Moved this provisionally to Malware Discussion > Home User Assistance.
That IP belongs to France Telecom, do you have anything installed that would 'dial home' to France?
Look in the last link in my signature below for some tools from McAfee and 3rd parties which you could run as a precaution.
Remember this was blocked to you should be OK. Where were you reading this blocked message by the way?
I checked the IP address here and found that the ISP for the address is France.
I checked here (Neighbouring IP addresses) and saw that it was assessed as HIGH RISK by way of WEB REPUTATION
The blocked message notification came up on my screen. It was posted by my McAfee Total Protection Firewall Net Guard which I have running. It was an alert to tell me that McAfee had blocked access.
Out of curiosity I then posted the IP address in the IE address bar and got this warning
I appreciate that the connection is blocked but what I wondered is where on my computer would be the command to make this connection to this IP address. I could then delete it.
Not sure but as a precaution I would run some scans with say Stinger & Malwarebytes Free - both listed in the last link in my signature below.
One place you could look which may give a clue is in SecurityCenter click navigation at top right
Scroll down to Traffic Monitor
In the drop-down menu near the top select Active Programs
Expand each one in the list below to see if that IP crops up there.
Another way that may work, may not, is to search for that IP number by keying in the number into a registry search.
Go to Start/Run and enter regedit and click OK - also OK any UAC prompts you may get (Vista and above).
A page should open with the top left hand corner looking something like this:
If for some reason the trees are expanded, collapse them and then highlight My Computer.
Go to File tab and click "Export" and send the registry to your desktop. This is in case something goes wrong. It can then be rebuilt by simply right-clicking that desktop item and selecting merge.
Now click the Edit tab and then "Find". Enter "220.127.116.11" (minus the "") then click "Find next" (or hit the enter key).
Whatever is found, right-click and delete if so desired.
Hit your F3 key for the next instance and keep going until all entries are gone.
If one says it can't be deleted this is where it gets complicated. You have to then find which key on the left column pertains to it and right-click/Properties/Permissions and give yourself permission.
If all is successful those entries could not possibly remain and you can then delete the registry backup.
This is proving interesting.
The IP address we agree was provided by an ISP in France was allocated to AKAMAI Technologies.
When I put AKAMAI into START>SEARCH then it produces a number of PHISHING emails which I reported to firstname.lastname@example.org
The original IP address which was blocked does not appear in the Traffic Monitor but another with a similar IP address did appear. I checked it here and also here which would suggest that (as it is high risk for emails) that this would tie in with the phishing emails.
I cannot find AKAMAI in the delete programme search or in msconfig.
Some people have said that ADOBE genuinely uses AKAMAI but what I find interesting is that when I got the UKASH trojan (see my post here) I believe I got it through a fake ADOBE update!
I must do some investigating!
AKAMAI download managers are commonly used to install certain types of software. Have you installed anything new lately?
Look at the last link in my signature and go down near the end. Post a Hijackthis or DDS log as instructed there on one of those specialist forums for analysis.
I have not installed anything recently.
I can see that AKAMAI has a genuine role but looking at the results of the check of the IP addresses in McAfee would suggest that others have reported problems. Interesting that the search of my computer brought up the phishing emails I reported.
Best post a Hijackthis or DDS log as I suggested and have them look into the possibility that something amiss is still going on in your machine.
I have not installed anything recently.
I think you have installed something, although unintentionally.
when I got the UKASH trojan (see my post here) I believe I got it through a fake ADOBE update
The Trojan has probably downloaded other malware and you are seeing the result.
The IP address (18.104.22.168) shows as High Risk in TrustedSource because the server has been compromised and is hosting malware.
If you have not already done so you should run Stinger in case you have a rootkit on your system.