cancel
Showing results for 
Search instead for 
Did you mean: 

Risky Connection Blocked SYSTEM

Jump to solution

I got a pop up from McAfee today saying that it had blocked a risky connection from the ip address 193.104.41.141 but it stated the program as SYSTEM which has made me pretty concerned. I'm currently running a full scan but it doesn't seem to be finding anything out of the ordinary. I did a check on the ip address and although it suggested high risk I couldn't find much information on it - perhaps I'm looking in the wrong place though so if anyone can tell me anything more I'd appreciate it.

I just wondered if anyone could help me out, I'm kind of at a loss for what steps to take and I'm not the most knowledgeable in terms of computers etc.

Thank you!

1 Solution

Accepted Solutions
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 2 of 11

Re: Risky Connection Blocked SYSTEM

Jump to solution

I moved this to Malware Discussion > Home User Assistance just in case.

That IP is in Tiraspol, Moldova...have you downloaded or file-shared with anyone from that area?

The connection was blocked anyway, which means they can't get in.

Try running Malwarebytes Free from the last link below as a supplementary check.

Toronto ▪ Canada
Volunteer Moderator - Consumer Products
I CAN'T HELP PRIVATELY - PLEASE POST IN THE FORUMS
Use Advanced Search To Find Answers

Consumer Technical Support (alter Country @ top right as needed)

Consumer Customer Service (Accounts, Billing, Registration, etc.)
Anti-Spyware/Malware/Hijacker Tools


10 Replies
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 2 of 11

Re: Risky Connection Blocked SYSTEM

Jump to solution

I moved this to Malware Discussion > Home User Assistance just in case.

That IP is in Tiraspol, Moldova...have you downloaded or file-shared with anyone from that area?

The connection was blocked anyway, which means they can't get in.

Try running Malwarebytes Free from the last link below as a supplementary check.

Toronto ▪ Canada
Volunteer Moderator - Consumer Products
I CAN'T HELP PRIVATELY - PLEASE POST IN THE FORUMS
Use Advanced Search To Find Answers

Consumer Technical Support (alter Country @ top right as needed)

Consumer Customer Service (Accounts, Billing, Registration, etc.)
Anti-Spyware/Malware/Hijacker Tools


Re: Risky Connection Blocked SYSTEM

Jump to solution

Not that I recall - I don't think I've even come into contact with anyone from that area. The thing which concerned me was that it was coming from SYSTEM, does that suggest that something has already 'got in' as my computer itself was attempting to connect to the ip or am I jumping to the wrong conclusion with that?

I'm running Malwarebytes now just incase.

Thank you for the help!

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 4 of 11

Re: Risky Connection Blocked SYSTEM

Jump to solution

Probably just some random hacking attempt, happens all the time.   The firewall prevents them from gaining access.

I don't think you need to worry too much about it.

Re: Risky Connection Blocked SYSTEM

Jump to solution

Perfect, thank you so much!

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 6 of 11

Re: Risky Connection Blocked SYSTEM

Jump to solution

You're welcome and good luck 😉

Highlighted
Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 7 of 11

Re: Risky Connection Blocked SYSTEM

Jump to solution

193.104.41.141 | Hacking | Port scan | | Check and report abuse IP

This IP address was reported 26 April by a McAfee user - was that you?

Looks like someone is doing a lot of port scans, but that could be either a hacker or a legitimate researcher.

Which bit of your McAfee installation blocked the connection - SiteAdvisor, NetGuard, or a.n.other?

Re: Risky Connection Blocked SYSTEM

Jump to solution

It wasn't me who reported it, nope. And, it was NetGuard that blocked it.

Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 9 of 11

Re: Risky Connection Blocked SYSTEM

Jump to solution

katies32 wrote:



It wasn't me who reported it, nope. And, it was NetGuard that blocked it.


Ah. That changes everything. I'm afraid Ex_Brit's answer is not the end of the matter, then. Certainly not the Correct one.

NetGuard blocks outgoing connections, not incoming ones. Your system was trying to connect to a known bad IP address in Moldova for some reason, and if it was the SYSTEM process calling out, you may indeed have a problem. If you've run scans with McAfee and Malwarebytes then perhaps whatever it was has gone, but you can't count on that.

See : Unable to connect to a website because Net Guard rates the site as a risk

So, as a first step you need to see what's inside that process that might be calling home to Moldova. If you haven't already got it, you should get hold of Process Explorer from Microsoft SysInternals and set it running. Near the top of the displayed list of programs you'll find 'System'. Double-click on it to open the process window and select two of the tabs - TCP/IP shows any network connections for the process; 'Threads' shows you all the sub-processes. You may not know what they do, but just skim through them anyway. There will be a lot of duplicate names, so in all you should find 15-20 individual entries. Maybe more, probably not less. Make a note of anything that doesn't begin 'mfe' - those are McAfee processes.

If you can't see anything that looks very suspicious you might be running okay; but you should perhaps check for modified Windows system files by running 'sfc /scannow' from a command prompt (if you're on Windows 8.1 thing might be a bit different - Ex_Brit can advise you what to do if that's what you've got.)

Always bear in mind that the outgoing call may have come from some program that was running on your system at the time, or might have been triggered by a script on a webpage you were viewing. If so, your system might show no sign of infection at all. If it happens again, make a note of any open webpages and running programs - that will help identify the reason for the outbound call.

One further useful tool for investigating something like this is TCPView - again, from Microsoft SysInternals. You can see at a glance which programs and processes have made a network connection, through which port, and where the connection is going to.

Get Process Explorer from https://technet.microsoft.com/en-gb/sysinternals/bb896653.aspx

Get TCPView from https://technet.microsoft.com/en-us/sysinternals/bb897437

Re: Risky Connection Blocked SYSTEM

Jump to solution

I went through everything you suggested bar the 'sfc /scannow' as I am on windows 8.1 and couldn't get it to run. Nothing suspicious seemed to arise so I'll assume that I'm okay but will definitely keep an eye out and if anything else similar happens I'll have a look again to see if anything is different.

Thank you so much for your help!

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community