MalwareBytes Professional, Kaspersky blocking something

Topic

New Reply

I use Kaspersky and MawareBytes Professional with Windows 8.1 all updates. I keep getting this notice of blocking this one site-66.70.34.103 which is Data Pipes from New Jersey, nothing I have contact with that I am aware of. It is being blocked apparently, but it keeps dinging about every 5 minutes tonight. Is there any way to stop it completely? Thanks
Ken Hess

Reply | Quote

Replies

Which is blocking the site – Kaspersky or Malwarebytes? I use MBAMpremium, one can exclude certain site in the settings’ Web Exclusion menu. Apparently one of your desired web sites uses Data Pipes somehow somewhere…

"Take care of thy backups and thy restores shall take care of thee." Ben Franklin, revisted

Reply | Quote

…one can exclude certain site in the settings’ Web Exclusion menu.

In this individual case that action may be premature and potentially harmful.

https://www.malwarebytes.org/support/guides/mbam/WebExclusions.html

It must first be ascertained if the Malicious Website Protection module block notices are incoming or outgoing.

If incoming, a Malwarebytes Anti-Malware (MBAM) Web Exclusion (in this case 66.70.34.103) could be deleterious as that IP address has been reported as malicious to Malwarebytes’ subsidiary organization (hpHosts) and therefore MBAM’s Malicious Website Protection module is doing its job correctly for oldgeezer75. When unsuccessful, these intrusion attempts may eventually subside and/or stop.

If outgoing, a task within oldgeezer75’s system is attempting to establish an Internet connection with a likely malicious source and again MBAM’s Malicious Website Protection module is doing its job. Furthermore, oldgeezer75 would then do well to have the source, within their system, located as the task is likely to have malevolent intent.

Reply | Quote

I am not clear on how to determine whether it is incoming or outgoing and how can I check on that? Thank you
Ken Hess

Reply | Quote

I am not clear on how to determine whether it is incoming or outgoing and how can I check on that? Thank you

[*]Please open the Malwarebytes Anti-Malware 2.x (MBAM2) Graphical User Interface (GUI).
[*]Single left-click History.
[*]Single left-click Application Logs.
[*]Left double-click the Protection Log pertaining to the date when the Malicious Website Protection notice(s) were seen.
[*]Single left-click Export button, and single left-click the Text file (*.txt) choice from the pull-down menu.
[*]Type Malicious in the File name: box, then single left-click Desktop, and single left-click the Save button.
[*]The MBAM2 GUI may now be closed.
[*]Please Attach the Malicious.txt file, from the Desktop, to your next reply in this thread.

…or, you may Copy/Paste the full width of those pertinent text lines from the relevant Protection Log(s) into your next reply here.

Reply | Quote

I am not clear on how to determine whether it is incoming or outgoing and how can I check on that? Thank you
Ken Hess

I too, today, found the following in WEB EXCLUSIONS:
Domain: 20d625b48e.se
Domain: http://www.20d625b48e.se

I looked up the “.se” and found that it was for Sweden.
I don’t do anything with Sweden.

I poked around MBAM’s forum and didn’t find anything under “exclusions” or this domain address.

Is this an incoming or outgoing exclusion? Should it be removed?

Since my question follows the OP’s question “How do you know if it’s incoming or outgoing.” I thought it might be pertinent, rather than a hi-jack.
Thanks,
Paul

Reply | Quote

… Is this an incoming or outgoing exclusion? Should it be removed?

Some additional clarification might help.

Please read the procedure(s) in post #11 above and post the text file as an attachment or Copy/Paste the relevant line(s) from your protection log(s).

… or did you find that the URL you discovered was already entered here: http://www.malwarebytes.org/support/guides/mbam/WebExclusions.html ???

Thank you.

Reply | Quote

Hi, oldgeezer75.
Do you have a Superfish infection? Or, have you recently removed Superfish?
That IP address has been associated with Superfish in the news lately.

RockE

Image or Clone often! Backup, backup, backup, backup......
- - - - -
Home Built: Windows 10 Home 64-bit, AMD Athlon II X3 435 CPU, 16GB RAM, ASUSTeK M4A89GTD-PRO/USB3 (AM3) motherboard, 512GB SanDisk SSD, 3 TB WD HDD, 1024MB ATI AMD RADEON HD 6450 video, ASUS VE278 (1920x1080) display, ATAPI iHAS224 Optical Drive, integrated Realtek HD Audio

Reply | Quote

…ahhhh, something was fishy here…about that IP address 🙂

"Take care of thy backups and thy restores shall take care of thee." Ben Franklin, revisted

Reply | Quote

See this WSL thread

Reply | Quote

You could, if you want, re-direct any attempts to 66.70.34.103 by amending your hosts file to 127.0.0.1.

easy peasy lemon squeezy 🙂

Hope this helps…

Reply | Quote

In searching Regedit, I found 2 instances of superfish and deleted them. I will see if that makes a difference. Also I will pay more attention to what program is bringing that incident up.

Reply | Quote

In searching Regedit, I found 2 instances of superfish and deleted them. I will see if that makes a difference. Also I will pay more attention to what program is bringing that incident up.

The following is an excellent source for Superfish removal:

https://forums.malwarebytes.org/index.php?/topic/165116-removal-instructions-for-superfish/

Reply | Quote

39982-MBAM-03-24-15

I found the “.se” domain already posted in the “Web Exclusions” as per your example. Since I didn’t put it there and now I understand that it’s purpose is to cause MBAM to not check that webpage, it appears that whoever put it there doesn’t want MBAM to check this website/domain if/when I might be re-directed there.

This sounds like a way for an invader to defeat MBAM? Or am I missing something?

I ran a Full Scan by MBAM. I have McAfee Live Safe (installed OEM by DELL) and I forced it to run a Full Scan (it never finds anything). I ran ESET online scanner (took 5 hours because it also examined the external USB bakup drive) and I ran the free Kapersky scanner. Nothing found.

I followed #11 and found quite a few Protection Logs for 03-24-15 where MBAM started, stopped, failed. See attached sample.

Reply | Quote

Hello PointFive:

Reference: https://www.malwarebytes.org/support/guides/mbam/AdvancedSettings.html – Enable self-protection module (SPM)

Ticking the above will enable one of MBAM’s key features in protecting itself, and ultimately your system. Subsequently, SPM will need to be unticked to make various changes in MBAM.

Please also consider the following scenario; a brief Malicious Website Blocked notice rises into your view in the lower right-hand corner of your display with a button inviting you to “Exclude Website”. Some users have clicked this warning believing it is always a good thing. In general, the best thing to do is allow the message box to self-expire and investigate what is causing the message to occur in the first place.

HTH 🙂

Reply | Quote