Posted March 28, 2016 So i just got this notification from malwarebytes that a malicious website has been blocked: IP: 91.88.56.86 Port: 11922 Type: Inbound Process: C:\Program Files (x86)\Skype\Phone\Skype.exe What does this mean? AM I INFECTED CPU: me | Dark Rock Pro 3 | Asus Z170-A | 32GB Dominator Plats | 512gb SSD/4TB WD Black | 980Ti | BQ Silent Base 800 | EVGA 850w | 01101110 01101111 00100000 01101111 01101110 01100101 00100000 01101100 01101111 01110110 01100101 01110011 00100000 01111001 01101111 01110101BEST PC FOR THE PRICE: $400 $500 $600 $700 $800 $900 $1000 If you want to Silence your PC/Room more, contact me. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted March 28, 2016 1) false positive 2)virus piggybacking on the skype data 3)Microsoft spyware either way it shouldn't hurt anything to let it be removed . _/ V\ / / / << | ,/ ] ,/ ] ,/ | / \ \ / / | | | ______| __/_/| | /_______\______}\__} Spoiler [i7-7700k@5Ghz | MSI Z270 M7 | 16GB 3000 GEIL EVOX | STRIX ROG 1060 OC 6G | EVGA G2 650W | ROSEWILL B2 SPIRIT | SANDISK 256GB M2 | 4x 1TB Seagate Barracudas RAID 10 ] [i3-4360 | mini-itx potato | 4gb DDR3-1600 | 8tb wd red | 250gb seagate| Debian 9 ] [Dell Inspiron 15 5567] Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted March 28, 2016 Most malware creators will just create their executables with legit application names and other data from it, so it might not be a false positive. Your best bet would to be just remove any detections and then reinstall the legit apps. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted March 28, 2016 4 minutes ago, i7-6700K said: So i just got this notification from malwarebytes that a malicious website has been blocked: IP: 91.88.56.86 Port: 11922 Type: Inbound Process: C:\Program Files (x86)\Skype\Phone\Skype.exe What does this mean? AM I INFECTED Do you live in France by any chance? That is where the IP originates from.. Pls Follow your own posts! Chief Engineer for my School Studio, Own my own Home Studio also. I also do requests for Remixing songs too :D Storage Server: Mobo: Supermicro X8SIA-F Case: Some Supermicro 1U case Drives: 3x 2TB Seagate Barracuda 7200 RPM drives, 1x 3TB Seagate Barracuda 7200 RPM CPU: Intel Xeon X3430 2.4GHz Ram: 2x Kingston ECC 2GB sticks Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted March 28, 2016 Author 1 minute ago, dark_xzyph3r said: Do you live in France by any chance? That is where the IP originates from.. lol no i live in the u.s of a CPU: me | Dark Rock Pro 3 | Asus Z170-A | 32GB Dominator Plats | 512gb SSD/4TB WD Black | 980Ti | BQ Silent Base 800 | EVGA 850w | 01101110 01101111 00100000 01101111 01101110 01100101 00100000 01101100 01101111 01110110 01100101 01110011 00100000 01111001 01101111 01110101BEST PC FOR THE PRICE: $400 $500 $600 $700 $800 $900 $1000 If you want to Silence your PC/Room more, contact me. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted March 28, 2016 I remember there being something with wireshark where you could type in your DNS information, then if a connection called No-IP or something came up, you were being ratted, try and search the internet for it. If you don't download random executables from the internet, or open random email documents, then you should be fine. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted March 28, 2016 Just now, i7-6700K said: lol no i live in the u.s of a Lol k.. General IP Information IP:91.88.56.86 Decimal:1532508246 Hostname:86.56.88.91.rev.sfr.net ASN:41334 ISP:Sfr Collectivites SA Organization:Manche Telecom Services:None detected Type:Broadband Assignment:Static IP Geolocation Information Continent:Europe Country:France State/Region:Manche City:Argouges Latitude:48.5023 (48° 30′ 8.28″ N) Longitude:-1.3968 (1° 23′ 48.48″ W) Postal Code:50240 This is where the IP is located Dunno why it would be contacting your IP.. Pls Follow your own posts! Chief Engineer for my School Studio, Own my own Home Studio also. I also do requests for Remixing songs too :D Storage Server: Mobo: Supermicro X8SIA-F Case: Some Supermicro 1U case Drives: 3x 2TB Seagate Barracuda 7200 RPM drives, 1x 3TB Seagate Barracuda 7200 RPM CPU: Intel Xeon X3430 2.4GHz Ram: 2x Kingston ECC 2GB sticks Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted March 28, 2016 Author 4 minutes ago, Mornincupofhate said: Most malware creators will just create their executables with legit application names and other data from it, so it might not be a false positive. Your best bet would to be just remove any detections and then reinstall the legit apps. Well i scanned and there was no detections. Malwarebytes just said that it blocked a malicious website. CPU: me | Dark Rock Pro 3 | Asus Z170-A | 32GB Dominator Plats | 512gb SSD/4TB WD Black | 980Ti | BQ Silent Base 800 | EVGA 850w | 01101110 01101111 00100000 01101111 01101110 01100101 00100000 01101100 01101111 01110110 01100101 01110011 00100000 01111001 01101111 01110101BEST PC FOR THE PRICE: $400 $500 $600 $700 $800 $900 $1000 If you want to Silence your PC/Room more, contact me. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted March 28, 2016 Author 2 minutes ago, dark_xzyph3r said: snippppppppppppppppppppppppppppppppppppp Thats odd. Do you think it was just a false positive?> CPU: me | Dark Rock Pro 3 | Asus Z170-A | 32GB Dominator Plats | 512gb SSD/4TB WD Black | 980Ti | BQ Silent Base 800 | EVGA 850w | 01101110 01101111 00100000 01101111 01101110 01100101 00100000 01101100 01101111 01110110 01100101 01110011 00100000 01111001 01101111 01110101BEST PC FOR THE PRICE: $400 $500 $600 $700 $800 $900 $1000 If you want to Silence your PC/Room more, contact me. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted March 28, 2016 2 minutes ago, dark_xzyph3r said: Lol k.. General IP Information IP:91.88.56.86 Decimal:1532508246 Hostname:86.56.88.91.rev.sfr.net ASN:41334 ISP:Sfr Collectivites SA Organization:Manche Telecom Services:None detected Type:Broadband Assignment:Static IP Geolocation Information Continent:Europe Country:France State/Region:Manche City:Argouges Latitude:48.5023 (48° 30′ 8.28″ N) Longitude:-1.3968 (1° 23′ 48.48″ W) Postal Code:50240 This is where the IP is located Dunno why it would be contacting your IP.. This is a French IP not owned by Skype. I don't speak French and their website is too cancerous to read, but I'm fairly certain they're an offshore hosting company. (which people use to host malware and botnets) Chances are OP, you're being ratted. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted March 28, 2016 3 minutes ago, i7-6700K said: lol no i live in the u.s of a Also is port 11922 open on your router? That port isn't standard so I still have no reason why it would attempt to contact that port.. Also why would it block a website when website ports are "80, 8080, 443" Pls Follow your own posts! Chief Engineer for my School Studio, Own my own Home Studio also. I also do requests for Remixing songs too :D Storage Server: Mobo: Supermicro X8SIA-F Case: Some Supermicro 1U case Drives: 3x 2TB Seagate Barracuda 7200 RPM drives, 1x 3TB Seagate Barracuda 7200 RPM CPU: Intel Xeon X3430 2.4GHz Ram: 2x Kingston ECC 2GB sticks Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted March 28, 2016 skype is baaad, it runs at your background sucking up resources and is like an overly attached girlfriend -le clicks quit skype- "are you sure you wanna close skype? you wont receive message blablablabla" -close it and never opened it again- -sigh- feeling like I'm being too negative lately Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted March 28, 2016 Just now, dark_xzyph3r said: Also is port 11922 open on your router? That port isn't standard so I still have no reason why it would attempt to contact that port.. Also why would it block a website when website ports are "80, 8080, 443" ^ You're being ratted. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted March 28, 2016 1 minute ago, Mornincupofhate said: This is a French IP not owned by Skype. I don't speak French and their website is too cancerous to read, but I'm fairly certain they're an offshore hosting company. (which people use to host malware and botnets) Chances are OP, you're being ratted. The hosting company is in Paris. https://en.wikipedia.org/wiki/SFR I cant find any info about them.. Pls Follow your own posts! Chief Engineer for my School Studio, Own my own Home Studio also. I also do requests for Remixing songs too :D Storage Server: Mobo: Supermicro X8SIA-F Case: Some Supermicro 1U case Drives: 3x 2TB Seagate Barracuda 7200 RPM drives, 1x 3TB Seagate Barracuda 7200 RPM CPU: Intel Xeon X3430 2.4GHz Ram: 2x Kingston ECC 2GB sticks Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted March 28, 2016 Author 9 minutes ago, Mornincupofhate said: 18 minutes ago, Mornincupofhate said: This is a French IP not owned by Skype. I don't speak French and their website is too cancerous to read, but I'm fairly certain they're an offshore hosting company. (which people use to host malware and botnets) Chances are OP, you're being ratted. This is a French IP not owned by Skype. I don't speak French and their website is too cancerous to read, but I'm fairly certain they're an offshore hosting company. (which people use to host malware and botnets) Chances are OP, you're being ratted. I just searched up similar problems that people had like this. This was one answer: Malwarebytes has IP blocklists grabbed from a variety of sources. Any IP in the world can be on a blocklist for a variety of reasons. That IP is in an IP address range hosting at least one open-ended outgoing e-mail server. Open ended SMTP servers are generally used to send spam, so it can end up on a spam blacklist even if no spam is ever sent. Skype interacts with a lot of IPs. So when Malwarebytes set's off its rather ridiculous alarms, all it's informing you is that Skype is interacting with an IP of a possible email server that "might" send out spam. It doesn't mean you're infected or being attacked by anything. It's not like you're interacting over e-mail (port 25) in the first place. CPU: me | Dark Rock Pro 3 | Asus Z170-A | 32GB Dominator Plats | 512gb SSD/4TB WD Black | 980Ti | BQ Silent Base 800 | EVGA 850w | 01101110 01101111 00100000 01101111 01101110 01100101 00100000 01101100 01101111 01110110 01100101 01110011 00100000 01111001 01101111 01110101BEST PC FOR THE PRICE: $400 $500 $600 $700 $800 $900 $1000 If you want to Silence your PC/Room more, contact me. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted March 28, 2016 8 hours ago, i7-6700K said: So i just got this notification from malwarebytes that a malicious website has been blocked: IP: 91.88.56.86 Port: 11922 Type: Inbound Process: C:\Program Files (x86)\Skype\Phone\Skype.exe What does this mean? AM I INFECTED Fake alert. However via skype have been done lot of virus/malwares infections and even hacking in to victims pc. Not mentioned its popular among heaters to trace victims IP and then ddos him during CS, CoD, LOL, or other game match.. Getting old is wonderful, when you consider the alternative. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now