HELP please.... peerblock blocking IPs

Joined
Oct 3, 2017
Messages
7
OS
Windows 7
Antivirus
Bitdefender
#1
Hi,

I have some knowledge in this area but not enough. On start up of my PC Peerblock starts and blocks certain IPs before I have even done anything. Others are blocked once I am surfing the net.

Now there are a range of blocked IPs titled with EI du Pont de Nemours and Co, Xerox Corporation and Amazon Technologies Inc. I am fairly convinced after research that these are harmless and google and firefox related.

However, before opening anything on my PC Peerblock blocks another IP that I am a little concerned about, they are: -
W32.Downadup.Conficker - ConflickerUpdate.com - 216.239.36.21:80 AND
W32.Downadup.Conficker - ConflickerUpdate.info - 216.239.34.21:80

On researching these they seemed to be related to the conficker worm but after running AV and analysis tools I cant find anything and they also are IPs referenced and blocked by Ransomware Tracker.

Any help or info would be greatly appreciated.

Thanks in advance.
 

askalan

Level 12
AV-Tester
Verified
Joined
Jul 27, 2017
Messages
579
OS
Arch Linux
Antivirus
Isolation
#5
Emsisoft isn't a bad idea but a scan with Zemana would be better. Zemana looks a bit deeper in your system and is always the first tool that is being used in this forum for malware removal.
 
Likes: L S

tim one

Level 21
AV-Tester
Verified
Joined
Jul 31, 2014
Messages
1,073
OS
Windows 10
Antivirus
F-Secure
#6
Well, it seems you're infected with Conficker variant.
It will attempt to automatically download updates.
This old worm incorporates a sophisticated mechanism of self-updating, well implemented in the new variants.
Basically, the worm generates a huge list of domain names, and it will attempt to connect to them to search for new instructions and updating itself.

Usually, just following the above tips you should be able to get rid of it, otherwise you can open a new thread here:

Malware Removal Assistance For Windows
 

L S

Level 5
Verified
Joined
Jul 16, 2014
Messages
209
OS
Windows 10
Antivirus
Avast
#8
@lukeyj85 Are you still here ? .......
Have you tried something ? .........
I agree with all of the above tips, and you can also try Malwarebytes (Free or Trial).
Good luck !
 

_CyberGhosT_

Level 52
Verified
Joined
Aug 2, 2015
Messages
4,180
OS
Linux Mint
Antivirus
Default-Deny
#9
Well, it seems you're infected with Conficker variant.
It will attempt to automatically download updates.
This old worm incorporates a sophisticated mechanism of self-updating, well implemented in the new variants.
Basically, the worm generates a huge list of domain names, and it will attempt to connect to them to search for new instructions and updating itself.

Usually, just following the above tips you should be able to get rid of it, otherwise you can open a new thread here:

Malware Removal Assistance For Windows
And again, yep :p
I hope he takes yours, & SHvFi's advise.
 

Node

Level 2
Joined
Aug 6, 2017
Messages
98
OS
Windows 10
Antivirus
Microsoft
#11
First off, I'd suggest uninstalling PeerBlock as it is an un-maintained software solution. Secondly I suggest scanning your system with the following tools in this order:
RKill > Malwarebytes Anti-Rookit (or TDSSKiller) > Junkware Removal Tool > AdwCleaner (after this step a re-start will be needed) > RogueKiller

This should be a good path for a general/common infection. If needed feel free to contact me and I'll assist anyway needed, or you can use the free help offered by other MalwareTips staff and individuals.

All of the tools I listed above are available at bleepingcomputer.com!
 
Joined
Oct 3, 2017
Messages
7
OS
Windows 7
Antivirus
Bitdefender
#12
OK so things seem to have gotten worse but maybe it is just coincidence. Upon startup today my PC would not start and had to run the windows startup fix. It has now started but at least 2 programs normally on start up now do not initiate on startup. Furthermore, access to my password manager save file was corrupted??

Anyway first off the response already has been awesome. I was considering uninstalling Peerblock when I came across these issues so have not uninstalled just yet. Should I still uninstall it anyway?? As for scans I have currently scanned with BitDefender Free, Maleware Bytes AM, Norton Power Eraser and a Kaspersky Utility.

NPE was the only one that returned a result in the registry. I will now download Zemana and Emsisoft and see if they find anything.

Thanks for the assistance thus far. Will keep you updated.
 

Node

Level 2
Joined
Aug 6, 2017
Messages
98
OS
Windows 10
Antivirus
Microsoft
#13
OK so things seem to have gotten worse but maybe it is just coincidence. Upon startup today my PC would not start and had to run the windows startup fix. It has now started but at least 2 programs normally on start up now do not initiate on startup. Furthermore, access to my password manager save file was corrupted??

Anyway first off the response already has been awesome. I was considering uninstalling Peerblock when I came across these issues so have not uninstalled just yet. Should I still uninstall it anyway?? As for scans I have currently scanned with BitDefender Free, Maleware Bytes AM, Norton Power Eraser and a Kaspersky Utility.

NPE was the only one that returned a result in the registry. I will now download Zemana and Emsisoft and see if they find anything.

Thanks for the assistance thus far. Will keep you updated.
AdwCleaner and Junkware Removal Tool are both tools that I highly suggest running. Please see my comment above.
 
Joined
Oct 3, 2017
Messages
7
OS
Windows 7
Antivirus
Bitdefender
#14
Alright so now I have run Zemana which gave no results, Maleware Bytes Anti Rootkit Beta which gave a result on intialisation of the program but not in the scan see picture and emsisoft which seems to have detected the most and may have fixed the w32.downadup issue but I will look again on next startup after i post this. See pics below. In Peerblock pics you can see what was happening and now without the w32.downadup. The blacked out parts are my IP (sorry for the mess): -
 

Attachments

Joined
Oct 3, 2017
Messages
7
OS
Windows 7
Antivirus
Bitdefender
#15
w32.downadup issue now seems to be resolved. Based on the results I have posted in the pic by Emsisoft (Pic 2) is BD Anti - Ransomware something I should uninstall????
Do any of the other requests from IPs that are blocked by Peerblock seem to be an issue or can I uninstall Peerblock now.

Thanks for everyones help so far. Much appreciated.

EDIT: getting ADWCleaner now :)
 
Last edited:
Likes: frogboy
Joined
Oct 3, 2017
Messages
7
OS
Windows 7
Antivirus
Bitdefender
#16
And its back.... I give up haha. Is it possible Peerblock is identifying the IPs wrongly???

EDIT: SOLVED (I Think) After some uninstalling it seems to have been caused by WiseCare 365. Problem was gone. Reinstalled program to force uninstall something else. w32.downadup returned. Uninstalled WiseCare and no sign of w32.downadup.
 

Attachments

Last edited:

Node

Level 2
Joined
Aug 6, 2017
Messages
98
OS
Windows 10
Antivirus
Microsoft
#17
And its back.... I give up haha. Is it possible Peerblock is identifying the IPs wrongly???

EDIT: SOLVED (I Think) After some uninstalling it seems to have been caused by WiseCare 365. Problem was gone. Reinstalled program to force uninstall something else. w32.downadup returned. Uninstalled WiseCare and no sign of w32.downadup.
You should just uninstall PeerBlock, it is un-maintained.
 
Joined
Oct 3, 2017
Messages
7
OS
Windows 7
Antivirus
Bitdefender
#18
Yeah now that I know the other issue has been fixed Peerblock has been removed :). Its just without peerblock I would not have picked up the issue. I am running Emsisoft, BitDefender Anti Ransomware (which Emsisoft did pick up something on but not sure if I should change it/need it) and have Maleware Bytes AM as a backup scan. Any other way you think I should change my security/programs other than uninstalling Peerblock??? Is there another way I could have seen which IPs were requesting communication from my IP other than Peerblock????

EDIT: Plus Emsisoft says it has an anti-ransomware so I am thinking BD Anti Ransomware may not be needed at all????
 
Last edited:
Likes: _CyberGhosT_