Author Topic: Just got a Malwarebytes Pop-Up  (Read 2531 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Just got a Malwarebytes Pop-Up
« on: April 27, 2015, 07:06:12 AM »
I was just browsing the web when I got this pop-up. Hopefully nothing that is too scary.
"Malicious Website Protection, IP, 203.93.106.31 Port: 137, Outbound"
It also never gave me a process that was using this. I went to my avast! Network connections to check but could find nothing. A quick search of the IP shows it in China and is notorious for comment spamming. Possible RAT, Keylogger, am I part of a botnet? Help!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: Just got a Malwarebytes Pop-Up
« Reply #1 on: April 27, 2015, 07:55:48 AM »
maybe related to this
Oh, the Sites You Will Never See  https://blog.malwarebytes.org/online-security/2013/05/oh-the-sites-you-will-never-see/


a malware expert will find out when checking your logs

« Last Edit: April 27, 2015, 08:09:58 AM by Pondus »

REDACTED

  • Guest
Re: Just got a Malwarebytes Pop-Up
« Reply #2 on: April 27, 2015, 02:13:47 PM »
I did a little researching. Port 137 is used for Windows File and Printer sharing, but is also exploited by some worms/trojans/backdoors. These are just a few:
  • W32.HLLW.Moega
  • W32.Crowt.A@mm (01.23.2005) - mass mailing worm, opens a backdoor, logs keystrokes. Uses ports 80 and 137.
  • W32.Reidana.A (03.27.2005) - worm that spreads using the MS DCOM RPC vulnerability (MS Security Bulletin [MS03-026]) on port 139. The worm attempts to download and execute a remote file via FTP. Opens TCP port 4444.
Just a little food for thought.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Just got a Malwarebytes Pop-Up
« Reply #3 on: April 27, 2015, 04:28:01 PM »
System looks clean, no indicators of keyloggers or Trojans etc... 

Does Avast do anything when MBAM alerts ?

Is there any unusual behaviour on the computer

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 
Quote
CreateRestorePoint:
S0 nckkof; No ImagePath
S0 nmfmfx; No ImagePath
S0 ysyfer; No ImagePath
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

REDACTED

  • Guest
Re: Just got a Malwarebytes Pop-Up
« Reply #4 on: April 27, 2015, 10:44:52 PM »
Nothing that really stands out. Computer is running extremely quick, and is not showing signs of anything abnormal. I was just frightened when I saw a pop-up with no process, an IP that already has a bad reputation, is an outbound connection, and it was right after I downloaded and installed WinRar, which I think is a somewhat sketchy piece of software. Other than that I think we are good, I'll scan other computers on this network to eliminate the possibility of worms. Thanks again, you're a life-saver essexboy!  ;D

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Just got a Malwarebytes Pop-Up
« Reply #5 on: April 27, 2015, 11:16:35 PM »
WinRAR does drop some uninvited guests sometimes

REDACTED

  • Guest
Re: Just got a Malwarebytes Pop-Up
« Reply #6 on: April 27, 2015, 11:36:04 PM »
Would you recommend I reinstall it or use something different, such as 7Zip? I'm getting it from the actual website, I know the dangers of downloading from all the PUP extravaganza websites like CNet.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Just got a Malwarebytes Pop-Up
« Reply #7 on: April 28, 2015, 04:04:08 PM »
I use peazip but if you got the programme direct from the site then there should be no additions (unless they have just started)