+- Support Forums (https://www.supportforums.net)
+-- Forum: Categories (https://www.supportforums.net/forumdisplay.php?fid=87)
+--- Forum: Virus Protection, Removals, and HJT Team (https://www.supportforums.net/forumdisplay.php?fid=56)
+---- Forum: Computer Security, Firewalls, and Antivirus (https://www.supportforums.net/forumdisplay.php?fid=10)
+---- Thread: Infected? Please Help (/showthread.php?tid=4687)
Infected? Please Help - john14907 - 02-05-2010
Hello my Malwarebytes has blocked some ip's over the past few days and as far as i know its nothing to dowith me.
Can anyone tell me what could be causing this and how to fix it please?
ip's and whois report... (sorry its so long)
69.89.31.242
IP Location: United States Provo Bluehost Inc
Resolve Host: box442.bluehost.com
IP Address: 69.89.31.242
SSL Cert: *.bluehost.com expires in 12 days.
Reverse IP: 2,097 other sites hosted on this server.
Blacklist Status: Clear
OrgName: Bluehost Inc.
OrgID: BLUEH-2
Address: 1958 South 950 East
City: Provo
StateProv: UT
PostalCode: 84606
Country: US
NetRange: 69.89.16.0 - 69.89.31.255
CIDR: 69.89.16.0/20
OriginAS: AS11798
NetName: BLUEHOST-NETWORK-1
NetHandle: NET-69-89-16-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.BLUEHOST.COM
NameServer: NS2.BLUEHOST.COM
Comment:
RegDate: 2006-10-02
Updated: 2007-11-02
RAbuseHandle: NOC2320-ARIN
RAbuseName: Network Operations Center
RAbusePhone: +1-801-765-9400
RAbuseEmail:
RNOCHandle: TECHN497-ARIN
RNOCName: Technical Operations
RNOCPhone: +1-801-765-9400
RNOCEmail:
RTechHandle: NETWO2081-ARIN
RTechName: Network Operations
RTechPhone: +1-801-765-9400
RTechEmail:
OrgTechHandle: SAL72-ARIN
OrgTechName: Alligood, Steve
OrgTechPhone: +1-801-765-9400
OrgTechEmail:
78.159.98.216
IP Location: Germany Netdirekt E.k
Resolve Host: ice.flamebox.org
IP Address: 78.159.98.216
Blacklist Status: Clear
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
ReferralServer: whois://whois.ripe.net:43
NetRange: 78.0.0.0 - 78.255.255.255
CIDR: 78.0.0.0/8
NetName: 78-RIPE
NetHandle: NET-78-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: SUNIC.SUNET.SE
NameServer: NS2.LACNIC.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 2006-08-29
Updated: 2009-05-18
== Additional Information From whois://whois.ripe.net:43 ==
inetnum: 78.159.96.0 - 78.159.103.255
netname: NETDIRECT-NET
descr: netdirekt e.K.
remarks: INFRA-AW
country: DE
admin-c: WW200-RIPE
tech-c: SR614-RIPE
status: ASSIGNED PA
mnt-by: NETDIRECT-MNT
mnt-lower: NETDIRECT-MNT
mnt-routes: NETDIRECT-MNT
source: RIPE # Filtered
person: Wiethold Wagner
address: netdirekt e. K.
address: Kleyer Strasse 79 / Tor 14
address: 60326 Frankfurt
address: DE
phone: +49 69 90556880
fax-no: +49 69 905568822
e-mail:
nic-hdl: WW200-RIPE
mnt-by: NETDIRECT-MNT
source: RIPE # Filtered
person: Simon Roehl
address: netdirekt e. K.
address: Kleyer Strasse 79 /Tor 14
address: 60326 Frankfurt
address: DE
phone: +49 69 90556880
fax-no: +49 69 905568822
e-mail:
nic-hdl: SR614-RIPE
mnt-by: NETDIRECT-MNT
source: RIPE # Filtered
route: 78.159.96.0/19
descr: ORG-nA8-RIPE
origin: AS28753
org: ORG-nA8-RIPE
mnt-lower: NETDIRECT-MNT
mnt-routes: NETDIRECT-MNT
mnt-by: NETDIRECT-MNT
source: RIPE # Filtered
organisation: ORG-nA8-RIPE
org-name: netdirect
org-type: LIR
address: netdirekt e. K.
Kleyer Strasse 79 / Tor 14
60326 Frankfurt
Germany
phone: +49 69 90556880
fax-no: +49 69 905568822
e-mail:
admin-c: SR614-RIPE
admin-c: WW200-RIPE
mnt-ref: NETDIRECT-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered
67.215.233.130
IP Location: United States Santa Ana Secured Private Network
Resolve Host: http://www.utorrent.com
IP Address: 67.215.233.130
Reverse IP: 3 other sites hosted on this server.
Blacklist Status: Clear
OrgName: Secured Private Network
OrgID: SPNW
Address: 1740 East Garry Ave.
Address: Suite 234
City: Santa Ana
StateProv: CA
PostalCode: 92705
Country: US
NetRange: 67.215.224.0 - 67.215.255.255
CIDR: 67.215.224.0/19
OriginAS: AS22298
NetName: SPN3W
NetHandle: NET-67-215-224-0-1
Parent: NET-67-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.SECUREDPRIVATENETWORK.NET
NameServer: NS2.SECUREDPRIVATENETWORK.NET
Comment:
RegDate: 2007-10-18
Updated: 2008-10-08
RAbuseHandle: HOSTM519-ARIN
RAbuseName: Network Operations
RAbusePhone: +1-877-434-2378
RAbuseEmail:
RNOCHandle: HOSTM519-ARIN
RNOCName: Network Operations
RNOCPhone: +1-877-434-2378
RNOCEmail:
RTechHandle: HOSTM519-ARIN
RTechName: Network Operations
RTechPhone: +1-877-434-2378
RTechEmail:
OrgNOCHandle: HOSTM519-ARIN
OrgNOCName: Network Operations
OrgNOCPhone: +1-877-434-2378
OrgNOCEmail:
OrgTechHandle: HOSTM519-ARIN
OrgTechName: Network Operations
OrgTechPhone: +1-877-434-2378
OrgTechEmail:
74.205.26.220
IP Location: United Kingdom Info.com
IP Address: 74.205.26.220
Reverse IP: 3 other sites hosted on this server.
Blacklist Status: Clear
OrgName: Rackspace.com, Ltd.
OrgID: RSPC
Address: 9725 Datapoint Drive
Address: Suite 100
City: San Antonio
StateProv: TX
PostalCode: 78229
Country: US
NetRange: 74.205.0.0 - 74.205.127.255
CIDR: 74.205.0.0/17
NetName: RSCP-NET-4
NetHandle: NET-74-205-0-0-1
Parent: NET-74-0-0-0-0
NetType: Direct Allocation
NameServer: NS.RACKSPACE.COM
NameServer: NS2.RACKSPACE.COM
Comment:
RegDate: 2006-11-20
Updated: 2007-03-13
RAbuseHandle: ABUSE45-ARIN
RAbuseName: Abuse Desk
RAbusePhone: +1-210-892-4000
RAbuseEmail:
RTechHandle: IPADM17-ARIN
RTechName: IPADMIN
RTechPhone: +1-210-892-4000
RTechEmail:
OrgAbuseHandle: ABUSE45-ARIN
OrgAbuseName: Abuse Desk
OrgAbusePhone: +1-210-892-4000
OrgAbuseEmail:
OrgTechHandle: IPADM17-ARIN
OrgTechName: IPADMIN
OrgTechPhone: +1-210-892-4000
OrgTechEmail:
OrgTechHandle: ZR9-ARIN
OrgTechName: Rackspace, com
OrgTechPhone: +1-210-892-4000
OrgTechEmail:
CustName: Info.com
Address: 170-172 Victoria Street
Address: Westminster
City: London
StateProv: GREATER LONDON
PostalCode: SW1E 5LB
Country: GB
RegDate: 2008-10-06
Updated: 2008-10-06
NetRange: 74.205.26.216 - 74.205.26.223
CIDR: 74.205.26.216/29
NetName: RSPC-1223305088481065
NetHandle: NET-74-205-26-216-1
Parent: NET-74-205-0-0-1
NetType: Reassigned
Comment:
RegDate: 2008-10-06
Updated: 2008-10-06
RAbuseHandle: ABUSE45-ARIN
RAbuseName: Abuse Desk
RAbusePhone: +1-210-892-4000
RAbuseEmail:
RTechHandle: IPADM17-ARIN
RTechName: IPADMIN
RTechPhone: +1-210-892-4000
RTechEmail:
OrgAbuseHandle: ABUSE45-ARIN
OrgAbuseName: Abuse Desk
OrgAbusePhone: +1-210-892-4000
OrgAbuseEmail:
OrgTechHandle: IPADM17-ARIN
OrgTechName: IPADMIN
OrgTechPhone: +1-210-892-4000
OrgTechEmail:
OrgTechHandle: ZR9-ARIN
OrgTechName: Rackspace, com
OrgTechPhone: +1-210-892-4000
OrgTechEmail:
218.7.43.199
IP Location: China Harbin Harbin-engineering-university
IP Address: 218.7.43.199
Blacklist Status: Clear
inetnum: 218.7.43.0 - 218.7.43.255
netname: HARBIN-ENGINEERING-UNIVERSITY-1
descr: Harbin Engineering University 1
country: CN
admin-c: BG63-AP
tech-c: BG63-AP
changed: 20030610
mnt-by: MAINT-CNCGROUP-HL
status: ASSIGNED NON-PORTABLE
source: APNIC
route: 218.7.0.0/16
descr: CNC Group CHINA169 Heilongjiang Province Network
country: CN
origin: AS4837
mnt-by: MAINT-CNCGROUP-RR
changed: 20060118
source: APNIC
person: Binghui Gao
nic-hdl: BG63-AP
e-mail:
address: Communication Corporation Internet Enterprise Division of HLJ
phone: +86-451-2804465
fax-no: +86-451-2804442
country: CN
changed: 20030221
mnt-by: MAINT-CNCGROUP-HL
source: APNIC
RE: Infected? Please Help - Mozz - 02-09-2010
Uninstall Malwarebytes, Reset modem + Router - Do a system restore in safe mode - Boot up as normal - Re-install Malwarebytes.
RE: Infected? Please Help - ranged - 02-09-2010
Hello, mozz not everyone knows the exact way to do every one of those steps. It would be best if you would provide detailed instructions on each step. If not, tomorrow when I have access to a computer I will get back with detailed instructions. Thanks!
RE: Infected? Please Help - Omniscient - 02-09-2010
Exactly what's the concern? So MWB has blocked a few IPs at Bluehost. If you think they're false positives contact MWB.
RE: Infected? Please Help - --([-S7N-])-- - 02-25-2010
What Omniscient said is true. MalwareBytes' blocking suspicious IP should be a good thing. If you think you are infected, run a Full Scan with Malwarebytes'.
RE: Infected? Please Help - Sp33Dâ„¢ - 03-03-2010
Yes , what omni said is correct .
RE: Infected? Please Help - SniperRiflezzzz - 03-03-2010
If you think your infected post a HJT log here.
We can analyze it on here.
RE: Infected? Please Help - .D0T' - 04-05-2010
MalwareBytes has a tendancy to block lots of IP's, a fair amount being false positives. Do as Omniscient has recommended, and report the false positive IP's if you believe they are false.
However, if you believe you are infected, I suggest you run an MalwareBytes full scan.
RE: Infected? Please Help - nitinrox - 04-06-2010
i dont think so.....u are not...
RE: Infected? Please Help - Support - 04-06-2010
Turn off every program that normally connects with the internet. Examples are torrent clients, MSN, steam etc. and then open up CMD and type in "netstat -n" then post a picture of the result. If you face problem while doing this in Vista, please run CMD as administrator.
Thanks,
Pi[X]eL