS420, Raid-1 Dual 1TB Sata 10000 rpm Hard Drives
Dual DVD Burners, IE10, Opera, MBAM, MBSB, MBAE


#3 Cheemag

Cheemag

    New Member

  • Members
  • Pip
  • 23 posts
  • Gender:Male
  • Location:English Region, European Union
  • Interests:Computing, radio.

Posted 14 April 2012 - 06:11 PM

Thank you very much for that useful information.

It hasn't come up since, but I'm keeping an eye on the situation with TcpView.

Again thanks;

--

Cheemag
Regards,

Cheemag.

[Windows-7 Professional 64-bit]

#4 Firefox

Firefox

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 9,991 posts
  • Gender:Male
  • Location:USA

Posted 14 April 2012 - 06:26 PM

You are quite welcome, should you have other questions or comments don't hesitate to ask....

post-2065-0-92797800-1392234217.jpg


Dell Precision T7500, Win7 Ultimate 64bit fully updated, McAfee Corp Edition v8.8,
Watchguard Firewall, Intel Xeon E5606CPU, Dual Quad Core Processors, 16GB Ram,
E5606 @ 2.13GHz, Nvidia Quadro NVS420, Raid-1 Dual 1TB Sata 10000 rpm Hard Drives
Dual DVD Burners, IE10, Opera, MBAM, MBSB, MBAE


#5 Cheemag

Cheemag

    New Member

  • Members
  • Pip
  • 23 posts
  • Gender:Male
  • Location:English Region, European Union
  • Interests:Computing, radio.

Posted 17 April 2012 - 08:50 AM

You are quite welcome, should you have other questions or comments don't hesitate to ask....


I've determined that these occur only when Firefox is open and TcpView confirms that they are coming from
Firefox.

Must be an add-on. I'll try deleting them all and adding them one by one.

Regards,

cheemag
Regards,

Cheemag.

[Windows-7 Professional 64-bit]

#6 Firefox

Firefox

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 9,991 posts
  • Gender:Male
  • Location:USA

Posted 17 April 2012 - 01:24 PM

Great, I am glad to see your making progres....

post-2065-0-92797800-1392234217.jpg


Dell Precision T7500, Win7 Ultimate 64bit fully updated, McAfee Corp Edition v8.8,
Watchguard Firewall, Intel Xeon E5606CPU, Dual Quad Core Processors, 16GB Ram,
E5606 @ 2.13GHz, Nvidia Quadro NVS420, Raid-1 Dual 1TB Sata 10000 rpm Hard Drives
Dual DVD Burners, IE10, Opera, MBAM, MBSB, MBAE


#7 tetonbob

tetonbob

    Staff

  • Moderators
  • PipPipPipPipPip
  • 543 posts
  • Gender:Male

Posted 17 April 2012 - 03:44 PM

Do you use Adblock Plus addon with Fanboy's list?

http://forums.malwar...ndpost&p=543233
Bob Guryan
Product Support/Quality Assurance

staff.png

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users