It's definitely not a browser issue. Some people question the newest Firefox install(which I don't have) and or Google Chrome (which I don't use). On Satruday when this warning popped up I immediately blocked it with McAfee, however I had several issues right after.
I was looking the IP up and, in the process my one laptop went sluggish all of a sudden. I can't even really say sluggish, it just stopped responding. I had mouse movement, couldn't activate task manager or anything. My resources were all in 100% and my fan kicked in as if my CPU went into overdrive. After 3 minutes of nothing I held the power button down and rebooted into safe mode.
Once there I ran a full scan and picked up 4 virus/trojaned files. Keep in mind this is still on Saturday and on Friday, the day prior, I had already completed a full scan and nothing showed up. To mee this is too much a coincidence to be nothing. Fortunately these infected files were easily remedied, one including a back door trojan. After the scan and removal I restarted into normal mode and all seemed fine, which is when I continued to google search the IP address.
Between McAfee, my HIDS and Windows Defender, I have not received any more warning messages. Whatever the IP came from I'm assuming an allowable update of some sort was allowed to go through (something) I don't know if it was McAfee or something else updating that we all have/use, but things like this aren't just coincidense.
Just so everyone knows what my periferals are on the laptop in question.
It's running a 2ghz dual core intel processor with 8gb of ddr2 ram and a 256gb ssd (you can see why I was worried when my computer locked up on me for no reason)
I have Windows 7 Home-Premium 64bit with service pack 1 installed.
I had either Firefox 9 or 10 when this happened, when it was brought up about Firefox 11, I updated it sometime on Sunday. When the error popped up I was doing nothing more than checking my g-mail and other various online blog pages.
Anyone that got this message, I would at least recommend running a full scan with McAfee and or a secondairy antivirus like Panda Security or something just to be safe. Any other scans would be recommended as well such as Defender or even as simple as a Disk Check to be sure. You can never been overly cautious (especially those of us that use these computers with all of our personaly information on them)Message was edited by: edwardjwlaunt on 3/19/12 8:58:31 AM CDT
I recieved a blocked risky connection as see here although not the same I.P https://community.mcafee.com/thread/43432 After taking peters suggestion of a post to 1 of the hijack this forums.I found my PC was Infected.Although McAfee found nothing.Also scanned with defender & malwarebytes.Which also found nothing.As A side note mine seemed to be an Outbound attempt.
Thank you Peter for the status update. Glad to see that it's been sorted out, whatever it was.
The latest info I had (earlier today) from Verizon was that
I have contacted McAfee for this, hopefully they will lower this rating soon.
IP address no longer Red but not yet Green according to SiteAdvisor, so Google searches show it as unrated.
Message was edited by: Hayton on 19/03/12 18:55:32 GMT
The connection no longer needs to be blocked, I guess. As I've never had to deal with this situation I can't say what action you need to take. Peacekeeper knows more about Netguard than I do, I'll wait for him to come online.
Okay, now all the fuss has died down I'm wondering about a couple of things.
First, as a couple of posters to the thread were saying, did the recent updates to Chrome and Firefox have anything to do with this? (I'm not sure if the Microsoft Patch Tuesday updates also included any updates to Internet Explorer, but I can't see anything about IE in Microsoft's March Security Bulletin). The guy at Verizon was also of the opinion that a browser update might have been the (partial) cause of the Netguard block.
However, I'm not so sure. Netguard blocked access to the IP because TrustedSource had increased its risk rating to High Risk. Why it did that is another question. Someone certainly was submitting Abuse reports for that IP address on the day it went Red, but whether before or after Netguard started blocking it I can't say. I only mention that because I see it as a potential weakness in the system, that one malicious person could possibly trigger a rating change on an IP address (which could have many sites and users on it) by knowing where to submit false reports of, for instance, a server sending spam or attempting to hack into their PC.
I'm also wondering why, since I have Netguard installed as part of my McAfee package, I didn't see this Netguard block? It was only when I attempted to access the server and SiteAdvisor intervened with a Red blocking page that I was quite certain that there really was a problem, and a problem with the server not with Netguard. I've checked all my Netguard settings and they're enabled and activated, so if Windows or my browser had attempted to connect to the server for a CRL check I should have seen the Netguard message. But I didn't.
I can only conclude that the check for revoked certificates was being carried out for sites that I don't go to, or that one browser or another doesn't bother with these checks .... and that may be the case. I recall seeing an article recently about this, which (of course) I didn't bookmark and now can't find.
The whole area of Certificates, their use and misuse, is an interesting one if you want to delve into aspects of computer security. Have a look sometime at all the certificates in your browser store, and try to work out where and how you ended up with half of them.
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: