cancel
Showing results for 
Search instead for 
Did you mean: 
aleschusta
Level 7

Risky connection by SYSTEM

McAfee notified me about this "Risky Connection Blocked". The program trying to access IP 141.8.224.25 was SYSTEM, whick worries me. I made a quick search and the IP belongs to "Rook Media Gmbh", in Switzerland. Looking about that IP adress, it has some HIGH RISK associated domains, as seen here: http://www.mcafee.com/threat-intelligence/ip/default.aspx?ip=141.8.224.25&lang=en-us&lcid=1033&langi... . Would someone recommend me to Format the HD?

If someone could help, i would really appreciate.

Thanks, Alencar

0 Kudos
4 Replies
Hayton
Level 18

Re: Risky connection by SYSTEM

http://ip.robtex.com/141.8.224.25.html#ip

http://www.malwareurl.com/ns_listing.php?ip=141.8.224.25

The connection was blocked for a reason, and a quick search turned up several reasons. This IP address appears to host a number of unsavoury sites - such as hotindianteens-dot-com, for one, and "devianart-dot-com" - a probable phishing or typosquatter site (for "deviantart-dot-com"). Amazingly, it's not on any blacklists. I haven't investigated it fully.

More worryingly, it was reported last year to be host to a botnet C&C controller. If you don't know why the connection was attempted, you should assume the worst : that somehow you have been infected with malware and may be part of a botnet. Run a Full Scan and see what it turns up.

Edit - Clean-MX has listed at least 10 sites on this address in the past 24 hours (probably many more). And while Clean-MX is liable to be sometimes over-zealous, some of those sites do look suspect.

http://support.clean-mx.de/clean-mx/viruses.php?ip=141.8.224.25&sort=firstseen%20desc

Message was edited by: Hayton on 17/06/13 05:32:41 IST
0 Kudos
aleschusta
Level 7

Re: Risky connection by SYSTEM

Ok, running FULL SCAN os McAfee now. I also downloaded SPYBOT-search and destroy and made a full scan which resulted on nothing. Do you recommend COMBO FIX?

thanks for the reply

0 Kudos
Hayton
Level 18

Re: Risky connection by SYSTEM

ComboFix should only supposed used if you have someone directing you in its use, and I don't have experience of using it. If you have to use it for whatever reason, you should go to one of the specialist help forums. Ex_Brit has noted several of them in his useful guide (HERE).

0 Kudos
aleschusta
Level 7

Re: Risky connection by SYSTEM

I'll give it a look right now. And what is this "botnet C&C controller"? Googled it and it says they could using my computer resources...? Can McAfee get rid of it?

thanks in advance

0 Kudos