Malwarebytes keeps blocking a malicous IP, outgoing

[Julie Bove]

I know that this happened before but I can't remember why. And now it's
happening again. Really annoying because I am going to known websites. How
can I stop this?

[Paul]

"Malwarebytes keeps blocking an IP address?"

http://answers.yahoo.com/question/index?qid=20091023200702AADBXYE

It could be something minor, as the original poster in that
question discovered.

One of the other answerers, is basically claiming that Malwarebytes
blocks ranges of IP addresses. It's either that, or perhaps
Malwarebytes is subscribing to one of the services that collects
"bad guy" lists. A couple of the search engines keep their own lists,
and there are sites like siteadvisor.com (McAfee). Here, I'm testing
"google.com" to see if it is safe :-) So this is site specific, rather
than just blacklisting the ISP or host providing their services.

http://www.siteadvisor.com/sites/google.com

I see that when I re-tried a site I searched for, a while ago,
siteadvisor had not indexed or tested it. So when that web server
has no information on a web site, there's no guarantee they'll ever
check it. I guess more than one person has to do a query, before
they waste the (automated) effort.

*******

To answer your question, you figure out how your machine has
been (very slightly) compromised. Maybe it's just something
updating cookies.

I use a packet sniffer (which would be a way to see what
conversations might be getting Malwarebytes upset), and
such a tool offers no guarantees about anything. Malware
could modify the response of such a tool, with great ease
(since the number of packet sniffer programs isn't that large,
and source is probably available for this one).

The packet sniffer collects a log of IP addresses visited.
I can sort of backtrack through that log, for the last couple
hours surfing, and sometimes figure out what's been happening.
A lot of the scummy activity on the web now,
the people behind it use providers like Akamai, and then the
node names are pretty well meaningless. So the odds of
seeing something in such a log, that answers your question,
is strictly limited. Still, I keep running mine, in the hope
that if my machine is compromised some day, I can at least
trace back to T=0 and figure out what site is hosting the
stuff (to warn others).

http://en.wikipedia.org/wiki/Wireshark

At one time, that tool was very easy on CPU. Now, I find it
using maybe 5-7% in the background, and I don't know why
it is doing that. It should really be event based, and
there should only be a tiny bit of activity, when a
packet is sent or received. I don't know why it's chewing
up cycles. But it's certainly better than just wondering
why the network light is flashing on the router. I don't like
to see flashing, that I can't account for.

Paul

[Julie Bove]

"Paul" <nos...@needed.com> wrote in message
news:kkocpq$1p5$1...@dont-email.me...

Thanks! I think the last time this happened, I merely updated the
Malwarebytes database and it cured the problem. But I can't remember who
told me to do that. I did try it last night and it didn't help. But I did
it again just a little while ago and it seems like it is no longer doing it.
I will look into the packet sniffer.

[Paul]

There is this report. I noticed this when checking
the daily news here. This doesn't sound like your problem,
but the fact this happened Wednesday might not be a
coincidence.

http://www.theinquirer.net/inquirer/news/2262248/flawed-malwarebytes-security-update-wipes-out-thousands-of-computers

Paul

[Julie Bove]

"Paul" <nos...@needed.com> wrote in message

news:kkoh7o$sbc$1...@dont-email.me...

Oh wow! That doesn't look good. But I don't think it is my problem. I
actually started having problems about a week prior to this but not the same
problems. And the problem does continue although I am not getting that
popup as frequently as I was before. Thanks!

[Julie Bove]

"Julie Bove" <juli...@frontier.com> wrote in message
news:kkpv64$bsa$1...@dont-email.me...

Whatever this was, it resolved itself. But... I do think that it somehow
related to some banner ad.