McAfee notified me about this "Risky Connection Blocked". The program trying to access IP 22.214.171.124 was SYSTEM, whick worries me. I made a quick search and the IP belongs to "Rook Media Gmbh", in Switzerland. Looking about that IP adress, it has some HIGH RISK associated domains, as seen here: http://www.mcafee.com/threat-intelligence/ip/default.aspx?ip=126.96.36.199&lang=en-us&lcid=1033&langi... . Would someone recommend me to Format the HD?
If someone could help, i would really appreciate.
The connection was blocked for a reason, and a quick search turned up several reasons. This IP address appears to host a number of unsavoury sites - such as hotindianteens-dot-com, for one, and "devianart-dot-com" - a probable phishing or typosquatter site (for "deviantart-dot-com"). Amazingly, it's not on any blacklists. I haven't investigated it fully.
More worryingly, it was reported last year to be host to a botnet C&C controller. If you don't know why the connection was attempted, you should assume the worst : that somehow you have been infected with malware and may be part of a botnet. Run a Full Scan and see what it turns up.
Edit - Clean-MX has listed at least 10 sites on this address in the past 24 hours (probably many more). And while Clean-MX is liable to be sometimes over-zealous, some of those sites do look suspect.Message was edited by: Hayton on 17/06/13 05:32:41 IST
Ok, running FULL SCAN os McAfee now. I also downloaded SPYBOT-search and destroy and made a full scan which resulted on nothing. Do you recommend COMBO FIX?
thanks for the reply
ComboFix should only supposed used if you have someone directing you in its use, and I don't have experience of using it. If you have to use it for whatever reason, you should go to one of the specialist help forums. Ex_Brit has noted several of them in his useful guide (HERE).
I'll give it a look right now. And what is this "botnet C&C controller"? Googled it and it says they could using my computer resources...? Can McAfee get rid of it?
thanks in advance