Why is CCDash making calls to a malicious site?

soho1

soho1

New member
Power User
Local time
8:18 PM
Messages
458
Location
Earth, Mostly Chicago and London
I have a "virutual office" and use a lot of tools on the internet, including some things like Skype, so it's great to have MalwareByte watching out for me and blocking intruders. However, I just had an interesting scare when I saw an OUTBOUND connection to a malicious site get blocked. The blocked IP is is 62.41.26.253 and I looked it up here:

https://who.is/whois-ip/ip-address/62.41.26.253

So of course, when I saw it was OUTBOUND not inbound, I wanted to know what might have been comprimized. The offending program was CCDash. At first, I thought, did some cash-dash malware get installed? But no, it's the Intel Wi-Fi dashboard, which is odd by itself and I never use Wi-Fi, as I am wired by ethernet all the time.

So can anyone suggest what might be happening, why? and other than the usual virus scans (which all show clean, and I use several programs for this), what should I consider as next steps? The port number was 8.
 
Last edited:

My Computer My Computer

At a glance

Win 7 Pro 64-bitIntel Core i516 GB Dell, 6 GB ToshibaIntel crap on both but Dell also has nVidia G...
Computer type
Laptop
Computer Manufacturer/Model Number
Dell Insprion 7559 next to a Toshiba Portege
OS
Win 7 Pro 64-bit
CPU
Intel Core i5
Motherboard
Intel
Memory
16 GB Dell, 6 GB Toshiba
Graphics Card(s)
Intel crap on both but Dell also has nVidia GeForce GTX960M
Sound Card
RealTek
Monitor(s) Displays
internal and external ACER KA270H 27"
Screen Resolution
1920x1080
Hard Drives
SSD 256 GB plus numerous WD Red or Purple on USB3 docks. Used to buy a lot of Seagate but tossed them the second time I got unrecoverable disc corruption in the midst of use.
Keyboard
Garage Mouse SW and some cheap Amazon China made USB device
Mouse
Garage Mouse and some cheap Amazon China made USB device
Internet Speed
50 Mbps (allegedly, depends on server)
Antivirus
Defender, Malwarebytes Premium and Kaspersky
Browser
IE 11, and Chrome something
MBAM doesn't block intruders, a firewall does :) Also MBAM is not an AV, do you have a dedicated AV software? MSE will suffice in your case.

The IP is for WebPhone - Save on Calls with VoIP, the link gets loaded but entering the IP result in the behavior you describe. However, I am not exactly sure what's going on. I will ask for moving this to Security section, as it is better suited there.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64 SP1AMD Phenom 2 1090T2x8GB Kingston HyperX Fury Black 1600Mhz Unga...MSI GTX 970 Gaming 4G
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 7 Ultimate x64 SP1
CPU
AMD Phenom 2 1090T
Motherboard
Gigabyte GA-890FXA-UD5
Memory
2x8GB Kingston HyperX Fury Black 1600Mhz Unganged
Graphics Card(s)
MSI GTX 970 Gaming 4G
Sound Card
Realtek On-Board HD 7.1 Audio / Logitech G35
Monitor(s) Displays
3xAcer GD245HQ
Screen Resolution
1920x1080
Hard Drives
Samsung 850 Pro 512GB SSD - OS /
WD Caviar Black SATA 3 - 1 TBx2 - Dynamic RAID 0 /
WD Caviar Green SATA 2 - 640GBx2 - Dynamic RAID 0 /
WD Caviar Green SATA 2 - 640GB - Internal Backup /
Seagate Barracude SATA 3 - 3TB - External Backup/ Sync
PSU
HighPower 1000W
Case
Cooler Master HAF 932
Cooling
Noctua NH-D14
Keyboard
Logitech G19
Mouse
Logitech G500
Internet Speed
100/4 Mbit Cable (100GB quota)
Antivirus
ZoneAlarm Extreme Security / MBAM Pro / MBAE Free / SAS Free
Browser
IE 11 - Firefox - Chrome
Other Info
Logitech F710/ G27/ G940/ Z5500 // TrackIR 5 // Nvidia 3D Surround Vision
GokAy said:
MBAM doesn't block intruders, a firewall does :) MBAM is not an AV, do you have a dedicated AV software? MSE will suffice in your case.
Click to expand...

Yes, let's move this thread there.

As to threat management software, I run MalwareBytes Premium which reported the threat, indicated the threat was blocked, identified the domain, IP, port, direction of the connect request and process name involved. :D

I also run MSE actively in parallel and have verified separately with Avast and Kaspersky all of which claim the PC is clean.
 

My Computer My Computer

At a glance

Win 7 Pro 64-bitIntel Core i516 GB Dell, 6 GB ToshibaIntel crap on both but Dell also has nVidia G...
Computer type
Laptop
Computer Manufacturer/Model Number
Dell Insprion 7559 next to a Toshiba Portege
OS
Win 7 Pro 64-bit
CPU
Intel Core i5
Motherboard
Intel
Memory
16 GB Dell, 6 GB Toshiba
Graphics Card(s)
Intel crap on both but Dell also has nVidia GeForce GTX960M
Sound Card
RealTek
Monitor(s) Displays
internal and external ACER KA270H 27"
Screen Resolution
1920x1080
Hard Drives
SSD 256 GB plus numerous WD Red or Purple on USB3 docks. Used to buy a lot of Seagate but tossed them the second time I got unrecoverable disc corruption in the midst of use.
Keyboard
Garage Mouse SW and some cheap Amazon China made USB device
Mouse
Garage Mouse and some cheap Amazon China made USB device
Internet Speed
50 Mbps (allegedly, depends on server)
Antivirus
Defender, Malwarebytes Premium and Kaspersky
Browser
IE 11, and Chrome something
MBAM Premium and MSE is a good combination. If Avast and Kaspersky are installed they will cause conflict and issues (tomorrow if not today). Uninstall them with their respective clean uninstallers (search their site).

I will be watching this thread in case I can be of help.
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64 SP1AMD Phenom 2 1090T2x8GB Kingston HyperX Fury Black 1600Mhz Unga...MSI GTX 970 Gaming 4G
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 7 Ultimate x64 SP1
CPU
AMD Phenom 2 1090T
Motherboard
Gigabyte GA-890FXA-UD5
Memory
2x8GB Kingston HyperX Fury Black 1600Mhz Unganged
Graphics Card(s)
MSI GTX 970 Gaming 4G
Sound Card
Realtek On-Board HD 7.1 Audio / Logitech G35
Monitor(s) Displays
3xAcer GD245HQ
Screen Resolution
1920x1080
Hard Drives
Samsung 850 Pro 512GB SSD - OS /
WD Caviar Black SATA 3 - 1 TBx2 - Dynamic RAID 0 /
WD Caviar Green SATA 2 - 640GBx2 - Dynamic RAID 0 /
WD Caviar Green SATA 2 - 640GB - Internal Backup /
Seagate Barracude SATA 3 - 3TB - External Backup/ Sync
PSU
HighPower 1000W
Case
Cooler Master HAF 932
Cooling
Noctua NH-D14
Keyboard
Logitech G19
Mouse
Logitech G500
Internet Speed
100/4 Mbit Cable (100GB quota)
Antivirus
ZoneAlarm Extreme Security / MBAM Pro / MBAE Free / SAS Free
Browser
IE 11 - Firefox - Chrome
Other Info
Logitech F710/ G27/ G940/ Z5500 // TrackIR 5 // Nvidia 3D Surround Vision
MSE and MBAM are installed and run actively. The others I run from a server on my network. But we digress.
 

My Computer My Computer

At a glance

Win 7 Pro 64-bitIntel Core i516 GB Dell, 6 GB ToshibaIntel crap on both but Dell also has nVidia G...
Computer type
Laptop
Computer Manufacturer/Model Number
Dell Insprion 7559 next to a Toshiba Portege
OS
Win 7 Pro 64-bit
CPU
Intel Core i5
Motherboard
Intel
Memory
16 GB Dell, 6 GB Toshiba
Graphics Card(s)
Intel crap on both but Dell also has nVidia GeForce GTX960M
Sound Card
RealTek
Monitor(s) Displays
internal and external ACER KA270H 27"
Screen Resolution
1920x1080
Hard Drives
SSD 256 GB plus numerous WD Red or Purple on USB3 docks. Used to buy a lot of Seagate but tossed them the second time I got unrecoverable disc corruption in the midst of use.
Keyboard
Garage Mouse SW and some cheap Amazon China made USB device
Mouse
Garage Mouse and some cheap Amazon China made USB device
Internet Speed
50 Mbps (allegedly, depends on server)
Antivirus
Defender, Malwarebytes Premium and Kaspersky
Browser
IE 11, and Chrome something
You must log in or register to reply here.

Similar threads

how to remove a malicious script
2
Replies
23
Views
8K
A Guy
A Guy
Back
Top