It looks like MBAM is doing its job, but I am a little bit concerned
about this. 'whois' reports that this is a server in the Ukraine, which
raises red flags. Does anyone have any suggestions on what to do to
track this down? Is there a way to see which program is making this
request?
| My mother's PC's MBAM is reporting...
| | 2012/02/05 12:00:12 -0500 DOGWOOD Denny IP-BLOCK 194.54.81.86 (Type:
| incoming)
| 2012/02/05 12:00:54 -0500 DOGWOOD Denny IP-BLOCK 194.54.81.86 (Type:
| outgoing)
| | It looks like MBAM is doing its job, but I am a little bit concerned
| about this. 'whois' reports that this is a server in the Ukraine, which
| raises red flags. Does anyone have any suggestions on what to do to
| track this down? Is there a way to see which program is making this
| request? | | Thanks,
What anti virus application is used in conjunction with MBAM ?
> It looks like MBAM is doing its job, but I am a little bit concerned
> about this. 'whois' reports that this is a server in the Ukraine, which
> raises red flags. Does anyone have any suggestions on what to do to
$ host 194.54.81.86
86.81.54.194.in-addr.arpa domain name pointer server9301.teamviewer.com
Have you installed teamviewer on that system?
Regards, Dave Hodgins
-- Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
>> It looks like MBAM is doing its job, but I am a little bit concerned
>> about this. 'whois' reports that this is a server in the Ukraine,
>> which raises red flags. Does anyone have any suggestions on what to
>> do to
*sigh*. Probably should report that to them. teamviewer shouldnt be blocked by default...
-- Character is doing the right thing when nobody's looking. There are too many people who think that the only thing that's right is to get by, and the only thing that's wrong is to get caught. - J.C. Watts
>| My mother's PC's MBAM is reporting...
>| >| 2012/02/05 12:00:12 -0500 DOGWOOD Denny IP-BLOCK 194.54.81.86 (Type:
>| incoming)
>| 2012/02/05 12:00:54 -0500 DOGWOOD Denny IP-BLOCK 194.54.81.86 (Type:
>| outgoing)
>| >| It looks like MBAM is doing its job, but I am a little bit concerned
>| about this. 'whois' reports that this is a server in the Ukraine, which
>| raises red flags. Does anyone have any suggestions on what to do to
>| track this down? Is there a way to see which program is making this
>| request? >| >| Thanks,
>What anti virus application is used in conjunction with MBAM ?
Avira free. I am running scans right now. I googled around for more info
on the MBAM IP-BLOCK and found some sample logs. Those MBAM logs showed
the process name somewhere after incoming/outgoing. I am wondering why I
didn't get that.
When my scans are complete I plan on shutting everything down and then
bringing the system back up without opening any other programs. Then I
will watch for the IP-BLOCKs. It seems like I saw them fairly quickly
after I first logged in to her PC, but they stopped happening within a
minute or so.
>> It looks like MBAM is doing its job, but I am a little bit concerned
>> about this. 'whois' reports that this is a server in the Ukraine, which
>> raises red flags. Does anyone have any suggestions on what to do to
>$ host 194.54.81.86
>86.81.54.194.in-addr.arpa domain name pointer server9301.teamviewer.com
>Have you installed teamviewer on that system?
AH-HA! Yes. I looked at the Windows firewall and noted that TeamViewer
was listed under 'exceptions'. But apparently not in MBAM. That explains
a lot.
>>> It looks like MBAM is doing its job, but I am a little bit concerned
>>> about this. 'whois' reports that this is a server in the Ukraine,
>>> which raises red flags. Does anyone have any suggestions on what to
>>> do to
>>>> It looks like MBAM is doing its job, but I am a little bit concerned
>>>> about this. 'whois' reports that this is a server in the Ukraine,
>>>> which raises red flags. Does anyone have any suggestions on what to
>>>> do to
>>*sigh*. Probably should report that to them. teamviewer shouldnt be >>blocked by default...
> Report to MBAM?
yep.
-- Character is doing the right thing when nobody's looking. There are too many people who think that the only thing that's right is to get by, and the only thing that's wrong is to get caught. - J.C. Watts
>>>>> It looks like MBAM is doing its job, but I am a little bit >concerned
>>>>> about this. 'whois' reports that this is a server in the Ukraine,
>>>>> which raises red flags. Does anyone have any suggestions on what to
>>>>> do to
>>>> Have you installed teamviewer on that system?
>>>> Regards, Dave Hodgins
>>>*sigh*. Probably should report that to them. teamviewer shouldnt be >>>blocked by default...
>> Report to MBAM?
>yep.
Done.
Thanks for your help. I believe I can manually mark that IP as an
exception, but if it only pops up when I remotely connect to her PC than
I am not going to bother. I'll let MBAM handle it.
On Sun, 05 Feb 2012 17:02:08 -0500, Dustin <bughunter.dus...@gmail.com> wrote:
> Dennis <nob...@nowhere.invalid> wrote in
> news:ghoti71hf4dumsvhuktnrep7ljmb17g33v@4ax.com: >>> *sigh*. Probably should report that to them. teamviewer shouldnt be
>>> blocked by default...
>> Report to MBAM?
> yep.
Depends on who installed teamviewer. If it's been intentionally
installed by the owner of the system, then it can be ignored. If
not, then the owner does need to be made aware that it has been
installed. In my opinion, it's a potentially un-wanted program.
Regards, Dave Hodgins
-- Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
>Depends on who installed teamviewer. If it's been intentionally
>installed by the owner of the system, then it can be ignored. If
>not, then the owner does need to be made aware that it has been
>installed. In my opinion, it's a potentially un-wanted program.
>Regards, Dave Hodgins
Then why do they ignore commercial key loggers that corporations use?
On Mon, 06 Feb 2012 14:02:51 -0500, Shadow <S...@dow.br> wrote:
> On Mon, 06 Feb 2012 07:44:06 -0600, Caesar Romano <S...@uce.gov>
> wrote:
>> On Sun, 05 Feb 2012 13:04:31 -0500, "David W. Hodgins"
>> <dwhodg...@nomail.afraid.org> wrote Re Re: MBAM IP-BLOCK:
>>> $ host 194.54.81.86
>>> 86.81.54.194.in-addr.arpa domain name pointer server9301.teamviewer.com
>> Say, that's a nice program. May I ask where you got it?
> It's linux, and very expensive. There is a free trial here:
> http://centralops.net/co/DomainDossier.aspx
Lol! :-) Didn't occur to me that Caesar was referring to the
host command. I also assumed he was referring to the teamviewer
program.
In windows, you can use the nslookup command, as in ...
C:\>nslookup 194.54.81.86
*** Can't find server name for address 192.168.20.101: No response from server
Server: ns1.ody.ca
Address: 216.240.0.1
-- Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
>> Depends on who installed teamviewer. If it's been intentionally
>> installed by the owner of the system, then it can be ignored. If
>> not, then the owner does need to be made aware that it has been
>> installed. In my opinion, it's a potentially un-wanted program.
>> Regards, Dave Hodgins
> Then why do they ignore commercial key loggers that corporations use?
IMO, such a program loses all of its claim to legitimacy if it offers a way to install it surreptitiously. Both keyloggers and RATs are legitimate programs when installed with the administrators blessing.
FromTheRafters wrote: >> Then why do they ignore commercial key loggers that corporations use?
>IMO, such a program loses all of its claim to legitimacy if it offers a >way to install it surreptitiously. Both keyloggers and RATs are >legitimate programs when installed with the administrators blessing.
I agree, but I also would like to know about it in the scan.
>> Then why do they ignore commercial key loggers that corporations use?
| IMO, such a program loses all of its claim to legitimacy if it offers a | way to install it surreptitiously. Both keyloggers and RATs are | legitimate programs when installed with the administrators blessing.
David H. Lipman wrote: >From: "FromTheRafters" <erra...@nomail.afraid.org>
>>> Then why do they ignore commercial key loggers that corporations use?
>| IMO, such a program loses all of its claim to legitimacy if it offers a >| way to install it surreptitiously. Both keyloggers and RATs are >| legitimate programs when installed with the administrators blessing.
>And the EULA defines its capabilities properly.
What this? Standard CYA,stuff. Where does it get specific?
Warranties and Damages
16. Malwarebytes makes no warranty about the quality of the Software or
its ability to eliminate any specific malware threats.
17. Malwarebytes makes no warranty as to the completeness of the
Database or protection modules.
18. Malwarebytes makes no warranty concerning the comparison of the
Software to any similar software or any industry standard.
19. Malwarebytes makes no warranty about the compatibility of the
Software with any other software or hardware.
20. Malwarebytes does not give any warranty in relation to
non-infringement of intellectual property rights.
21. Malwarebytes makes no warranty about the availability of its
customer service representatives or their ability to solve any malware
or other computer issues.
>>>> Then why do they ignore commercial key loggers that corporations use?
>|> IMO, such a program loses all of its claim to legitimacy if it offers a
>|> way to install it surreptitiously. Both keyloggers and RATs are
>|> legitimate programs when installed with the administrators blessing.
>> And the EULA defines its capabilities properly.
> What this? Standard CYA,stuff. Where does it get specific?
> Warranties and Damages
> 16. Malwarebytes makes no warranty about the quality of the Software or
> its ability to eliminate any specific malware threats.
> 17. Malwarebytes makes no warranty as to the completeness of the
> Database or protection modules.
> 18. Malwarebytes makes no warranty concerning the comparison of the
> Software to any similar software or any industry standard.
> 19. Malwarebytes makes no warranty about the compatibility of the
> Software with any other software or hardware.
> 20. Malwarebytes does not give any warranty in relation to
> non-infringement of intellectual property rights.
> 21. Malwarebytes makes no warranty about the availability of its
> customer service representatives or their ability to solve any malware
> or other computer issues.
There are legitimate kleyloggers. If the product surreptitiously and it is a EULA that covers the actions it takes then it is not malwware.
Any questions, post on the Malwarebytes forum and ask .
>There are legitimate kleyloggers. If the product surreptitiously and it is a EULA that >covers the actions it takes then it is not malwware.
Kind of awkward if my son or his buddies plant a "legitimate
Keylogger" on my PC when I'm out. (Thank goodness, he does not have
the capabilities, he's in his last year at Computer Science at
University, and seems to think software installing is something techs
should study kkkkkkkkkkkkkk)
Companies in all fairness should inform employees that
keyloggers are planted for security reasons.
Malwarebytes should have a "Keylogger" section, with warnings
that if the Keylogger is detected, it should not be removed, unless
the user has legal rights to do so on that computer. But the user
should be allowed to know.
IMHO
[]'s
>>> Then why do they ignore commercial key loggers that corporations use?
>> IMO, such a program loses all of its claim to legitimacy if it offers a
>> way to install it surreptitiously. Both keyloggers and RATs are
>> legitimate programs when installed with the administrators blessing.
> I agree, but I also would like to know about it in the scan.
Agreed, especially since a miscreant could conceivably install legitimate software surreptitiously if he or she had the access and sufficient privileges.
The thing is, how to make it so the target being legitimately under surveillance (or remote administration/control) doesn't see the *warning*.
