Results 1 to 3 of 3
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Grand Ledge, MI, USA
    Posts
    9
    Thanks
    0
    Thanked 0 Times in 0 Posts

    MalwareBytes false positive?

    My paid Pro version of MalwareBytes keep notifying me it is blocking access to a certain IP address -
    here's the log entry:
    IP-BLOCK 204.51.78.248 (Type: outgoing, Port: 49569, Process: firefox.exe)

    I ran the IP on VirusTotal and it's apparently a clean site, so I'm not sure what's going on here.
    I'd be a bit hesitant to disable MBAM and see what's at that address. A full scan earlier today removed
    "Trojan.Tracur,' will rerun the scan. I'm also using MS Security Essentials, along with OpenDNS on my
    router. I don't usually get this kind of hassle, so I'm wondering if contacting that IP is something Firefox does
    during regular use.

    geobytes.com says it's in Miami, FL but I'm fishing for more information.
    http://www.geobytes.com/IpLocator.ht...=204.51.78.248

    A reverse IP lookup at domaintz.com has this:

    Any clues? Thanks for the help!

    Jim

  2. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts
    Have you checked with the Malwarebytes Forums?

    Joe

  3. #3
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    Allow MBAM to permanently block the IP and rerun the scan from safemode too, if you havn't already.
    I don't think anyone could say it's a fales posative, especially since you reportedly removed a known redirect trojan.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •