Help ATS with a contribution via PayPal:
learn more

Question about an IP block

page: 1
0

log in

join

posted on Jul, 21 2012 @ 09:24 PM
link   
I know the basics and even some handy information about using anti-malware programs. I just have a question of whether or not my Malwarebytes blocking IP-Address 195.68.160.175 should be a concern for me. Here is the information:

2012/07/21 18:53:46 -0400 [...] IP-BLOCK 195.68.160.175 (Type: outgoing, Port: 60589, Process: firefox.exe)

This occurred when I was on Firefox just viewing WOT approved sites. Those open on my browser were city-data, pandora radio, weather base, and noaa. After seeing that I turned off my internet connection and ran a Malwarebytes full scan which found nothing wrong anywhere on my system. This must have also passed by my COMODO Internet Security because it does not show any problems with blocked IP's.

Should I be worried or not? What do you recommend I do?




posted on Jul, 21 2012 @ 09:33 PM
link   
You tried Spybot search and destroy? I've found it finds tons more than anything else I've ever used but then again I haven't used Malwarebytes.



posted on Jul, 21 2012 @ 09:37 PM
link   
No don't be worried, it's outgoing for a start.

It's some Russian federation IP, I don't know what it is.



posted on Jul, 21 2012 @ 09:38 PM
link   
reply to post by TechUnique
 


I used Spybot 2 months ago when my IE homepage got hijacked. It was the only thing that found the hijacker but it failed to remove it properly. I had to create a new user on my computer and remove the old one. About a week ago I ran Malwarebytes and found the problem. Mind you, I used Spybot, Super Anti-Spyware, RKill, Comodo, and others, none of which removed it until last week's MBAM scan.

Really I am just waiting on someone who may know whether this is a real problem or not. I do not want to do another run through the anti-malware programs if it is not absolutely necessary.



posted on Jul, 21 2012 @ 09:40 PM
link   
reply to post by SpearMint
 


Thank you for the quick response. If I may ask, what difference does it make if it were incoming rather than outgoing?



posted on Jul, 21 2012 @ 09:43 PM
link   

Originally posted by Misoir
reply to post by TechUnique
 


I used Spybot 2 months ago when my IE homepage got hijacked. It was the only thing that found the hijacker but it failed to remove it properly. I had to create a new user on my computer and remove the old one. About a week ago I ran Malwarebytes and found the problem. Mind you, I used Spybot, Super Anti-Spyware, RKill, Comodo, and others, none of which removed it until last week's MBAM scan.

Really I am just waiting on someone who may know whether this is a real problem or not. I do not want to do another run through the anti-malware programs if it is not absolutely necessary.


You don't need to worry about anti-malware programs, it's just blocked outgoing traffic to an IP because it was seen as a threat.



posted on Jul, 21 2012 @ 09:52 PM
link   
If you can block domain names at your router i recommend blocking moneyracing.ru
Also an outgoing IP could mean malware on your machine trying to call home, update the scanners you have and look again, also run a scan at eset online.
Problem with malware scanners, if someone has a new virus out and the signature is not available yet for detection programs, it remains undetected if heuristics doesn't pick it up.


Also go to firefox options, click "Advanced" then the tab "Network" and make sure "No proxy" is ticked.
edit on 21-7-2012 by The X because: (no reason given)



posted on Jul, 21 2012 @ 09:56 PM
link   
The IP address belongs to a firm called 'Media World', based in Russia. Check whether anything open in Firefox is contacting their servers. It appears to be a standard media streaming site (relax.ru), and has provided full contact details for spam/misuse.
edit on 21-7-2012 by XeroOne because: (no reason given)



posted on Jul, 21 2012 @ 10:06 PM
link   
reply to post by XeroOne
 


I have a certain program on my firefox to deal with ads.


So do you think there is anything specific I should do?
edit on 7/21/2012 by Misoir because: (no reason given)



posted on Jul, 21 2012 @ 10:09 PM
link   
reply to post by The X
 


Thank you for the reply. I have now set my FireFox to "No Proxy" as you recommended.



posted on Jul, 21 2012 @ 10:15 PM
link   

Originally posted by Misoir
reply to post by XeroOne
 


I have a certain program on my firefox to deal with ads.


So do you think there is anything specific I should do?
edit on 7/21/2012 by Misoir because: (no reason given)


Given the port seems to be opened by Firefox, not a lot, other than setting your browser to block third-party cookies, installing the Ghostery add-on, and checking regularly for spyware.
I suspect you're just visiting a page that's pulling ads from various other servers.



posted on Jul, 21 2012 @ 10:20 PM
link   
reply to post by XeroOne
 


Thank you very much. I re-enabled Ghostery. I had been using it for the past week or so but then 2 days ago I just disabled it because none of the websites which use Disqus would allow me to post. Right now I have running Comodo Internet Security, Spyware Blaster, and Malwarebytes Anti-Malware. For Firefox my add-ons of AdBlock, Script Proxy, Ghostery, and WOT should generally protect me. Plus I do an MBAM scan once a week.

Basically I should only be worried if that blocked IP-address appears again?



posted on Jul, 21 2012 @ 10:32 PM
link   
Ghostery should allow you to selectively unblock cookies/bugs. It looks like you've got a very good anti-malware setup that's going to nail 99% of the threats out there if you keep that software updated. Find the time to sit down and go through the Windows firewall and the router settings as well.

Other than that, there's nothing to worry about.



posted on Jul, 22 2012 @ 07:52 AM
link   
Windows firewall's are statefull this means that your computer will only let traffic from the internet in if a program has sent a message out over the internet and is expecting a response back.

So by blocking certain unwanted outbound traffic from your computer it is also stopping any unwanted inbound responses.





new topics

top topics



 
0

log in

join