×
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
bigmoney
Former Member
Message 1 of 9

Netguard blocking ip adress, please help?

Jump to solution

ok the past there days netguard has been blocking and ip adress from connecting to my PC which is good, but everynight the same ip adress attempts to connect!? even though it is continuously being blocked, is it safe to use my pc? also how do i get it to stop trying to connect? i have done several virus scan but nothing is coming up.mcafee2.jpg

1 Solution

Accepted Solutions
Hayton
Reliable Contributor
Reliable Contributor
Message 3 of 9

Re: Netguard blocking ip adress, please help?

Jump to solution

Some second thoughts : additional things you must do.

Go through Windows, McAfee, every browser you've got, every single program or application you use, and make sure you've got the very latest version, the latest updates. The easiest way to get infected is to use a program version with a known security flaw, because as soon as it becomes public knowledge the malware authors will try to find PCs running it. And your McAfee can only look for the malware it knows about, which is in the DAT files that are updated and made available daily. The top infection vectors will probably be Windows, Java, Flash and Adobe Reader, but check everything.

Check your McAfee logs (in Security Center-->Navigation-->History and Logs) for any unexplained entries. Ignore the cookies, they're not a problem; check the failed connection attempts, although by definition they've failed.

Set your firewall to Stealth, and check all the boxes in Firewall History and Advanced Settings.

Look in Program Permissions for anything that has Full Access and reduce permissions to the minimum required for normal operation.

Go into Ports and System Services and uncheck ports you won't be using. You can probably get by with using only Ports 25, 110, 123, 443 and 5357 unless you're using FTP, IMAP or SQL Server.

If you've been pwned then any personal or confidential data on your system may have been stolen. Change all your passwords; if you have your credit card number on your PC watch your statements for unexplained activity. Don't get paranoid - yet - but be aware that a C&C server trying to connect means that you may be hosting malware.

View solution in original post

8 Replies
Hayton
Reliable Contributor
Reliable Contributor
Message 2 of 9

Re: Netguard blocking ip adress, please help?

Jump to solution

This IP address is currently noted by many of the malware- and spam-checking websites as a suspect address. You're right to block it in NetGuard, but you can't stop it trying to connect. You were also right to run anti-virus scans. As a precaution, you should run a regular Quick Scan - just in case.

IP Address         = 209.190.113.190

Threat Level       = High 

Threat Category    = Malware Controller, Mail Abuser 

Threat Description = Malware scan and infect source, Site associated with email abuse or spam 

Hostname           = be.71.be.static.xlhost.com 

Service Provider   = MOHD. ARIF HOSSAIN KHAN

Domain Name        = XLHOST.COM

ASN Number         = 10297

ASN Name           = ENET-2 - eNET Inc.

EDIT - bothunter.net are classing this IP address as a botnet Command and Control Server, so if it's trying to communicate with your PC that's very bad news indeed. Have you run a Full Scan with McAfee? This news makes it likelier you have been infected with malware, which you need to identify as quickly as possible. Ex_Brit is more knowledgeable than I am about specialist virus-removal tools and websites, so if you notice any strange symptoms I'll ask him to take this over. First though, run a full scan if you haven't already; then download the free version of this tool and run it as an additional check. Tell us if either finds anything.

Message was edited by: Hayton on 15/07/11 16:39:08 IST
Hayton
Reliable Contributor
Reliable Contributor
Message 3 of 9

Re: Netguard blocking ip adress, please help?

Jump to solution

Some second thoughts : additional things you must do.

Go through Windows, McAfee, every browser you've got, every single program or application you use, and make sure you've got the very latest version, the latest updates. The easiest way to get infected is to use a program version with a known security flaw, because as soon as it becomes public knowledge the malware authors will try to find PCs running it. And your McAfee can only look for the malware it knows about, which is in the DAT files that are updated and made available daily. The top infection vectors will probably be Windows, Java, Flash and Adobe Reader, but check everything.

Check your McAfee logs (in Security Center-->Navigation-->History and Logs) for any unexplained entries. Ignore the cookies, they're not a problem; check the failed connection attempts, although by definition they've failed.

Set your firewall to Stealth, and check all the boxes in Firewall History and Advanced Settings.

Look in Program Permissions for anything that has Full Access and reduce permissions to the minimum required for normal operation.

Go into Ports and System Services and uncheck ports you won't be using. You can probably get by with using only Ports 25, 110, 123, 443 and 5357 unless you're using FTP, IMAP or SQL Server.

If you've been pwned then any personal or confidential data on your system may have been stolen. Change all your passwords; if you have your credit card number on your PC watch your statements for unexplained activity. Don't get paranoid - yet - but be aware that a C&C server trying to connect means that you may be hosting malware.

bigmoney
Former Member
Message 4 of 9

Re: Netguard blocking ip adress, please help?

Jump to solution

thank you so much for helping me out, i have already done multiple mcafee scans, all of which came up clean i also checked to make sure mcafee was updated, which it was. i just installed the malwarebytes program you suggested and i am running a scan as we speak. i changed my firewall to stealth, also in advanced settings should i check "block internet acess at startup"? and "enable UDP tracking" ? i will keep you posted, many thanks again for your help, god bless you

Hayton
Reliable Contributor
Reliable Contributor
Message 5 of 9

Re: Netguard blocking ip adress, please help?

Jump to solution

The answer to both questions is Yes.  UDP exploits are not common, but are increasing; and at startup you want protection from malware that kicks in before McAfee is otherwise fully operational.

If your scans are all clean then whatever the server was trying to do hasn't succeeded. You may be okay, and if you tighten up security you'll certainly be a lot safer. Watch the McAfee logs for Outbound Events - that's a program trying to phone home for instructions. If you see nothing, you can relax a bit.

bigmoney
Former Member
Message 6 of 9

Re: Netguard blocking ip adress, please help?

Jump to solution

mcafee3.jpg full scan, came up clean aswell. i was kinda shook, cause i use my pc for online banking as well making purchaes online. i will pay very close attention to my online bank statments, you think its safe for me to continue online banking?

bigmoney
Former Member
Message 7 of 9

Re: Netguard blocking ip adress, please help?

Jump to solution

also i checked my "outgoing events" under "history and logs", and it was completely blank. thats a good sign right?

Hayton
Reliable Contributor
Reliable Contributor
Message 8 of 9

Re: Netguard blocking ip adress, please help?

Jump to solution

Excellent. Clean scans and no outgoing events : you can relax. Keep a watch on the firewall logs, though, and if you notice any unusual activity on your system let us know. The only remaining question is why this server was trying to connect to you. Possibly something was prevented from infecting you by McAfee's firewall or on-access scanner.

There is one more thing you can do, and that's to run a cleanup on your system. McAfee has a QuickClean option in Security Center, but in a case like this I'd prefer you to run CCleaner, which lists all the files it finds to be deleted (unlike QuickClean). Don't use the registry cleaner option in CCleaner unless you really know what can be safely deleted (automated registry cleaners cause problems down the line, 9 times out of 10). After the cleanup you can run Chkdsk (right-click on C:\ in Explorer and look for Properties-->Tools). Any temp files that might have been put there by malware should be removed by CCleaner, as well as all cookies in your system.

bigmoney
Former Member
Message 9 of 9

Re: Netguard blocking ip adress, please help?

Jump to solution

mcafee4.jpg

mcafee5.jpg
Did it, but it said 4 items could not be removed?

How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community