Hey there,
Around a day ago, Avast detected a rather bizarre connection, citing a malware object originating from/named “https://131.253.61.66”. I went ahead and did a fair amount of research on it, only to find that this IP has (supposed) connections with Microsoft. The detection was persistent until 2 or 3 restarts later (I would provide a copy of the object itself, but it seems to have gone missing - any and all trace [logs, virus chest object] seems to have disappeared).
For a bit more background information on this, take a look at this bleepingcomputer post that I created whilst the "infection"was still reletively fresh.
For contingency, here what the original post stated:
Hey there fellow bleepers,I was wondering if could receive your opinion on whether or not one of my computers is infected - it seems that every time I connect to my home internet connection, avast proceeds to block a malware object named “https://131.253.61.66”. After doing a small amount of research, I found that this specific IP is (more or less) associated with microsoft; is it possible that this is a legit connection being recognized as a false positive?
Some other information:
P2P windows updates are disabled.
This computer is connected via VPN 99% of the time.
Rkill, adwcleaner, and a quick MBAM scan all came back clean (logs for the first two are available if necessary).
OS is Win10 Professional, 64-bit.
Thanks!