Jump to content


Photo
- - - - -

mpnotify.exe IP-block every few seconds


  • This topic is locked This topic is locked
3 replies to this topic

#1 mauritius

mauritius

    New Member

  • Members
  • Pip
  • 1 posts

Posted 26 June 2012 - 10:21 AM

Today my tooltip balloon popped up very often. I checked my Malwarebytes log and saw that "mpnotify.exe" tries to make an outgoing connection.
It starts with port 49385 and jumps to the next after a few seconds.
It tries to connect to IP 208.91.197.101.
A full scan with both Malwarebytes and McAfee gave no result.
Can somebody tell me what is going on?

Below an example of a part of the log file.


2012/06/26 16:50:46 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49385, Process: mpnotify.exe)
2012/06/26 16:50:46 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49386, Process: mpnotify.exe)
2012/06/26 16:50:46 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49387, Process: mpnotify.exe)
2012/06/26 16:50:46 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49388, Process: mpnotify.exe)
2012/06/26 16:50:54 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49388, Process: mpnotify.exe)
2012/06/26 16:50:54 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49389, Process: mpnotify.exe)
2012/06/26 16:50:54 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49390, Process: mpnotify.exe)
2012/06/26 16:50:54 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49391, Process: mpnotify.exe)
2012/06/26 16:51:02 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49479, Process: mpnotify.exe)
2012/06/26 16:51:02 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49483, Process: mpnotify.exe)
2012/06/26 16:51:02 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49488, Process: mpnotify.exe)
2012/06/26 16:51:02 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49491, Process: mpnotify.exe)
2012/06/26 16:51:10 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49494, Process: mpnotify.exe)
2012/06/26 16:51:10 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49495, Process: mpnotify.exe)
2012/06/26 16:51:10 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49496, Process: mpnotify.exe)
2012/06/26 16:51:10 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49497, Process: mpnotify.exe)
2012/06/26 16:51:18 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49498, Process: mpnotify.exe)
2012/06/26 16:51:18 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49499, Process: mpnotify.exe)
2012/06/26 16:51:18 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49500, Process: mpnotify.exe)
2012/06/26 16:51:18 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49501, Process: mpnotify.exe)
2012/06/26 16:51:26 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49502, Process: mpnotify.exe)
2012/06/26 16:51:26 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49503, Process: mpnotify.exe)
2012/06/26 16:51:26 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49504, Process: mpnotify.exe)
2012/06/26 16:51:26 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49505, Process: mpnotify.exe)
2012/06/26 16:51:34 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49506, Process: mpnotify.exe)
2012/06/26 16:51:34 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49507, Process: mpnotify.exe)
2012/06/26 16:51:34 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49508, Process: mpnotify.exe)
2012/06/26 16:51:34 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49510, Process: mpnotify.exe)
2012/06/26 16:51:42 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49511, Process: mpnotify.exe)
2012/06/26 16:51:42 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49512, Process: mpnotify.exe)
2012/06/26 16:51:42 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49514, Process: mpnotify.exe)
2012/06/26 16:51:42 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49515, Process: mpnotify.exe)
2012/06/26 16:51:50 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49516, Process: mpnotify.exe)
2012/06/26 16:51:50 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49519, Process: mpnotify.exe)
2012/06/26 16:51:50 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49520, Process: mpnotify.exe)
2012/06/26 16:51:50 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49521, Process: mpnotify.exe)
2012/06/26 16:51:59 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49522, Process: mpnotify.exe)
2012/06/26 16:51:59 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49523, Process: mpnotify.exe)
2012/06/26 16:51:59 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49525, Process: mpnotify.exe)
2012/06/26 16:51:59 +0200 MARC Marc IP-BLOCK 208.91.197.101 (Type: outgoing, Port: 49526, Process: mpnotify.exe)

#2 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 906 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 27 June 2012 - 11:41 AM

Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.




Download OTL to your Desktop.
  • Double click on the icon to run it.
  • Under the Posted Image box paste this in
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
/md5start
services.exe
user32.dll
/md5stop
CREATERESTOREPOINT
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please post both logfiles in your next reply.

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#3 Larusso

Larusso

    Selecta Jahrusso

  • Experts
  • PipPipPipPipPip
  • 906 posts
  • Gender:Male
  • Location:Austria
  • Interests:Dancehall DJing, Fighting against Babilon, Bodybuilding

Posted 02 July 2012 - 04:11 AM

Hy there

If I don't hear from you within 24 hours, this topic will be closed.

regards, Daniel

There will never be peace in a war so I don't understand what they are fighting for

I'll always help for free but if you want to support me in my fight against malware, please btn_donate_SM.gif
 


#4 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 04 July 2012 - 10:42 AM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users