Results 1 to 15 of 15
  1. #1
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Rochester, MN USA
    Posts
    141
    Thanks
    83
    Thanked 2 Times in 2 Posts

    MalwareBytes Professional, Kaspersky blocking something

    I use Kaspersky and MawareBytes Professional with Windows 8.1 all updates. I keep getting this notice of blocking this one site-66.70.34.103 which is Data Pipes from New Jersey, nothing I have contact with that I am aware of. It is being blocked apparently, but it keeps dinging about every 5 minutes tonight. Is there any way to stop it completely? Thanks
    Ken Hess

  2. #2
    Silver Lounger RolandJS's Avatar
    Join Date
    Dec 2009
    Location
    Austin metro area TX USA
    Posts
    1,722
    Thanks
    95
    Thanked 126 Times in 123 Posts
    Which is blocking the site - Kaspersky or Malwarebytes? I use MBAMpremium, one can exclude certain site[s] in the settings' Web Exclusion menu. Apparently one of your desired web sites uses Data Pipes somehow somewhere...
    "Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited.
    http://collegecafe.fr.yuku.com/forum...-Technologies/

  3. The Following User Says Thank You to RolandJS For This Useful Post:

    oldgeezer75 (2015-03-24)

  4. #3
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    Paducah, Kentucky
    Posts
    420
    Thanks
    37
    Thanked 67 Times in 64 Posts
    Hi, oldgeezer75.
    Do you have a Superfish infection? Or, have you recently removed Superfish?
    That IP address has been associated with Superfish in the news lately.

    RockE

  5. The Following User Says Thank You to RockE For This Useful Post:

    oldgeezer75 (2015-03-24)

  6. #4
    Silver Lounger RolandJS's Avatar
    Join Date
    Dec 2009
    Location
    Austin metro area TX USA
    Posts
    1,722
    Thanks
    95
    Thanked 126 Times in 123 Posts
    ...ahhhh, something was fishy here...about that IP address
    "Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited.
    http://collegecafe.fr.yuku.com/forum...-Technologies/

  7. #5
    WS Lounge VIP Coochin's Avatar
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    2,153
    Thanks
    31
    Thanked 306 Times in 266 Posts
    Computer Consultant/Technician since 1998 (first PC was Atari 1040STE in 1988).
    Most common computing error is EBKAC: Error Between Keyboard And Chairback
    AMD FX8120 (8-core @ 3.1GHz) CPU, Gigabyte GA-990FXA-D3 motherboard, 8GB (2x4GB) DDR3 1866MHz RAM, ATI-AMD Radeon HD6770 PCI-E VGA, 480GB Kingston SSD, 2TB Seagate SATA3.0 HDD, ASUS DVD/RW.

  8. The Following User Says Thank You to Coochin For This Useful Post:

    oldgeezer75 (2015-03-24)

  9. #6
    Super Moderator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    2,140
    Thanks
    101
    Thanked 579 Times in 464 Posts
    You could, if you want, re-direct any attempts to 66.70.34.103 by amending your hosts file to 127.0.0.1.

    easy peasy lemon squeezy

    Hope this helps...
    Last edited by Rick Corbett; 2015-03-23 at 00:15.

  10. The Following User Says Thank You to Rick Corbett For This Useful Post:

    oldgeezer75 (2015-03-24)

  11. #7
    2 Star Lounger 1PW's Avatar
    Join Date
    Feb 2011
    Location
    North of the 38th parallel.
    Posts
    131
    Thanks
    26
    Thanked 46 Times in 28 Posts
    ...one can exclude certain site[s] in the settings' Web Exclusion menu.
    In this individual case that action may be premature and potentially harmful.

    https://www.malwarebytes.org/support...xclusions.html

    It must first be ascertained if the Malicious Website Protection module block notices are incoming or outgoing.

    If incoming, a Malwarebytes Anti-Malware (MBAM) Web Exclusion (in this case 66.70.34.103) could be deleterious as that IP address has been reported as malicious to Malwarebytes' subsidiary organization (hpHosts) and therefore MBAM's Malicious Website Protection module is doing its job correctly for oldgeezer75. When unsuccessful, these intrusion attempts may eventually subside and/or stop.

    If outgoing, a task within oldgeezer75's system is attempting to establish an Internet connection with a likely malicious source and again MBAM's Malicious Website Protection module is doing its job. Furthermore, oldgeezer75 would then do well to have the source, within their system, located as the task is likely to have malevolent intent.
    Last edited by 1PW; 2015-03-26 at 04:08.

  12. The Following 3 Users Say Thank You to 1PW For This Useful Post:

    oldgeezer75 (2015-03-24),RolandJS (2015-03-24),satrow (2015-03-23)

  13. #8
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Rochester, MN USA
    Posts
    141
    Thanks
    83
    Thanked 2 Times in 2 Posts
    In searching Regedit, I found 2 instances of superfish and deleted them. I will see if that makes a difference. Also I will pay more attention to what program is bringing that incident up.

  14. #9
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Rochester, MN USA
    Posts
    141
    Thanks
    83
    Thanked 2 Times in 2 Posts
    I am not clear on how to determine whether it is incoming or outgoing and how can I check on that? Thank you
    Ken Hess

  15. #10
    2 Star Lounger 1PW's Avatar
    Join Date
    Feb 2011
    Location
    North of the 38th parallel.
    Posts
    131
    Thanks
    26
    Thanked 46 Times in 28 Posts
    Quote Originally Posted by oldgeezer75 View Post
    In searching Regedit, I found 2 instances of superfish and deleted them. I will see if that makes a difference. Also I will pay more attention to what program is bringing that incident up.
    The following is an excellent source for Superfish removal:

    https://forums.malwarebytes.org/inde...for-superfish/
    All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.

  16. #11
    2 Star Lounger 1PW's Avatar
    Join Date
    Feb 2011
    Location
    North of the 38th parallel.
    Posts
    131
    Thanks
    26
    Thanked 46 Times in 28 Posts
    Quote Originally Posted by oldgeezer75 View Post
    I am not clear on how to determine whether it is incoming or outgoing and how can I check on that? Thank you
    1. Please open the Malwarebytes Anti-Malware 2.x (MBAM2) Graphical User Interface (GUI).
    2. Single left-click History.
    3. Single left-click Application Logs.
    4. Left double-click the Protection Log pertaining to the date when the Malicious Website Protection notice(s) were seen.
    5. Single left-click Export button, and single left-click the Text file (*.txt) choice from the pull-down menu.
    6. Type Malicious in the File name: box, then single left-click Desktop, and single left-click the Save button.
    7. The MBAM2 GUI may now be closed.
    8. Please Attach the Malicious.txt file, from the Desktop, to your next reply in this thread.


    ...or, you may Copy/Paste the full width of those pertinent text lines from the relevant Protection Log(s) into your next reply here.
    Last edited by 1PW; 2015-03-24 at 22:32.
    All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.

  17. #12
    Star Lounger
    Join Date
    Oct 2011
    Posts
    92
    Thanks
    117
    Thanked 5 Times in 3 Posts

    MalwareBytes blocking something

    Quote Originally Posted by oldgeezer75 View Post
    I am not clear on how to determine whether it is incoming or outgoing and how can I check on that? Thank you
    Ken Hess
    I too, today, found the following in WEB EXCLUSIONS:
    Domain: 20d625b48e.se
    Domain: www.20d625b48e.se

    I looked up the ".se" and found that it was for Sweden.
    I don't do anything with Sweden.

    I poked around MBAM's forum and didn't find anything under "exclusions" or this domain address.

    Is this an incoming or outgoing exclusion? Should it be removed?

    Since my question follows the OP's question "How do you know if it's incoming or outgoing." I thought it might be pertinent, rather than a hi-jack.
    Thanks,
    Paul

  18. #13
    2 Star Lounger 1PW's Avatar
    Join Date
    Feb 2011
    Location
    North of the 38th parallel.
    Posts
    131
    Thanks
    26
    Thanked 46 Times in 28 Posts
    Quote Originally Posted by PointFive View Post
    ... Is this an incoming or outgoing exclusion? Should it be removed?
    Some additional clarification might help.

    Please read the procedure(s) in post #11 above and post the text file as an attachment or Copy/Paste the relevant line(s) from your protection log(s).

    ... or did you find that the URL you discovered was already entered here: http://www.malwarebytes.org/support/...xclusions.html ???

    Thank you.
    All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.

  19. The Following User Says Thank You to 1PW For This Useful Post:

    PointFive (2015-03-26)

  20. #14
    Star Lounger
    Join Date
    Oct 2011
    Posts
    92
    Thanks
    117
    Thanked 5 Times in 3 Posts
    MBAM 03-24-15.txt

    I found the ".se" domain already posted in the "Web Exclusions" as per your example. Since I didn't put it there and now I understand that it's purpose is to cause MBAM to not check that webpage, it appears that whoever put it there doesn't want MBAM to check this website/domain if/when I might be re-directed there.

    This sounds like a way for an invader to defeat MBAM? Or am I missing something?

    I ran a Full Scan by MBAM. I have McAfee Live Safe (installed OEM by DELL) and I forced it to run a Full Scan (it never finds anything). I ran ESET online scanner (took 5 hours because it also examined the external USB bakup drive) and I ran the free Kapersky scanner. Nothing found.

    I followed #11 and found quite a few Protection Logs for 03-24-15 where MBAM started, stopped, failed. See attached sample.

  21. #15
    2 Star Lounger 1PW's Avatar
    Join Date
    Feb 2011
    Location
    North of the 38th parallel.
    Posts
    131
    Thanks
    26
    Thanked 46 Times in 28 Posts
    Hello PointFive:

    Reference: https://www.malwarebytes.org/support...dSettings.html - Enable self-protection module (SPM)

    Ticking the above will enable one of MBAM's key features in protecting itself, and ultimately your system. Subsequently, SPM will need to be unticked to make various changes in MBAM.

    Please also consider the following scenario; a brief Malicious Website Blocked notice rises into your view in the lower right-hand corner of your display with a button inviting you to "Exclude Website". Some users have clicked this warning believing it is always a good thing. In general, the best thing to do is allow the message box to self-expire and investigate what is causing the message to occur in the first place.

    HTH

  22. The Following User Says Thank You to 1PW For This Useful Post:

    PointFive (2015-03-27)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •