Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Malwarebytes Blocking IP address

29 Dec 2012   #1
mhhack

win 7 32bit Ultimate
 
 
Malwarebytes Blocking IP address

Hi,
Malwarebytes(1.70) is returning "successfully blocked access to a potentially malicious website 91.235.128.161, type outgoing, port 53041, Process: explorer.exe. I've run some p2p software recently, but have uninstalled it, and cannot understand why explorer.exe is the process implicated. I've since run Microsoft Security Essentials and Malwarebytes on my whole system, but they return no errors. Can anyone help?


My System SpecsSystem Spec
.
30 Dec 2012   #2
tman69

win7 ultimate 32bit
 
 

Quote   Quote: Originally Posted by mhhack View Post
Hi,
Malwarebytes(1.70) is returning "successfully blocked access to a potentially malicious website 91.235.128.161, type outgoing, port 53041, Process: explorer.exe. I've run some p2p software recently, but have uninstalled it, and cannot understand why explorer.exe is the process implicated. I've since run Microsoft Security Essentials and Malwarebytes on my whole system, but they return no errors. Can anyone help?
the message means the MBAM blocked something from accessing Windows Explorer (or kept windows explorer from connecting to that website) in other words...it did what it's supposed to do.

IF you would like more info see:

Malwarebytes Forum
My System SpecsSystem Spec
30 Dec 2012   #3
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 

Welcome to Seven Forums mhhack. IP address in the Ukraine the-pirate-bay.biz

the-pirate-bay.biz - Ukraine IP. Detailed location, ISP and more info.

91.235.128.161 IP Address WHOIS | DomainTools.com

A Guy
My System SpecsSystem Spec
.

30 Dec 2012   #4
Phone Man

Windows 8.1 Pro w/Media Center 64bit, Windows 7 HP 64bit
 
 

A lot of times a site you have opened has links to other sites to load advertisments and MB is blocking one of these links.

Jim
My System SpecsSystem Spec
30 Dec 2012   #5
mhhack

win 7 32bit Ultimate
 
 

Thanks for your info, though I still don't see the solution to the fact that even when my computer is doing nothing malwarebytes will popup the blocking message. Remember that the type is outgoing, which I think means that my PC is initiating the request to connect. It's that that I want to stop.
My System SpecsSystem Spec
30 Dec 2012   #6
DBone

Windows 7 Home Premium x64 SP1
 
 

If I were you, I would at least try a scan with Hitman Pro ( Home - SurfRight ). Also, you made it sound as though you did a full scan with Malwarebytes, but I would do another. Make sure it's up to date first, also make sure that in the settings tab, that you have PUP set to "show in results and check for removal"....... Actually, make sure that all 3 choices are set that way.

Start with that, and see if they can sniff something out.
My System SpecsSystem Spec
30 Dec 2012   #7
mhhack

win 7 32bit Ultimate
 
 

Thanks for your suggestions. I've rerun MB, full scan, and it turns up nothing, with the settings you suggested. I've also run SurfRight with nothing found.
Somehow or other something is prompting exlorer.exe to try to reach that malicious website, even though at the time nothing is running actively except for background tasks.
Just noticed looking at the MB logs that this attempt is made every 15 minutes, with the same URL but a different port.
My System SpecsSystem Spec
30 Dec 2012   #8
DavidE

Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64
 
 

Someone reported the same type of issue on the Malwarebytes forum.
If you're interested, MBAM stated they could help determine the cause of the blocks.

Malwarebytes detects outgoing attempt from explorer.exe - Malwarebytes Forum
My System SpecsSystem Spec
02 Jan 2013   #9
mhhack

win 7 32bit Ultimate
 
 

This finally turned out to be a rootkit infection. One or another of those p2p sites downloaded a rootkit that mimicked explorer.exe. Luckily it was blocked by Malwarebytes and finally removed, though it wasn't detected in previous runs. Go know.
My System SpecsSystem Spec
02 Jan 2013   #10
DavidE

Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64
 
 

Hello mhhack,

Glad you got this sorted out.
Can you tell us how you found out you had a rootkit infection?
It could help others if they run into this.

Did a Malwarebytes (MBAM) scan find and remove it?

Malwarebytes does have a new Anti-Rootkit tool (MBAR), but that is still in BETA (as far as I know).
Malwarebytes : Malwarebytes Anti-Rootkit

Thanks,
David
My System SpecsSystem Spec
Reply

 Malwarebytes Blocking IP address




Thread Tools




Similar help and support threads
Thread Forum
Malwarebytes has a new software- Malwarebytes Anti Exploit
has anyone installed this? https://www.malwarebytes.org/antiexploit/ I got an email from Malwarebytes about it I just installed the free version on my windows 8 and windows 7 test machines so far I am not seeing any problems but then again I just installed it :P anyone else try it?
System Security
Can the address bar always show the address?
Is there a way for the address bar to always show the address bar? The address bar normally looks like this. http://i1124.photobucket.com/albums/l562/shoober420/addbar_zps69a7663d.png When you click on the address bar, it will show the address like this: ...
Customization
'No Internet Access' IP address shows router not the modem IP address
Hey everyone. I've ran into a problem that I can't quite figure out. My internet connection shows 'no internet access' even though my ISP shows the connection is coming into the house just fine. I usually use a router (NetGear-WNR3500U) but I right now I have the Ethernet connection plugged...
Network & Sharing
Question about malwarebytes website blocking
As the title says I have a question about malwarebytes website blocking, I didn't find anything on the website about it. Does anyone know anything about it? :geek:
System Security
rounter address externally and ftp address??
Hey, I have a dlink pre N wireless router. From within my network, I can access my router (192.168.2.1), but how do I access my router from outside my network? I did use the address found in "whats my ip" site, but I did not access my router. Also, if I setup my network storage's FTP feature,...
Network & Sharing


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 10:16.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App