IP, 89.248.171.167, 49152, Inbound, C:\Windows\System32\wininit.exe

**arvoreen** · May 7th, 2015, 03:29 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Protection, 5/7/2015 12:45:14 AM, SYSTEM, HEATHER-PC, Protection, Malware Protection, Starting,
Protection, 5/7/2015 12:45:14 AM, SYSTEM, HEATHER-PC, Protection, Malware Protection, Started,
Protection, 5/7/2015 12:45:14 AM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, Starting,
Protection, 5/7/2015 12:45:14 AM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, Started,
Update, 5/7/2015 11:29:35 AM, SYSTEM, HEATHER-PC, Scheduler, Malware Database, 2015.5.6.6, 2015.5.7.3,
Protection, 5/7/2015 11:29:36 AM, SYSTEM, HEATHER-PC, Protection, Refresh, Starting,
Protection, 5/7/2015 11:29:36 AM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, Stopping,
Protection, 5/7/2015 11:29:39 AM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, Stopped,
Protection, 5/7/2015 11:35:29 AM, SYSTEM, HEATHER-PC, Protection, Refresh, Success,
Protection, 5/7/2015 11:35:29 AM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, Starting,
Protection, 5/7/2015 11:35:32 AM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, Started,
Protection, 5/7/2015 1:42:05 PM, SYSTEM, HEATHER-PC, Protection, Malware Protection, Starting,
Protection, 5/7/2015 1:42:05 PM, SYSTEM, HEATHER-PC, Protection, Malware Protection, Started,
Protection, 5/7/2015 1:42:05 PM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, Starting,
Protection, 5/7/2015 1:42:06 PM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, Started,
Update, 5/7/2015 2:18:15 PM, SYSTEM, HEATHER-PC, Scheduler, Malware Database, 2015.5.7.3, 2015.5.7.4,
Protection, 5/7/2015 2:18:16 PM, SYSTEM, HEATHER-PC, Protection, Refresh, Starting,
Protection, 5/7/2015 2:18:16 PM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, Stopping,
Protection, 5/7/2015 2:18:17 PM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, Stopped,
Protection, 5/7/2015 2:19:13 PM, SYSTEM, HEATHER-PC, Protection, Refresh, Success,
Protection, 5/7/2015 2:19:13 PM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, Starting,
Protection, 5/7/2015 2:19:14 PM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, Started,
Detection, 5/7/2015 2:24:25 PM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, IP, 89.248.171.167, 49152, Inbound, C:\Windows\System32\wininit.exe,
Detection, 5/7/2015 2:24:25 PM, SYSTEM, HEATHER-PC, Protection, Malicious Website Protection, IP, 89.248.171.167, 49152, Inbound, C:\Windows\System32\wininit.exe,

(end)

My antivirus soft wares can't locate and end this intrusion.

**fink** · May 7th, 2015, 04:14 PM

There's nothing to locate on your computer and nothing to get extremely worried about... Malwarebytes is seeing some sort of attempted scan or malicious intent on a website you've visited and blocked it. Next time you get the warning make a note of what site you're viewing and then don't go there again. If it's a mainstream type of site then it may be an ad banner that's been hijacked and that would eventually be found and fixed, hopefully, by that site admins shortly.

**arvoreen** · May 7th, 2015, 04:38 PM

Next warning cam whilst watching a movie.

**jdc2000** · May 7th, 2015, 05:02 PM

Did you run a full scan with Malwarebytes? Was anything found?

You can block an IP or a range of IP addresses using Windows Firewall. That IP is from the Netherlands, where a lot of hacking originates.

Link:

https://www.google.com/?gws_rd=ssl#q...ewall+block+ip

**fink** · May 7th, 2015, 05:21 PM

I assume you are not using a router and your computer is directly connected to the modem? If you had a router or a modem/router combo then its built in hardware firewall, which would normally be on by default, would block all of those inbound scans.

My router's logs show dozens of them every day but they're blocked and my computer never knows about it or needs to know.

As jdc says you can create rules in Windows firewall to block it but you might drive yourself crazy doing it because it will keep happening with other IP's. It's been happening all along except now that you have the full version of Malwarebytes running at boot since you installed it due to your recent intensive care thread you're being made aware of it.

Personally, I'd buy a router even if I didn't need the routing capabilities just for it's firewall.

**arvoreen** · May 7th, 2015, 05:22 PM

Currently running Sophos and have blocked a range of IP addresses.

**arvoreen** · May 7th, 2015, 05:23 PM

We are using a router.

**fink** · May 7th, 2015, 06:14 PM

What's the make/model? Have you had a look to see if there's a firewall that's enabled?

**arvoreen** · May 7th, 2015, 06:21 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/7/2015
Scan Time: 4:59:14 PM
Logfile: MalWareBytes.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.07.04
Rootkit Database: v2015.04.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Heather

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 386609
Time Elapsed: 21 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

**arvoreen** · May 7th, 2015, 06:24 PM

Firewall is turned on

Router is DES-1105 D-Link

**fink** · May 7th, 2015, 06:39 PM

The DES-1105 D-Link is a switch not a router and there's no built in firewall.

http://www.dlink.com/-/media/Consume..._v11_EN_US.pdf

**arvoreen** · May 7th, 2015, 06:42 PM

Windows Firewall is turned on, thanks for educating me about my switch.

**fink** · May 7th, 2015, 06:53 PM

So, you say you have Sophos and use it to block IP's which I assume means you have two firewalls on the computer? You should only have one software firewall running at a time as they may interfere with each other. Disable one of them for best protection although I still think you''ll be getting those scan alerts from time to time without a hardware firewall/router.

**arvoreen** · May 7th, 2015, 07:02 PM

So no worries.

**fink** · May 7th, 2015, 07:09 PM

I wouldn't say no worries but I would not be jumping every time you see Malwarebytes tell you you've been scanned. Having said that I would still have a hardware firewall for complete protection.

Thread: IP, 89.248.171.167, 49152, Inbound, C:\Windows\System32\wininit.exe

Thread Tools

Search Thread

Display

IP, 89.248.171.167, 49152, Inbound, C:\Windows\System32\wininit.exe

Thread Information

Users Browsing this Thread

Posting Permissions