-
May 7th, 2015, 03:29 PM
#1
IP, 89.248.171.167, 49152, Inbound, C:\Windows\System32\wininit.exe
Malwarebytes Anti-Malware
www.malwarebytes.org
Protection, 5/7/2015 12:45:14 AM, SYSTEM, HEATHER-PC, Protection, Malware Protection, Starting,
Protection, 5/7/2015 12:45:14 AM, SYSTEM, HEATHER-PC, Protection, Malware Protection, Started,
Protection, 5/7/2015 12:45:14 AM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, Starting,
Protection, 5/7/2015 12:45:14 AM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, Started,
Update, 5/7/2015 11:29:35 AM, SYSTEM, HEATHER-PC, Scheduler, Malware Database, 2015.5.6.6, 2015.5.7.3,
Protection, 5/7/2015 11:29:36 AM, SYSTEM, HEATHER-PC, Protection, Refresh, Starting,
Protection, 5/7/2015 11:29:36 AM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, Stopping,
Protection, 5/7/2015 11:29:39 AM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, Stopped,
Protection, 5/7/2015 11:35:29 AM, SYSTEM, HEATHER-PC, Protection, Refresh, Success,
Protection, 5/7/2015 11:35:29 AM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, Starting,
Protection, 5/7/2015 11:35:32 AM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, Started,
Protection, 5/7/2015 1:42:05 PM, SYSTEM, HEATHER-PC, Protection, Malware Protection, Starting,
Protection, 5/7/2015 1:42:05 PM, SYSTEM, HEATHER-PC, Protection, Malware Protection, Started,
Protection, 5/7/2015 1:42:05 PM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, Starting,
Protection, 5/7/2015 1:42:06 PM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, Started,
Update, 5/7/2015 2:18:15 PM, SYSTEM, HEATHER-PC, Scheduler, Malware Database, 2015.5.7.3, 2015.5.7.4,
Protection, 5/7/2015 2:18:16 PM, SYSTEM, HEATHER-PC, Protection, Refresh, Starting,
Protection, 5/7/2015 2:18:16 PM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, Stopping,
Protection, 5/7/2015 2:18:17 PM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, Stopped,
Protection, 5/7/2015 2:19:13 PM, SYSTEM, HEATHER-PC, Protection, Refresh, Success,
Protection, 5/7/2015 2:19:13 PM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, Starting,
Protection, 5/7/2015 2:19:14 PM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, Started,
Detection, 5/7/2015 2:24:25 PM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, IP, 89.248.171.167, 49152, Inbound, C:\Windows\System32\wininit.exe,
Detection, 5/7/2015 2:24:25 PM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, IP, 89.248.171.167, 49152, Inbound, C:\Windows\System32\wininit.exe,
(end)
My antivirus soft wares can't locate and end this intrusion.
-
May 7th, 2015, 04:14 PM
#2
There's nothing to locate on your computer and nothing to get extremely worried about... Malwarebytes is seeing some sort of attempted scan or malicious intent on a website you've visited and blocked it. Next time you get the warning make a note of what site you're viewing and then don't go there again. If it's a mainstream type of site then it may be an ad banner that's been hijacked and that would eventually be found and fixed, hopefully, by that site admins shortly.
VirtualDr email notices are not working.
Check back regularly for responses.
_____________________
cat lovers click here
-
May 7th, 2015, 04:38 PM
#3
Next warning cam whilst watching a movie.
-
May 7th, 2015, 05:02 PM
#4
Did you run a full scan with Malwarebytes? Was anything found?
You can block an IP or a range of IP addresses using Windows Firewall. That IP is from the Netherlands, where a lot of hacking originates.
Link:
https://www.google.com/?gws_rd=ssl#q...ewall+block+ip
-
May 7th, 2015, 05:21 PM
#5
I assume you are not using a router and your computer is directly connected to the modem? If you had a router or a modem/router combo then its built in hardware firewall, which would normally be on by default, would block all of those inbound scans.
My router's logs show dozens of them every day but they're blocked and my computer never knows about it or needs to know.
As jdc says you can create rules in Windows firewall to block it but you might drive yourself crazy doing it because it will keep happening with other IP's. It's been happening all along except now that you have the full version of Malwarebytes running at boot since you installed it due to your recent intensive care thread you're being made aware of it.
Personally, I'd buy a router even if I didn't need the routing capabilities just for it's firewall.
VirtualDr email notices are not working.
Check back regularly for responses.
_____________________
cat lovers click here
-
May 7th, 2015, 05:22 PM
#6
Currently running Sophos and have blocked a range of IP addresses.
-
May 7th, 2015, 05:23 PM
#7
-
May 7th, 2015, 06:14 PM
#8
What's the make/model? Have you had a look to see if there's a firewall that's enabled?
VirtualDr email notices are not working.
Check back regularly for responses.
_____________________
cat lovers click here
-
May 7th, 2015, 06:21 PM
#9
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/7/2015
Scan Time: 4:59:14 PM
Logfile: MalWareBytes.txt
Administrator: Yes
Version: 2.01.6.1022
Malware Database: v2015.05.07.04
Rootkit Database: v2015.04.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Heather
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 386609
Time Elapsed: 21 min, 44 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
-
May 7th, 2015, 06:24 PM
#10
Firewall is turned on
Router is DES-1105 D-Link
-
May 7th, 2015, 06:39 PM
#11
The DES-1105 D-Link is a switch not a router and there's no built in firewall.
http://www.dlink.com/-/media/Consume..._v11_EN_US.pdf
VirtualDr email notices are not working.
Check back regularly for responses.
_____________________
cat lovers click here
-
May 7th, 2015, 06:42 PM
#12
Windows Firewall is turned on, thanks for educating me about my switch.
-
May 7th, 2015, 06:53 PM
#13
So, you say you have Sophos and use it to block IP's which I assume means you have two firewalls on the computer? You should only have one software firewall running at a time as they may interfere with each other. Disable one of them for best protection although I still think you''ll be getting those scan alerts from time to time without a hardware firewall/router.
VirtualDr email notices are not working.
Check back regularly for responses.
_____________________
cat lovers click here
-
May 7th, 2015, 07:02 PM
#14
-
May 7th, 2015, 07:09 PM
#15
I wouldn't say no worries but I would not be jumping every time you see Malwarebytes tell you you've been scanned. Having said that I would still have a hardware firewall for complete protection.
VirtualDr email notices are not working.
Check back regularly for responses.
_____________________
cat lovers click here
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|