Can I Ask for Help?

Okay I Just recently activated a Malware bytes trial to the full version and its continuously blocking a website, should I ask there for help? I ran scans with both Avast and MBAM
I have managed to type down the website can anyone confirm whats happening?

89.28.31. 1 95 is what pops up as the address, came up as soon as I opened internet explorer, start page google

Forget it, Malware Bytes is popping up false possitives like ninety on both my systems… I find it hard to believe they’re both blocking malicious sites as when I went to one site I know is not infected it blocked it and said it stop potentially harmful site

Can anyone just help confirm this for me, because on my secondary, when it was turned on even before internet explorer or any browser was open it was saying its blocking websites, and my avast and mbam are both running clean, Is this a bug? Because it sure is starting to spook me…
It’s stating that there is both incoming and out going attempts that are being blocked.
popping up frequently at least once every ten minutes.
89.2 8.31. 1 95 ran clean on virus total so i’m at a loss to why its being blocked, further more why its blocking sites when inactive…

The IP address you gave is incorrect as there should be no spaces in it, but if it is 89.2 8.31.195 then there is a possibility that MBAM considers it malicious, unless you are connecting to a site in Moldova.

Yes, there is no spaces, I wasn’t sure whether it was infected so I broke it up for protection.
I received and am still receiving blocks even with an idle connection… No browser or any internet resource was openned or IS open when these come in.

I have the same problem :stuck_out_tongue: Even when I don’t have my browser open… So chances are that it’s a false positive :stuck_out_tongue:

Well I would certainly be concerned if for no other reason than you aren’t connected. well browsing and since it is a moldova IP.

You mention “No browser or any internet resource was openned or IS open when these come in.” That puts an entirely different spin on things if this is only inbound and not outbound.

So please post some examples from the MBAM Protection log.

What is your firewall on this system ?

A dangerous assumption to make, given the location of the IP, which you should always check out.

There are lots of port scanning attempts out there trying to find IP addresses that have computers attached and more so that answer any ping or port scan attempts (not stealthed).

Once they find an IP with a computer, then you are likely to get more detailed/directed attention as they try to run any exploit, etc. in the hope of getting into the computer.

Now that I read this, I think you’re right and I was really wrong to say what I said~ :-[
After all, an antivirus is just an antivirus and interprets things in how it was constructed to interpret stuffy~
I just checked my Malwarebytes log and found a massive log of blocked IPs. Maybe I was really at risk? But it stopped so I guess it’s done and over with now… ;D

Well I would also say that if you have a half decent firewall these port scans should go unanswered, effectively keeping the system stealthed. If it is then I don’t see how MBAM is able to record any inbound connection attempt from external IPs.

On my win7 netbook with mbam pro, my daily protection logs basically consisted of it being updated and zero IP protection entries. Mind you a) it isn’t used as much and b) it is obviously behind the wifi router and modem, so I don’t know if that has an effect.

Okay, I have Avast Free on my secondary fully updated which I just remembered does not offer a firewall. So just the default windows firewall is in place on the XP Professional based machine.
The connections are not just outbound, they are inbound also and its frequent, well it was a lot more frequent last night. I am definentely suspicious because MBAM is such a great scanner I trust it knows what its talking about.

you could always post an OTS log and let Essexboy have a look inside…

Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

Run OTS with these items ticked off?

Just like this ;D

Download OTS to your Desktop and double-click on it to run it

[*]Make sure you close all other programs and don’t use the PC while the scan runs.
[*]Select All Users
[*]Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

[*]Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

[*]Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Please attach the log in your next post.

Ok scan is running and in the mean time here is a picture of the blocked site just as my computer was turned on. No browser open.

OTS Log attached

aswMBR blue screened my computer when scanning drivers with the message IRQ_NOT LESS_OR EQUAL

Could you run aswMBR from safe mode please… I believe it is chatango trying to connect, so I will remove the run entry and see if that cures it

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Chatango" -> C:\Program Files\Chatango\Chatango.exe [C:\Program Files\Chatango\Chatango.exe]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.]
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
  

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

OTS LOG Attached.
When Spyware terminator started downloading updates it went crazy, the when internet explorer was opened to Avast.com I got four consecutive blocks.

When Spyware terminator started downloading updates it went crazy
I wonder if the definitions were encrypted

Upgraded to Vista, at peace, Thanks Essexboy