Author Topic: firewall outgoing connections question  (Read 9369 times)

0 Members and 1 Guest are viewing this topic.

sellers27

  • Guest
firewall outgoing connections question
« on: March 24, 2012, 09:10:39 PM »
Hi:        I would like to block outgoing connections to some websites with my avast internet security 7.0.1426.  I find in the logs incoming connections being blocked but nothing about outgoing ones.  I also use malwarebytes and it has blocked some outgoing connections to malware sites.  I was hoping to find what programs etc. are calling out to these malicious sites.  Is this possible with avast and if not how can it be done?

Thank you

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: firewall outgoing connections question
« Reply #1 on: March 24, 2012, 09:31:15 PM »
what URLs are these..... do you have a log ?
there is a protection log in malwarebytes

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: firewall outgoing connections question
« Reply #2 on: March 24, 2012, 09:37:47 PM »
also look at the guide here and follow instructions to get a OTL log and attach it here
http://forum.avast.com/index.php?topic=53253.0


essexboy may spot the problem then....if any

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: firewall outgoing connections question
« Reply #3 on: March 24, 2012, 09:39:11 PM »
 ;D faster than a speeding bullet  ;D  You just beat me

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: firewall outgoing connections question
« Reply #4 on: March 24, 2012, 09:40:01 PM »
;D faster than a speeding bullet  ;D  You just beat me
I have a 70/20 broadband line   ;D

sellers27

  • Guest
Re: firewall outgoing connections question
« Reply #5 on: March 24, 2012, 09:49:15 PM »
Hello:    Yes.   There were several times MBAM blocked connections and it looks like this - IP-BLOCK   64.94.137.117 (Type: outgoing) .     I looked some of them up and one was from pinballcorp.com.  I would like to find out why my pc is trying to connect with it.  also what application or script etc. is carrying it out.

thanks

ps.  the logs look like this:

2012/03/18 10:15:01 -0400   M-H   MESSAGE   Starting protection
2012/03/18 10:15:12 -0400   M-H   MESSAGE   Executing scheduled update:  Daily
2012/03/18 10:15:49 -0400   M-H   MESSAGE   Protection started successfully
2012/03/18 10:15:54 -0400   M-H   MESSAGE   Starting IP protection
2012/03/18 10:17:03 -0400   M-H   MESSAGE   IP Protection started successfully
2012/03/18 10:19:13 -0400   M-H   MESSAGE   Scheduled update executed successfully: 

database updated from version v2012.03.17.04 to version v2012.03.18.02
2012/03/18 10:19:13 -0400   M-H   MESSAGE   Starting database refresh
2012/03/18 10:19:13 -0400   M-H   MESSAGE   Stopping IP protection
2012/03/18 10:19:14 -0400   M-H   MESSAGE   IP Protection stopped
2012/03/18 10:21:46 -0400   M-H   MESSAGE   Database refreshed successfully
2012/03/18 10:21:46 -0400   M-H   MESSAGE   Starting IP protection
2012/03/18 10:22:13 -0400   M-H   MESSAGE   IP Protection started successfully
2012/03/18 14:11:53 -0400   M-H   IP-BLOCK   64.94.137.117 (Type: outgoing)
2012/03/18 14:12:01 -0400   M-H   IP-BLOCK   64.94.137.117 (Type: outgoing)
2012/03/18 14:12:13 -0400   M-H   IP-BLOCK   64.94.137.117 (Type: outgoing)
2012/03/18 14:12:16 -0400   M-H   IP-BLOCK   64.94.137.117 (Type: outgoing)
2012/03/18 14:12:22 -0400   M-H   IP-BLOCK   64.94.137.117 (Type: outgoing)
2012/03/18 14:12:42 -0400   M-H   IP-BLOCK   64.94.137.117 (Type: outgoing)
2012/03/18 14:12:45 -0400   M-H   IP-BLOCK   64.94.137.117 (Type: outgoing)
2012/03/18 14:12:51 -0400   M-H   IP-BLOCK   64.94.137.117 (Type: outgoing)
2012/03/18 14:13:03 -0400   M-H   IP-BLOCK   64.94.137.117 (Type: outgoing)
2012/03/18 14:13:06 -0400   M-H   IP-BLOCK   64.94.137.117 (Type: outgoing)
2012/03/18 14:13:12 -0400   M-H   IP-BLOCK   64.94.137.117 (Type: outgoing)
2012/03/18 15:00:43 -0400   M-H   MESSAGE   Starting protection
2012/03/18 15:01:33 -0400   M-H   MESSAGE   Protection started successfully
2012/03/18 15:01:37 -0400   M-H   MESSAGE   Starting IP protection
2012/03/18 15:03:26 -0400   M-H   MESSAGE   IP Protection started successfully
2012/03/18 23:24:03 -0400   M-H   MESSAGE   Starting protection
2012/03/18 23:26:04 -0400   M-H   MESSAGE   Protection started successfully
2012/03/18 23:26:10 -0400   M-H   MESSAGE   Starting IP protection
2012/03/18 23:26:43 -0400   M-H   MESSAGE   IP Protection started successfully


sellers27

  • Guest
Re: firewall outgoing connections question
« Reply #7 on: March 24, 2012, 11:17:34 PM »
Hello    Here are the two logs requested.

Thanks

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: firewall outgoing connections question
« Reply #8 on: March 24, 2012, 11:40:40 PM »
Not a lot evident there - some tidying up is all.. Are you noticing any other symptoms ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Quote
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (McShield)
    O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
    O2 - BHO: (no name) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [USRpdA] File not found

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

sellers27

  • Guest
Re: firewall outgoing connections question
« Reply #9 on: March 24, 2012, 11:56:50 PM »
Hi   Several months ago i had a problem where a message popped up that said "What do you know it works".  I feared remote access Trojan.  I changed from AVG to panda antivirus.     then i was having problems with slow internet and hard disk running for a couple minutes for no reason .  I then added Malwarebytes.   

Then got some BSOD errors.  Switched to Avast somewhere in there.   Had some problems with not having the right settings/allowances for MBAM and Avast, i got them fixed.  For the last few weeks no BSOD errors

sellers27

  • Guest
Re: firewall outgoing connections question
« Reply #10 on: March 25, 2012, 12:04:47 AM »
hi:   should i run OTL again?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: firewall outgoing connections question
« Reply #11 on: March 25, 2012, 12:09:14 AM »
No, there is no real need I just removed some orphan BHO's and an old McAfee  service

I have found that MBAM is very aggressive at site blocking - it tends to do a whole domain as opposed to a single web site

sellers27

  • Guest
Re: firewall outgoing connections question
« Reply #12 on: March 25, 2012, 12:14:07 AM »
Hi  I saw that my hard disk was running for no reason and i disconnected the dsl line.  i dont know if i screwed anything up.  Sorry.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: firewall outgoing connections question
« Reply #13 on: March 25, 2012, 12:21:27 AM »
Would you like me to check deeper ?

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: firewall outgoing connections question
« Reply #14 on: March 25, 2012, 12:23:42 AM »
Hi sellers27 and essexboy,

Also consider this info: http://forums.malwarebytes.org/index.php?showtopic=97285 (poster 1PW on malwarebyte's blog),

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!