Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Malwarebytes Constant blocked "outgoing" to 112.175.243.23

21 Jun 2012   #11
Petey7

Windows 7 Professional SP1 64-bit
 
 

Did some looking online. I want to start off by saying that you seem to have posted about this on several different sites about this issue. While it is not wrong to do so, we like to know because you have people telling you to do stuff we don't know about, which makes it harder for us to help you in the long run.

More importantly, it seems that the IP Address you mention is used in several DDOS attacks. I'm not sure if this means you are currently infected or not, but it does indicate that MBAM is doing its job. Please go to the Logs tab in Malwarebytes and scroll down to the protection module logs. Open one of the logs and copy and paste it's contents into your next post. The log should tell us exactly what is trying to access that IP address. It may be your media player, it might not, but we need to find out.


My System SpecsSystem Spec
.
21 Jun 2012   #12
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

This Korean player must a call home program and IMHO it's good it's being blocker by MAM.
My System SpecsSystem Spec
22 Jun 2012   #13
union122

7 pro 64 nit
 
 

Quote   Quote: Originally Posted by Petey7 View Post
Did some looking online. I want to start off by saying that you seem to have posted about this on several different sites about this issue. While it is not wrong to do so, we like to know because you have people telling you to do stuff we don't know about, which makes it harder for us to help you in the long run.

More importantly, it seems that the IP Address you mention is used in several DDOS attacks. I'm not sure if this means you are currently infected or not, but it does indicate that MBAM is doing its job. Please go to the Logs tab in Malwarebytes and scroll down to the protection module logs. Open one of the logs and copy and paste it's contents into your next post. The log should tell us exactly what is trying to access that IP address. It may be your media player, it might not, but we need to find out.

Sorry, yes I did, well only on technibble.. that and sevens is my constant read when I can. I didn't know MBAM had that feature, log tab and protection module.. thanks for the heads up I will look at that and post back.
My System SpecsSystem Spec
.

22 Jun 2012   #14
union122

7 pro 64 nit
 
 

2012/06/21 08:12:19 -0400 THINK SLC IP-BLOCK 112.175.243.24 (Type: outgoing, Port: 52204, Process: svchost.exe)
2012/06/21 08:12:19 -0400 THINK SLC IP-BLOCK 112.175.243.21 (Type: outgoing, Port: 52205, Process: svchost.exe)
2012/06/21 08:18:27 -0400 THINK SLC IP-BLOCK 112.175.243.21 (Type: outgoing, Port: 52226, Process: svchost.exe)
2012/06/21 08:18:27 -0400 THINK SLC IP-BLOCK 112.175.243.21 (Type: outgoing, Port: 52227, Process: svchost.exe)
2012/06/21 08:21:31 -0400 THINK SLC IP-BLOCK 95.215.1.248 (Type: outgoing, Port: 52238, Process: svchost.exe)
2012/06/21 08:21:31 -0400 THINK SLC IP-BLOCK 95.215.1.248 (Type: outgoing, Port: 52239, Process: svchost.exe)
2012/06/21 08:24:28 -0400 THINK SLC IP-BLOCK 112.175.243.22 (Type: outgoing, Port: 52251, Process: svchost.exe)
2012/06/21 08:24:28 -0400 THINK SLC IP-BLOCK 112.175.243.22 (Type: outgoing, Port: 52252, Process: svchost.exe)
2012/06/21 08:27:25 -0400 THINK SLC IP-BLOCK 93.170.52.31 (Type: outgoing, Port: 52282, Process: svchost.exe)
2012/06/21 08:27:34 -0400 THINK SLC IP-BLOCK 93.170.52.31 (Type: outgoing, Port: 52284, Process: svchost.exe)
2012/06/21 08:30:32 -0400 THINK SLC IP-BLOCK 112.175.243.23 (Type: outgoing, Port: 52291, Process: svchost.exe)
2012/06/21 08:30:32 -0400 THINK SLC IP-BLOCK 112.175.243.23 (Type: outgoing, Port: 52292, Process: svchost.exe)
2012/06/21 08:33:30 -0400 THINK SLC IP-BLOCK 93.170.52.31 (Type: outgoing, Port: 52301, Process: svchost.exe)
2012/06/21 08:33:30 -0400 THINK SLC IP-BLOCK 93.170.52.31 (Type: outgoing, Port: 52302, Process: svchost.exe)
My System SpecsSystem Spec
22 Jun 2012   #15
Petey7

Windows 7 Professional SP1 64-bit
 
 

The fact that it says "svchost.exe" means that it is a service excessing that IP address. In the start menu search bar, type "msconfig" and press enter. Go to the services tab and check the box saying "Hide all Microsoft services". Please provide us a list of the names of all remaining services.
My System SpecsSystem Spec
Reply

 Malwarebytes Constant blocked "outgoing" to 112.175.243.23




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Windows Live mail "blocked senders/domains" does not work?
Can someone explain why the "blocked sender/domain list" facility does not work please? I have blocked the same senders both with the blocked senders as well as the blocked domain lists in WLM so many times, & they just keep coming back? I also have Mailwasher ,use it all the time, but the "bounce...
Browsers & Mail
Question regarding "malicious website blocked " message.
I occasionally get a malicious website blocked message from Mbam , when i am in sites that i am pretty sure are clean , weird thing about it is it says it "outbound". Does this mean i have malware on my system trying to get outbound or what is this exactly because all scans including Kaspersky...
System Security
"This program is blocked due to compatibility issues."
Hi Everybody, I have gone thru the tutorial of installing a dual boot to my laptop. I have windows 7 as the first install, and I am trying to add Windows XP. I successfully partitioned the hard disk using the tutorial(using disk management to shrink drive C and creating a new partitioned...
Installation & Setup
Need to add "TASKBARS" (MSese for "Launchpads", "Docks" NOT "Toolbars"
My office just upgraded, and I can no longer use Windows XP. On this system, I was able to add a separate taskbar to facilitate quick access to commonly-browsed folder locations on our vast network, and another one expedited the launching of useful programs and lists. Each task on each taskbar...
General Discussion
Windowas Live Mail outbox "blocked"
I have used WLM for some time now with no issues. Today I received a message asking me to invest in a product. I replied that I had no interest in it. My reply could not be sent as my mail system said it was too big for my mails server to handle. I deleted most of the body of the message and...
Browsers & Mail
Constant error: "The DNS server isnít responding" (Win7 Pro 64bit)
Every since I upgraded to Win7 Pro 64bit from Win7 Pro 32bit I have been getting "The DNS server isnít responding" error randomly and constantly (I attached the most current reports). I got rid of the Windows drivers and went straight to the Intel site for the drivers.....issue remains. Tried a...
Network & Sharing


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:11.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App