Access to website/ip address stopped by MB

DCFC79

Im geting a message malwarebytes successfuly stopped access to a malicious website, the type it says is outgoing and it lists an IP address, anything i should be doing,

as it says outgoing something is trying to access the ip

done a whois and it comes up with this

http://whois.domaintools.com/109.236.83.56

DCFC79

Yes im using windows,

DCFC79

Well ive ended 2 processes which were opera and spotify and its not happened yet

DCFC79

BunShopBandit wrote: »

I'd keep a suspicious eye on it matey, because that IP either has *nothing* listening on it, or it is stealthy. Either way I'd not expect a machine to want to connect to something of that nature when it clearly is not offering any obvious service and exists in customer address space.

If it fires off again, try and catch the destination port number. That may give more clues. Personally I hope it turns out to be a false alarm and someone with a much better understanding knows the relevance of that IP address.

thanks, its still doing it and ill keep an eye on it, would i get the destination port number off that tcp view thingy

gaming_guy

....................

DCFC79

BunShopBandit wrote: »

You should do, yes. If not leave the warning open, fire up a command prompt (start > run cmd.exe) and run netstat -an



You are interested in the Foreign Address. The port is the part of the socket after the colon (:)

It's worth asking, are you running any P2P, gaming or BT programs / downloaders ? Opera has a built in BT client - worth checking that a torrent link has not ended up in there (unlikely, but worth a look).

Currently there is a vulnerability in Opera - but it is very specific. You'd need to open a specially crafted html file from a local disc to be exploited by it. You'd probably remember doing something like that - but I mention it as an aside.

thanks,

nope no p2p or gaming or bt downloader on this machine

opera isnt currently running at minute but ill keep an eye on it

thanks again