cancel
Showing results for 
Search instead for 
Did you mean: 
olwdave
Level 7

Risky connection blocked

Mcafee keeps bringing up "Risky connection blocked", gives IP address blocked as 170.179.113.149, Program: Host Process for Windows Services,  but does not tell me what to do.  There is a option for "more" but this takes me to their website and shows a different IP address 116.171.187.231, and information that it is in China.

How do I solve this?     Internet explorer is going a lot slower now, just sitting there saying "waiting".

David

0 Kudos
26 Replies
Peacekeeper
Level 20

Re: Risky connection blocked

First blocked  IP in Singapore unsure why page points to the china 1

Did it say what blocked the Ip was it netguard or the firewall itself

See

170.179.113.149 - IP - McAfee Labs Threat Center

It is high risk one should see why your PC is trying to access it. Try scanning with some of the free scanners here

0 Kudos
olwdave
Level 7

Re: Risky connection blocked

It just said McAfee, how do you know if it is Netguard or Firewall. Tried downloading Malwarebytes but that would not download.

David

0 Kudos
catdaddy
Level 20

Re: Risky connection blocked

Moved to Malware Discussion > Home User Assisstance > Discussions

By Moderator

Cliff
McAfee Volunteer
0 Kudos
catdaddy
Level 20

Re: Risky connection blocked

,

              You can try running the 'Chameleon' Tool to assist you in installing Malwarewbytes (Free). This program is on the same page, simply scroll down further. I would recommend running the latest McAfee Stinger afterwards as well. If that does not assist you, there are other methods to try also.

              Please post back your results. If all else fails, it may be you will be best to revert back to an earlier time before this occurred. However you will have to make certain all is updated and current, to include McAfee.

All the best,

Catdaddy

McAfee Community Moderator

Consumer products

Cliff
McAfee Volunteer
0 Kudos
exbrit
Level 21

Re: Risky connection blocked


olwdave wrote:



It just said McAfee, how do you know if it is Netguard or Firewall. Tried downloading Malwarebytes but that would not download.



David


In the link given already:

It tells you how to download, update and run Malwarebytes all in Safe Mode with Networking.

Or another method, called Chameleon,  also mentioned there..

0 Kudos
Hayton
Level 17

Re: Re: Risky connection blocked

I think malware may be present on the PC. svchost.exe is one of those often modified by malware, and the fact that Malwarebytes will not download is suspicious.

The IP address blocked is, as you said, in Singapore and is or has recently been blacklisted as belonging to a "zombie network" - where one or more addresses in a block of IP addresses has been taken over for use in a botnet. In this case there appears to be a server pumping out spam somewhere in the address block to which this address belongs. Spamcop blocked it but now show it as okay; Spamhaus still blacklist it.

It's worth noting that the blacklistings of that address are all for sending spam, and so the fact that the poster's PC is trying to connect to it could mean that that PC is part of a wider spam-sending network.

http://www.magic-net.info/black-list-checker.dnslookup?black=170.179.113.149&Check_RBL=Blacklist+che...

http://www.spamhaus.org/query/bl?ip=170.179.113.149

http://www.spamhaus.org/sbl/query/SBL221379

0 Kudos
Hayton
Level 17

Re: Re: Re: Risky connection blocked

The Chinese IP address by the way appears to be the controller of the spam network, reading between the lines of its own Spamhaus blacklisting.

http://www.spamhaus.org/query/bl?ip=116.171.187.231

http://www.spamhaus.org/sbl/query/SBL214384

http://www.spamhaus.org/drop/


The Spamhaus Don't Route Or Peer Lists

DROP (Don't Route Or Peer) and EDROP are advisory "drop all traffic" lists, consisting of netblocks that are "hijacked" or leased by professional spam or cyber-crime operations (used for dissemination of malware, trojan downloaders, botnet controllers). The DROP and EDROP lists are a tiny subset of the SBL, designed for use by firewalls and routing equipment to filter out the malicious traffic from these netblocks.



0 Kudos
olwdave
Level 7

Re: Re: Re: Risky connection blocked

Have run Malewarebytes and it did not find any Malware, it found two non-Maleware threats "Pup.optional.Babylon.A" registry keys which it has deleted them.

Any more ideas to remove this problem?

David

0 Kudos
exbrit
Level 21

Re: Re: Re: Risky connection blocked

Tell it remove Babylon and if it can't read here: 

0 Kudos