HELP please.... peerblock blocking IPs

lukeyj85

Level 1
Thread author
Oct 3, 2017
7
Hi,

I have some knowledge in this area but not enough. On start up of my PC Peerblock starts and blocks certain IPs before I have even done anything. Others are blocked once I am surfing the net.

Now there are a range of blocked IPs titled with EI du Pont de Nemours and Co, Xerox Corporation and Amazon Technologies Inc. I am fairly convinced after research that these are harmless and google and firefox related.

However, before opening anything on my PC Peerblock blocks another IP that I am a little concerned about, they are: -
W32.Downadup.Conficker - ConflickerUpdate.com - 216.239.36.21:80 AND
W32.Downadup.Conficker - ConflickerUpdate.info - 216.239.34.21:80

On researching these they seemed to be related to the conficker worm but after running AV and analysis tools I cant find anything and they also are IPs referenced and blocked by Ransomware Tracker.

Any help or info would be greatly appreciated.

Thanks in advance.
 

AlanOstaszewski

Level 16
Verified
Top Poster
Malware Hunter
Jul 27, 2017
775
Emsisoft isn't a bad idea but a scan with Zemana would be better. Zemana looks a bit deeper in your system and is always the first tool that is being used in this forum for malware removal.
 
  • Like
Reactions: L S

tim one

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
Well, it seems you're infected with Conficker variant.
It will attempt to automatically download updates.
This old worm incorporates a sophisticated mechanism of self-updating, well implemented in the new variants.
Basically, the worm generates a huge list of domain names, and it will attempt to connect to them to search for new instructions and updating itself.

Usually, just following the above tips you should be able to get rid of it, otherwise you can open a new thread here:

Malware Removal Assistance For Windows
 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Well, it seems you're infected with Conficker variant.
It will attempt to automatically download updates.
This old worm incorporates a sophisticated mechanism of self-updating, well implemented in the new variants.
Basically, the worm generates a huge list of domain names, and it will attempt to connect to them to search for new instructions and updating itself.

Usually, just following the above tips you should be able to get rid of it, otherwise you can open a new thread here:

Malware Removal Assistance For Windows
And again, yep :p
I hope he takes yours, & SHvFi's advise.
 

Node

Level 3
Verified
Aug 6, 2017
100
First off, I'd suggest uninstalling PeerBlock as it is an un-maintained software solution. Secondly I suggest scanning your system with the following tools in this order:
RKill > Malwarebytes Anti-Rookit (or TDSSKiller) > Junkware Removal Tool > AdwCleaner (after this step a re-start will be needed) > RogueKiller

This should be a good path for a general/common infection. If needed feel free to contact me and I'll assist anyway needed, or you can use the free help offered by other MalwareTips staff and individuals.

All of the tools I listed above are available at bleepingcomputer.com!
 

lukeyj85

Level 1
Thread author
Oct 3, 2017
7
OK so things seem to have gotten worse but maybe it is just coincidence. Upon startup today my PC would not start and had to run the windows startup fix. It has now started but at least 2 programs normally on start up now do not initiate on startup. Furthermore, access to my password manager save file was corrupted??

Anyway first off the response already has been awesome. I was considering uninstalling Peerblock when I came across these issues so have not uninstalled just yet. Should I still uninstall it anyway?? As for scans I have currently scanned with BitDefender Free, Maleware Bytes AM, Norton Power Eraser and a Kaspersky Utility.

NPE was the only one that returned a result in the registry. I will now download Zemana and Emsisoft and see if they find anything.

Thanks for the assistance thus far. Will keep you updated.
 

Node

Level 3
Verified
Aug 6, 2017
100
OK so things seem to have gotten worse but maybe it is just coincidence. Upon startup today my PC would not start and had to run the windows startup fix. It has now started but at least 2 programs normally on start up now do not initiate on startup. Furthermore, access to my password manager save file was corrupted??

Anyway first off the response already has been awesome. I was considering uninstalling Peerblock when I came across these issues so have not uninstalled just yet. Should I still uninstall it anyway?? As for scans I have currently scanned with BitDefender Free, Maleware Bytes AM, Norton Power Eraser and a Kaspersky Utility.

NPE was the only one that returned a result in the registry. I will now download Zemana and Emsisoft and see if they find anything.

Thanks for the assistance thus far. Will keep you updated.

AdwCleaner and Junkware Removal Tool are both tools that I highly suggest running. Please see my comment above.
 

lukeyj85

Level 1
Thread author
Oct 3, 2017
7
Alright so now I have run Zemana which gave no results, Maleware Bytes Anti Rootkit Beta which gave a result on intialisation of the program but not in the scan see picture and emsisoft which seems to have detected the most and may have fixed the w32.downadup issue but I will look again on next startup after i post this. See pics below. In Peerblock pics you can see what was happening and now without the w32.downadup. The blacked out parts are my IP (sorry for the mess): -
 

Attachments

  • Emsisoft.JPG
    Emsisoft.JPG
    99.2 KB · Views: 562
  • Emsisoft 2.JPG
    Emsisoft 2.JPG
    146.5 KB · Views: 537
  • Maleware Bytes Anti Root.JPG
    Maleware Bytes Anti Root.JPG
    44.8 KB · Views: 613
  • Peerblock.JPG
    Peerblock.JPG
    277.5 KB · Views: 607
  • Peerblock NOW.JPG
    Peerblock NOW.JPG
    220.3 KB · Views: 636

lukeyj85

Level 1
Thread author
Oct 3, 2017
7
w32.downadup issue now seems to be resolved. Based on the results I have posted in the pic by Emsisoft (Pic 2) is BD Anti - Ransomware something I should uninstall????
Do any of the other requests from IPs that are blocked by Peerblock seem to be an issue or can I uninstall Peerblock now.

Thanks for everyones help so far. Much appreciated.

EDIT: getting ADWCleaner now :)
 
Last edited:
  • Like
Reactions: frogboy

lukeyj85

Level 1
Thread author
Oct 3, 2017
7
And its back.... I give up haha. Is it possible Peerblock is identifying the IPs wrongly???

EDIT: SOLVED (I Think) After some uninstalling it seems to have been caused by WiseCare 365. Problem was gone. Reinstalled program to force uninstall something else. w32.downadup returned. Uninstalled WiseCare and no sign of w32.downadup.
 

Attachments

  • Peerblock 3.JPG
    Peerblock 3.JPG
    82.7 KB · Views: 532
Last edited:

Node

Level 3
Verified
Aug 6, 2017
100
And its back.... I give up haha. Is it possible Peerblock is identifying the IPs wrongly???

EDIT: SOLVED (I Think) After some uninstalling it seems to have been caused by WiseCare 365. Problem was gone. Reinstalled program to force uninstall something else. w32.downadup returned. Uninstalled WiseCare and no sign of w32.downadup.

You should just uninstall PeerBlock, it is un-maintained.
 

lukeyj85

Level 1
Thread author
Oct 3, 2017
7
Yeah now that I know the other issue has been fixed Peerblock has been removed :). Its just without peerblock I would not have picked up the issue. I am running Emsisoft, BitDefender Anti Ransomware (which Emsisoft did pick up something on but not sure if I should change it/need it) and have Maleware Bytes AM as a backup scan. Any other way you think I should change my security/programs other than uninstalling Peerblock??? Is there another way I could have seen which IPs were requesting communication from my IP other than Peerblock????

EDIT: Plus Emsisoft says it has an anti-ransomware so I am thinking BD Anti Ransomware may not be needed at all????
 
Last edited:
  • Like
Reactions: _CyberGhosT_

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top