Why is CCDash making calls to a malicious site?


  1. soho1
    Posts : 469
    Win 7 Pro 64-bit
       New #1

    Why is CCDash making calls to a malicious site?


    I have a "virutual office" and use a lot of tools on the internet, including some things like Skype, so it's great to have MalwareByte watching out for me and blocking intruders. However, I just had an interesting scare when I saw an OUTBOUND connection to a malicious site get blocked. The blocked IP is is 62.41.26.253 and I looked it up here:

    https://who.is/whois-ip/ip-address/62.41.26.253

    So of course, when I saw it was OUTBOUND not inbound, I wanted to know what might have been comprimized. The offending program was CCDash. At first, I thought, did some cash-dash malware get installed? But no, it's the Intel Wi-Fi dashboard, which is odd by itself and I never use Wi-Fi, as I am wired by ethernet all the time.

    So can anyone suggest what might be happening, why? and other than the usual virus scans (which all show clean, and I use several programs for this), what should I consider as next steps? The port number was 8.
    Last edited by soho1; 25 Jul 2015 at 14:38. Reason: spelling
      My Computer
    Quote Quote

  3. GokAy
    Posts : 5,656
    Windows 7 Ultimate x64 SP1
       New #2

    MBAM doesn't block intruders, a firewall does :) Also MBAM is not an AV, do you have a dedicated AV software? MSE will suffice in your case.

    The IP is for WebPhone - Save on Calls with VoIP, the link gets loaded but entering the IP result in the behavior you describe. However, I am not exactly sure what's going on. I will ask for moving this to Security section, as it is better suited there.
      My Computer
    Quote Quote

  4. soho1
    Posts : 469
    Win 7 Pro 64-bit
    Thread Starter
       New #3

    GokAy said:
    MBAM doesn't block intruders, a firewall does :) MBAM is not an AV, do you have a dedicated AV software? MSE will suffice in your case.
    Yes, let's move this thread there.

    As to threat management software, I run MalwareBytes Premium which reported the threat, indicated the threat was blocked, identified the domain, IP, port, direction of the connect request and process name involved.

    I also run MSE actively in parallel and have verified separately with Avast and Kaspersky all of which claim the PC is clean.
      My Computer
    Quote Quote

  6. GokAy
    Posts : 5,656
    Windows 7 Ultimate x64 SP1
       New #4

    MBAM Premium and MSE is a good combination. If Avast and Kaspersky are installed they will cause conflict and issues (tomorrow if not today). Uninstall them with their respective clean uninstallers (search their site).

    I will be watching this thread in case I can be of help.
      My Computer
    Quote Quote

  7. soho1
    Posts : 469
    Win 7 Pro 64-bit
    Thread Starter
       New #5

    MSE and MBAM are installed and run actively. The others I run from a server on my network. But we digress.
      My Computer
    Quote Quote

 

  Related Discussions
I might have 50 web site tabs and am looking at one of them. All of a sudden, another web site starts with a voice and I can't determine which tab it's on. Trying to listen to two sites (or more) is ridiculous. How can I find the offending web site? Also, some web sites will present and audio...
After running Malwarebytes Anti-Malware I found out that I have a virus in stdrt.exe on Temp Folder.. I started scanning it because I've got this Virus keeps on accessing my net which my Avast blocks.. Here's the Screenshot of the Virus it always show me that.. keeps on accessing: ...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 21:10.
Find Us