HELP please.... peerblock blocking IPs

Discussion in 'Malware Analysis' started by lukeyj85, Oct 3, 2017.

  1. lukeyj85

    lukeyj85 Level 1

    Oct 3, 2017
    7
    7
    Australia
    Windows 7
    BitDefender
    Hi,

    I have some knowledge in this area but not enough. On start up of my PC Peerblock starts and blocks certain IPs before I have even done anything. Others are blocked once I am surfing the net.

    Now there are a range of blocked IPs titled with EI du Pont de Nemours and Co, Xerox Corporation and Amazon Technologies Inc. I am fairly convinced after research that these are harmless and google and firefox related.

    However, before opening anything on my PC Peerblock blocks another IP that I am a little concerned about, they are: -
    W32.Downadup.Conficker - ConflickerUpdate.com - 216.239.36.21:80 AND
    W32.Downadup.Conficker - ConflickerUpdate.info - 216.239.34.21:80

    On researching these they seemed to be related to the conficker worm but after running AV and analysis tools I cant find anything and they also are IPs referenced and blocked by Ransomware Tracker.

    Any help or info would be greatly appreciated.

    Thanks in advance.
     
  2. SHvFl

    SHvFl Level 32
    Content Creator Trusted

    Nov 19, 2014
    2,153
    16,406
    Supermodel for McDonald's
    Europe
    Windows 10
    Emsisoft
    frogboy, L S, Marko :) and 3 others like this.
  3. askalan

    askalan Level 9
    AV Tester

    Jul 27, 2017
    425
    2,750
    Germany
    Linux
    Doctor Web
    L S, Marko :), tim one and 1 other person like this.
  4. _CyberGhosT_

    _CyberGhosT_ Level 52
    Trusted

    Aug 2, 2015
    4,174
    27,483
    Retired
    Central US
    Linux Mint
    Default-Deny
    frogboy, L S, Marko :) and 3 others like this.
  5. askalan

    askalan Level 9
    AV Tester

    Jul 27, 2017
    425
    2,750
    Germany
    Linux
    Doctor Web
    Emsisoft isn't a bad idea but a scan with Zemana would be better. Zemana looks a bit deeper in your system and is always the first tool that is being used in this forum for malware removal.
     
    L S likes this.
  6. tim one

    tim one Level 18
    Trusted AV Tester

    Jul 31, 2014
    898
    9,053
    Europe
    Windows 10
    Emsisoft
    Well, it seems you're infected with Conficker variant.
    It will attempt to automatically download updates.
    This old worm incorporates a sophisticated mechanism of self-updating, well implemented in the new variants.
    Basically, the worm generates a huge list of domain names, and it will attempt to connect to them to search for new instructions and updating itself.

    Usually, just following the above tips you should be able to get rid of it, otherwise you can open a new thread here:

    Malware Removal Assistance For Windows
     
  7. carsten ibsen

    carsten ibsen Level 20

    Sep 18, 2016
    980
    5,206
    retired
    denmark
    Windows 10
    Microsoft
    Hello, I agree with askalan try Zemana first, and then you can try HitmanPro it also has a 30-day trial:)
     
  8. L S

    L S Level 5

    Jul 16, 2014
    208
    1,179
    Windows 10
    Avast
    @lukeyj85 Are you still here ? .......
    Have you tried something ? .........
    I agree with all of the above tips, and you can also try Malwarebytes (Free or Trial).
    Good luck !
     
    frogboy and askalan like this.
  9. _CyberGhosT_

    _CyberGhosT_ Level 52
    Trusted

    Aug 2, 2015
    4,174
    27,483
    Retired
    Central US
    Linux Mint
    Default-Deny
    And again, yep :p
    I hope he takes yours, & SHvFi's advise.
     
    frogboy, tim one and askalan like this.
  10. lowdetection

    lowdetection Level 5

    Jul 1, 2017
    209
    644
    China
    Linux
    Isolation
    Scan with Emsisoft AntiMalware.
     
    _CyberGhosT_ likes this.
  11. Node

    Node Level 2

    Aug 6, 2017
    98
    327
    United States
    Windows 10
    Microsoft
    First off, I'd suggest uninstalling PeerBlock as it is an un-maintained software solution. Secondly I suggest scanning your system with the following tools in this order:
    RKill > Malwarebytes Anti-Rookit (or TDSSKiller) > Junkware Removal Tool > AdwCleaner (after this step a re-start will be needed) > RogueKiller

    This should be a good path for a general/common infection. If needed feel free to contact me and I'll assist anyway needed, or you can use the free help offered by other MalwareTips staff and individuals.

    All of the tools I listed above are available at bleepingcomputer.com!
     
  12. lukeyj85

    lukeyj85 Level 1

    Oct 3, 2017
    7
    7
    Australia
    Windows 7
    BitDefender
    OK so things seem to have gotten worse but maybe it is just coincidence. Upon startup today my PC would not start and had to run the windows startup fix. It has now started but at least 2 programs normally on start up now do not initiate on startup. Furthermore, access to my password manager save file was corrupted??

    Anyway first off the response already has been awesome. I was considering uninstalling Peerblock when I came across these issues so have not uninstalled just yet. Should I still uninstall it anyway?? As for scans I have currently scanned with BitDefender Free, Maleware Bytes AM, Norton Power Eraser and a Kaspersky Utility.

    NPE was the only one that returned a result in the registry. I will now download Zemana and Emsisoft and see if they find anything.

    Thanks for the assistance thus far. Will keep you updated.
     
  13. Node

    Node Level 2

    Aug 6, 2017
    98
    327
    United States
    Windows 10
    Microsoft
    AdwCleaner and Junkware Removal Tool are both tools that I highly suggest running. Please see my comment above.
     
  14. lukeyj85

    lukeyj85 Level 1

    Oct 3, 2017
    7
    7
    Australia
    Windows 7
    BitDefender
    Alright so now I have run Zemana which gave no results, Maleware Bytes Anti Rootkit Beta which gave a result on intialisation of the program but not in the scan see picture and emsisoft which seems to have detected the most and may have fixed the w32.downadup issue but I will look again on next startup after i post this. See pics below. In Peerblock pics you can see what was happening and now without the w32.downadup. The blacked out parts are my IP (sorry for the mess): -
     

    Attached Files:

  15. lukeyj85

    lukeyj85 Level 1

    Oct 3, 2017
    7
    7
    Australia
    Windows 7
    BitDefender
    #15 lukeyj85, Oct 3, 2017
    Last edited: Oct 3, 2017
    w32.downadup issue now seems to be resolved. Based on the results I have posted in the pic by Emsisoft (Pic 2) is BD Anti - Ransomware something I should uninstall????
    Do any of the other requests from IPs that are blocked by Peerblock seem to be an issue or can I uninstall Peerblock now.

    Thanks for everyones help so far. Much appreciated.

    EDIT: getting ADWCleaner now :)
     
    frogboy likes this.
  16. lukeyj85

    lukeyj85 Level 1

    Oct 3, 2017
    7
    7
    Australia
    Windows 7
    BitDefender
    #16 lukeyj85, Oct 3, 2017
    Last edited: Oct 3, 2017
    And its back.... I give up haha. Is it possible Peerblock is identifying the IPs wrongly???

    EDIT: SOLVED (I Think) After some uninstalling it seems to have been caused by WiseCare 365. Problem was gone. Reinstalled program to force uninstall something else. w32.downadup returned. Uninstalled WiseCare and no sign of w32.downadup.
     

    Attached Files:

  17. Node

    Node Level 2

    Aug 6, 2017
    98
    327
    United States
    Windows 10
    Microsoft
    You should just uninstall PeerBlock, it is un-maintained.
     
    frogboy and Telos like this.
  18. lukeyj85

    lukeyj85 Level 1

    Oct 3, 2017
    7
    7
    Australia
    Windows 7
    BitDefender
    #18 lukeyj85, Oct 4, 2017
    Last edited: Oct 4, 2017
    Yeah now that I know the other issue has been fixed Peerblock has been removed :). Its just without peerblock I would not have picked up the issue. I am running Emsisoft, BitDefender Anti Ransomware (which Emsisoft did pick up something on but not sure if I should change it/need it) and have Maleware Bytes AM as a backup scan. Any other way you think I should change my security/programs other than uninstalling Peerblock??? Is there another way I could have seen which IPs were requesting communication from my IP other than Peerblock????

    EDIT: Plus Emsisoft says it has an anti-ransomware so I am thinking BD Anti Ransomware may not be needed at all????
     
    _CyberGhosT_ likes this.
Loading...
Similar Threads Forum Date
SOLVED "Google Chrome Malware Virus Infected rundll32.exe! Please help" same as this persons from 2014 Malware Removal Assistance For Windows Dec 12, 2017
SOLVED My windows system is infected by SysWoW64 virus... Please help me remove it Malware Removal Assistance For Windows Dec 9, 2017
Please Help Me AdwCleaner has stopped working :(( Malware Removal Assistance For Windows Nov 30, 2017