Mcafee keeps bringing up "Risky connection blocked", gives IP address blocked as 126.96.36.199, Program: Host Process for Windows Services, but does not tell me what to do. There is a option for "more" but this takes me to their website and shows a different IP address 188.8.131.52, and information that it is in China.
How do I solve this? Internet explorer is going a lot slower now, just sitting there saying "waiting".
First blocked IP in Singapore unsure why page points to the china 1
Did it say what blocked the Ip was it netguard or the firewall itself
It is high risk one should see why your PC is trying to access it. Try scanning with some of the free scanners here
You can try running the 'Chameleon' Tool to assist you in installing Malwarewbytes (Free). This program is on the same page, simply scroll down further. I would recommend running the latest McAfee Stinger afterwards as well. If that does not assist you, there are other methods to try also.
Please post back your results. If all else fails, it may be you will be best to revert back to an earlier time before this occurred. However you will have to make certain all is updated and current, to include McAfee.
All the best,
McAfee Community Moderator
It just said McAfee, how do you know if it is Netguard or Firewall. Tried downloading Malwarebytes but that would not download.
It tells you how to download, update and run Malwarebytes all in Safe Mode with Networking.
Or another method, called Chameleon, also mentioned there..
I think malware may be present on the PC. svchost.exe is one of those often modified by malware, and the fact that Malwarebytes will not download is suspicious.
The IP address blocked is, as you said, in Singapore and is or has recently been blacklisted as belonging to a "zombie network" - where one or more addresses in a block of IP addresses has been taken over for use in a botnet. In this case there appears to be a server pumping out spam somewhere in the address block to which this address belongs. Spamcop blocked it but now show it as okay; Spamhaus still blacklist it.
It's worth noting that the blacklistings of that address are all for sending spam, and so the fact that the poster's PC is trying to connect to it could mean that that PC is part of a wider spam-sending network.
The Chinese IP address by the way appears to be the controller of the spam network, reading between the lines of its own Spamhaus blacklisting.
The Spamhaus Don't Route Or Peer Lists
DROP (Don't Route Or Peer) and EDROP are advisory "drop all traffic" lists, consisting of netblocks that are "hijacked" or leased by professional spam or cyber-crime operations (used for dissemination of malware, trojan downloaders, botnet controllers). The DROP and EDROP lists are a tiny subset of the SBL, designed for use by firewalls and routing equipment to filter out the malicious traffic from these netblocks.
Have run Malewarebytes and it did not find any Malware, it found two non-Maleware threats "Pup.optional.Babylon.A" registry keys which it has deleted them.
Any more ideas to remove this problem?