Malwarebytes Constant blocked "outgoing" to 112.175.243.23

Page 2 of 2 FirstFirst 12

  1. Petey7
    Posts : 2,963
    Windows 7 Professional SP1 64-bit
       New #11

    Did some looking online. I want to start off by saying that you seem to have posted about this on several different sites about this issue. While it is not wrong to do so, we like to know because you have people telling you to do stuff we don't know about, which makes it harder for us to help you in the long run.

    More importantly, it seems that the IP Address you mention is used in several DDOS attacks. I'm not sure if this means you are currently infected or not, but it does indicate that MBAM is doing its job. Please go to the Logs tab in Malwarebytes and scroll down to the protection module logs. Open one of the logs and copy and paste it's contents into your next post. The log should tell us exactly what is trying to access that IP address. It may be your media player, it might not, but we need to find out.
      My Computer
    Quote Quote

  3. Layback Bear
    Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       New #12

    This Korean player must a call home program and IMHO it's good it's being blocker by MAM.
      My Computer
    Quote Quote

  4. union122
    Posts : 10
    7 pro 64 nit
    Thread Starter
       New #13

    Petey7 said:
    Did some looking online. I want to start off by saying that you seem to have posted about this on several different sites about this issue. While it is not wrong to do so, we like to know because you have people telling you to do stuff we don't know about, which makes it harder for us to help you in the long run.

    More importantly, it seems that the IP Address you mention is used in several DDOS attacks. I'm not sure if this means you are currently infected or not, but it does indicate that MBAM is doing its job. Please go to the Logs tab in Malwarebytes and scroll down to the protection module logs. Open one of the logs and copy and paste it's contents into your next post. The log should tell us exactly what is trying to access that IP address. It may be your media player, it might not, but we need to find out.

    Sorry, yes I did, well only on technibble.. that and sevens is my constant read when I can. I didn't know MBAM had that feature, log tab and protection module.. thanks for the heads up I will look at that and post back.
      My Computer
    Quote Quote

  6. union122
    Posts : 10
    7 pro 64 nit
    Thread Starter
       New #14

    2012/06/21 08:12:19 -0400 THINK SLC IP-BLOCK 112.175.243.24 (Type: outgoing, Port: 52204, Process: svchost.exe)
    2012/06/21 08:12:19 -0400 THINK SLC IP-BLOCK 112.175.243.21 (Type: outgoing, Port: 52205, Process: svchost.exe)
    2012/06/21 08:18:27 -0400 THINK SLC IP-BLOCK 112.175.243.21 (Type: outgoing, Port: 52226, Process: svchost.exe)
    2012/06/21 08:18:27 -0400 THINK SLC IP-BLOCK 112.175.243.21 (Type: outgoing, Port: 52227, Process: svchost.exe)
    2012/06/21 08:21:31 -0400 THINK SLC IP-BLOCK 95.215.1.248 (Type: outgoing, Port: 52238, Process: svchost.exe)
    2012/06/21 08:21:31 -0400 THINK SLC IP-BLOCK 95.215.1.248 (Type: outgoing, Port: 52239, Process: svchost.exe)
    2012/06/21 08:24:28 -0400 THINK SLC IP-BLOCK 112.175.243.22 (Type: outgoing, Port: 52251, Process: svchost.exe)
    2012/06/21 08:24:28 -0400 THINK SLC IP-BLOCK 112.175.243.22 (Type: outgoing, Port: 52252, Process: svchost.exe)
    2012/06/21 08:27:25 -0400 THINK SLC IP-BLOCK 93.170.52.31 (Type: outgoing, Port: 52282, Process: svchost.exe)
    2012/06/21 08:27:34 -0400 THINK SLC IP-BLOCK 93.170.52.31 (Type: outgoing, Port: 52284, Process: svchost.exe)
    2012/06/21 08:30:32 -0400 THINK SLC IP-BLOCK 112.175.243.23 (Type: outgoing, Port: 52291, Process: svchost.exe)
    2012/06/21 08:30:32 -0400 THINK SLC IP-BLOCK 112.175.243.23 (Type: outgoing, Port: 52292, Process: svchost.exe)
    2012/06/21 08:33:30 -0400 THINK SLC IP-BLOCK 93.170.52.31 (Type: outgoing, Port: 52301, Process: svchost.exe)
    2012/06/21 08:33:30 -0400 THINK SLC IP-BLOCK 93.170.52.31 (Type: outgoing, Port: 52302, Process: svchost.exe)
      My Computer
    Quote Quote

  7. Petey7
    Posts : 2,963
    Windows 7 Professional SP1 64-bit
       New #15

    The fact that it says "svchost.exe" means that it is a service excessing that IP address. In the start menu search bar, type "msconfig" and press enter. Go to the services tab and check the box saying "Hide all Microsoft services". Please provide us a list of the names of all remaining services.
      My Computer
    Quote Quote

 
Page 2 of 2 FirstFirst 12

  Related Discussions
MS "community" for cell phone users only? or those willing to give 24 hour a day access to MS after something like.. 20 years of using the MS discussion boards... they froze my account/outlook and will not say why, vague hints of it being hacked but... nothing definite they say I have to...
Can someone explain why the "blocked sender/domain list" facility does not work please? I have blocked the same senders both with the blocked senders as well as the blocked domain lists in WLM so many times, & they just keep coming back? I also have Mailwasher ,use it all the time, but the "bounce...
I occasionally get a malicious website blocked message from Mbam , when i am in sites that i am pretty sure are clean , weird thing about it is it says it "outbound". Does this mean i have malware on my system trying to get outbound or what is this exactly because all scans including Kaspersky...
Hi Everybody, I have gone thru the tutorial of installing a dual boot to my laptop. I have windows 7 as the first install, and I am trying to add Windows XP. I successfully partitioned the hard disk using the tutorial(using disk management to shrink drive C and creating a new partitioned...
I have used WLM for some time now with no issues. Today I received a message asking me to invest in a product. I replied that I had no interest in it. My reply could not be sent as my mail system said it was too big for my mails server to handle. I deleted most of the body of the message and...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 06:49.
Find Us