Hi,
I’m a newbie, so please help me understand about AIS (installed Feb 27). Since last night, MalwareBytes’ AntiMalware popups say they are blocking 193.105.154.235 (a known malicious site). I put that IP in google and it says known threat, Latvia. Why isn’t the AIS firewall also blocking it from going out? The Firewall mode is work/medium risk even though it is a home only laptop. There are only 6 blocked entries on the “connection” since Feb 27–2 blocked for SearchFilterHost and 4 blocked for xpnetworkdiagnostics. The “activity” log is also quite limited–even though it re-configures network activity twice a day for MCO ADSL CBB Intel(R) PRO/100 VE, US, which I think has to do with my ATT DSL service.
In addition, even though WebRep has finally acknowledged in the past few days that I actually do have a browser installed, there is nothing coming up on google searches and the toolbar is grayed out.
Thanks for your assistance.
As to the blocking: obviously MBAM has intercepted this before it reached the Avast security layer. So if MBAM blocks it before Avast, Avast can’t block anything, simply because the attempt never reached Avast.
According to malzilla, that IP redirects to google?
Seems listed in HpHosts:
2 Matches for that IP → http://hosts-file.net/?s=193.105.154.235&view=matches
EMD is Malware Distribution.
Even checking these in Malzilla, still produce the google redirect?
I tried it and it redirected to google.
I asked Steven Burn of HpHosts/Hosts-File.net, and his reply was this:
These typically require specific referrers/user agents etc, and
additionally instead of blocking known vendors/researchers, will redir them
to Google instead.
So effectively it is harder for us to track where it actually goes.
He has also replied here: http://forums.malwarebytes.org/index.php?showtopic=83582
I have a couple of those domains that throw out the fake AV, and it is not detected by avast.
(throws out Fake AVs with names of about.exe/contacts.exe/info.exe/readme.exe/etc…)
http://www.virustotal.com/file-scan/report.html?id=7609d59b23d75197d834ee88b1f23481cf671f3f5d903749a2e8fd2a9afda6cc-1304366625
Sites/Files will be submitted to avast.