Newb

IP Blocked on outgoing - avastsvc.exe

8 posts in this topic

2013/02/15 18:39:10 -0800 -PC MESSAGE Executing scheduled update: Daily

2013/02/15 18:39:11 -0800 -PC MESSAGE Database already up-to-date

2013/02/15 18:39:13 -0800 -PC MESSAGE Starting protection

2013/02/15 18:39:13 -0800 -PC MESSAGE Protection started successfully

2013/02/15 18:39:13 -0800 -PC MESSAGE Starting IP protection

2013/02/15 18:39:14 -0800 -PC MESSAGE IP Protection started successfully

2013/02/15 19:20:24 -0800 -PC IP-BLOCK 50.62.128.39 (Type: outgoing, Port: 52015, Process: avastsvc.exe)

2013/02/15 19:20:24 -0800 -PC IP-BLOCK 50.62.128.39 (Type: outgoing, Port: 52016, Process: avastsvc.exe)

------------------------------------------------------------------------------------------------------------------------------------------

Currently on my 14-day trial for MalwareBye Pro. I am planning to buy MalwareByte Pro. I wanted to see if Avast is compatible with MBP.(I've been told it is compatible. However I don't want to exclude either/or program at this time. In the serious rare event I get infected, Avast or MBP might be compromised.)

I'm still learning about what is what. Having spent a chunk of my time on google. What does IP-BLOCK 50.62.128.39 (Type: outgoing, Port: 52016, Process: avastsvc.exe) mean exactly?

Does it mean that ip was blocked (un-safe redirect)? or was Avast going to block it and MBP did it first.

Share this post


Link to post
Share on other sites

2013/02/15 19:45:48 -0800 -PC IP-BLOCK 50.62.128.121 (Type: outgoing, Port: 58295, Process: avastsvc.exe)

2013/02/15 19:45:48 -0800 -PC IP-BLOCK 50.62.128.121 (Type: outgoing, Port: 58296, Process: avastsvc.exe)

Share this post


Link to post
Share on other sites

It means that something running on your computer is trying to access that IP but it's in our database of IP blocks. Due to how avast is a lower level antivirus driver it intercepts the call before we do so it shows the process as avast but that is not the cause.

Do you run some type of Peer2Peer software such as uTorrent or similar on the system or maybe even Skype?

If you're uncertain then its probably best that someone helps you to scan your system for a possible infection. If you like you can run the following scanner too and we'll take a peek and see if we can find anything obvious that might be causing the block.

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.


    When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt
    You can ignore the note about zipping the Attach.txt file in most cases.

Share this post


Link to post
Share on other sites

ID: 4   Posted (edited)

I'm currently not on skype. I was on

http://www.neobux.com/?rh=4D72576F6C666965

That is a site that pays you to click on advertisements. Could that be the issue?

Edited by AdvancedSetup
removed hyperlink

Share this post


Link to post
Share on other sites

Not the site directly but possibly from that sort of Web behavior as much of that type of marketing will get you infected sooner or later it's just a matter of time.

Going directly to that site does not get a block for me from MBAM and that is not their listed IP. I show it as: 194.28.158.156

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into this if you're concerned.

Thanks

Share this post


Link to post
Share on other sites

Well the actual site is clean. They host outside links that people pay to place onto their site. It's possible some of the outside links are infected. I'm doing this, not for profit or for revenue. I'm clicking and re-investing all the money back into NeoBux. At the end of each year. I give all proceed to a friend in need or in financial trouble. It's not something I can stop.. Although, I did figure not all of the links were clean.

Share this post


Link to post
Share on other sites

I will take into account of what you said. As you are more knowledgeable than me in this area. Maybe I should move onto a safer alternative. Such as surveys.

Share this post


Link to post
Share on other sites

It's up to you but if you do want to participate in this you might want to consider using a Virtual Machine that you can create SnapShots on and if the box does get infected you can easily restore it back to a point in time when it was clean.

Oracle VM VirtualBox

Best wishes and if you do need further assistance please let us know.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.