MBAM IP-BLOCK

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
My mother's PC's MBAM is reporting...

2012/02/05 12:00:12 -0500    DOGWOOD    Denny    IP-BLOCK    194.54.81.86 (Type:
incoming)
2012/02/05 12:00:54 -0500    DOGWOOD    Denny    IP-BLOCK    194.54.81.86 (Type:
outgoing)

It looks like MBAM is doing its job, but I am a little bit concerned
about this. 'whois' reports that this is a server in the Ukraine, which
raises red flags. Does anyone have any suggestions on what to do to
track this down? Is there a way to see which program is making this
request?

Thanks,

--

Dennis

Re: MBAM IP-BLOCK


| My mother's PC's MBAM is reporting...
|
| 2012/02/05 12:00:12 -0500 DOGWOOD Denny IP-BLOCK 194.54.81.86 (Type:
| incoming)
| 2012/02/05 12:00:54 -0500 DOGWOOD Denny IP-BLOCK 194.54.81.86 (Type:
| outgoing)
|
| It looks like MBAM is doing its job, but I am a little bit concerned
| about this. 'whois' reports that this is a server in the Ukraine, which
| raises red flags. Does anyone have any suggestions on what to do to
| track this down? Is there a way to see which program is making this
| request?
|
| Thanks,

What anti virus application is used in conjunction with MBAM ?


--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

Re: MBAM IP-BLOCK

On Sun, 5 Feb 2012 14:28:27 -0500, "David H. Lipman"

Quoted text here. Click to load it

Avira free. I am running scans right now. I googled around for more info
on the MBAM IP-BLOCK and found some sample logs. Those MBAM logs showed
the process name somewhere after incoming/outgoing. I am wondering why I
didn't get that.

When my scans are complete I plan on shutting everything down and then
bringing the system back up without opening any other programs. Then I
will watch for the IP-BLOCKs. It seems like I saw them fairly quickly
after I first logged in to her PC, but they stopped happening within a
minute or so.

--

Dennis

Re: MBAM IP-BLOCK


Quoted text here. Click to load it

*sigh*. Probably should report that to them. teamviewer shouldnt be
blocked by default...


--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

Re: MBAM IP-BLOCK

wrote:

Quoted text here. Click to load it

Report to MBAM?

--

Dennis

Re: MBAM IP-BLOCK


Quoted text here. Click to load it
concerned

yep.


--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

Re: MBAM IP-BLOCK

wrote:

Quoted text here. Click to load it

Done.

Thanks for your help. I believe I can manually mark that IP as an
exception, but if it only pops up when I remotely connect to her PC than
I am not going to bother. I'll let MBAM handle it.

--

Dennis

Re: MBAM IP-BLOCK


Quoted text here. Click to load it



Depends on who installed teamviewer.  If it's been intentionally
installed by the owner of the system, then it can be ignored.  If
not, then the owner does need to be made aware that it has been
installed.  In my opinion, it's a potentially un-wanted program.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

Re: MBAM IP-BLOCK

David W. Hodgins wrote:

Quoted text here. Click to load it

Then why do they ignore commercial key loggers that corporations  use?


Re: MBAM IP-BLOCK

G. Morgan wrote:
Quoted text here. Click to load it
IMO, such a program loses all of its claim to legitimacy if it offers a
way to install it surreptitiously. Both keyloggers and RATs are
legitimate programs when installed with the administrators blessing.

Re: MBAM IP-BLOCK

FromTheRafters wrote:

Quoted text here. Click to load it

I agree, but I also would like to know about it in the scan.


Re: MBAM IP-BLOCK

G. Morgan wrote:
Quoted text here. Click to load it
Agreed, especially since a miscreant could conceivably install
legitimate software surreptitiously if he or she had the access and
sufficient privileges.

The thing is, how to make it so the target being legitimately under
surveillance (or remote administration/control) doesn't see the *warning*.

Re: MBAM IP-BLOCK

FromTheRafters wrote:

Quoted text here. Click to load it

If I'm hired to clean it, it would be by the owner.  If they had key
loggers I would know.


Re: MBAM IP-BLOCK



Quoted text here. Click to load it
| IMO, such a program loses all of its claim to legitimacy if it offers a
| way to install it surreptitiously. Both keyloggers and RATs are
| legitimate programs when installed with the administrators blessing.

And the EULA defines its capabilities properly.

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

Re: MBAM IP-BLOCK

David H. Lipman wrote:

Quoted text here. Click to load it

What this?  Standard CYA,stuff.  Where does it get specific?

Warranties and Damages

16. Malwarebytes makes no warranty about the quality of the Software or
its ability to eliminate any specific malware threats.
17. Malwarebytes makes no warranty as to the completeness of the
Database or protection modules.
18. Malwarebytes makes no warranty concerning the comparison of the
Software to any similar software or any industry standard.
19. Malwarebytes makes no warranty about the compatibility of the
Software with any other software or hardware.
20. Malwarebytes does not give any warranty in relation to
non-infringement of intellectual property rights.
21. Malwarebytes makes no warranty about the availability of its
customer service representatives or their ability to solve any malware
or other computer issues.

Re: MBAM IP-BLOCK


Quoted text here. Click to load it


There are legitimate kleyloggers.  If the product surreptitiously and it is a
EULA that
covers the actions it takes then it is not malwware.

Any questions, post on the Malwarebytes forum and ask .

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp



Re: MBAM IP-BLOCK

On Tue, 7 Feb 2012 07:14:23 -0500, "David H. Lipman"

Quoted text here. Click to load it

    Kind of awkward if my son or his buddies plant a "legitimate
Keylogger" on my PC when I'm out. (Thank goodness, he does not have
the capabilities, he's in his last year at Computer Science at
University, and seems to think software installing is something techs
should study kkkkkkkkkkkkkk)

    Companies in all fairness should inform employees that
keyloggers are planted for security reasons.
    Malwarebytes should have a "Keylogger" section, with warnings
that if the Keylogger is detected, it should not be removed, unless
the user has legal rights to do so on that computer. But the user
should be allowed to know.
    IMHO
    []'s

    

Re: MBAM IP-BLOCK

Shadow wrote:
Quoted text here. Click to load it

Yeah, I can agree with that as part of a business model. However,
investigators may need to install a keylogger to catch a crime in
progress. Kinda defeats the purpose if warnings are given to the suspects.


Re: MBAM IP-BLOCK

FromTheRafters wrote:

Quoted text here. Click to load it

So who does MBAM work for, LEO or the people who buy it?  That is not a
valid argument.  Its akin to making security companies make "back doors"
for LEO, a fight they lost with PGP.


Re: MBAM IP-BLOCK


| FromTheRafters wrote:
|
Quoted text here. Click to load it
|
| So who does MBAM work for, LEO or the people who buy it?  That is not a
| valid argument.  Its akin to making security companies make "back doors"
| for LEO, a fight they lost with PGP.

Take it up with Malwarebytes.

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp


Site Timeline