AIS not blocking outgoing for a known threat

Hi,
I’m a newbie, so please help me understand about AIS (installed Feb 27). Since last night, MalwareBytes’ AntiMalware popups say they are blocking 193.105.154.235 (a known malicious site). I put that IP in google and it says known threat, Latvia. Why isn’t the AIS firewall also blocking it from going out? The Firewall mode is work/medium risk even though it is a home only laptop. There are only 6 blocked entries on the “connection” since Feb 27–2 blocked for SearchFilterHost and 4 blocked for xpnetworkdiagnostics. The “activity” log is also quite limited–even though it re-configures network activity twice a day for MCO ADSL CBB Intel(R) PRO/100 VE, US, which I think has to do with my ATT DSL service.

In addition, even though WebRep has finally acknowledged in the past few days that I actually do have a browser installed, there is nothing coming up on google searches and the toolbar is grayed out.

Thanks for your assistance.

As to the blocking: obviously MBAM has intercepted this before it reached the Avast security layer. So if MBAM blocks it before Avast, Avast can’t block anything, simply because the attempt never reached Avast.
:smiley:

According to malzilla, that IP redirects to google?

Seems listed in HpHosts:
2 Matches for that IP → http://hosts-file.net/?s=193.105.154.235&view=matches

EMD is Malware Distribution.

Even checking these in Malzilla, still produce the google redirect?

I tried it and it redirected to google.

I asked Steven Burn of HpHosts/Hosts-File.net, and his reply was this:

These typically require specific referrers/user agents etc, and additionally instead of blocking known vendors/researchers, will redir them to Google instead.

So effectively it is harder for us to track where it actually goes.

He has also replied here: http://forums.malwarebytes.org/index.php?showtopic=83582

I have a couple of those domains that throw out the fake AV, and it is not detected by avast.
(throws out Fake AVs with names of about.exe/contacts.exe/info.exe/readme.exe/etc…)
http://www.virustotal.com/file-scan/report.html?id=7609d59b23d75197d834ee88b1f23481cf671f3f5d903749a2e8fd2a9afda6cc-1304366625

Sites/Files will be submitted to avast.