Malware Bytes blocking outgoing traffic but no virus/malware detected

Rhythmdvl · May 8, 2012, 2:09pm

Malware Bytes keeps reporting that it blocked outgoing traffic. Here’s one sample from its logs (there are many others, this is just a small snippet):


 IP-BLOCK	89.28.120.37 (Type: outgoing, Port: 55243, Process: svchost.exe)
IP-BLOCK	89.28.120.37 (Type: outgoing, Port: 55243, Process: svchost.exe)
IP-BLOCK	89.28.120.37 (Type: outgoing, Port: 55243, Process: svchost.exe)
IP-BLOCK	222.71.181.244 (Type: outgoing, Port: 55243, Process: svchost.exe)
IP-BLOCK	222.71.181.244 (Type: outgoing, Port: 55243, Process: svchost.exe)
IP-BLOCK	222.69.93.132 (Type: outgoing, Port: 62919, Process: svchost.exe)
IP-BLOCK	222.69.93.132 (Type: outgoing, Port: 62919, Process: svchost.exe)
IP-BLOCK	222.69.93.132 (Type: outgoing, Port: 62919, Process: svchost.exe)
IP-BLOCK	222.69.93.132 (Type: outgoing, Port: 62919, Process: svchost.exe)
IP-BLOCK	213.226.199.236 (Type: outgoing, Port: 62919, Process: svchost.exe)
IP-BLOCK	213.226.199.236 (Type: outgoing, Port: 62919, Process: svchost.exe)
IP-BLOCK	213.226.199.236 (Type: outgoing, Port: 62919, Process: svchost.exe)
IP-BLOCK	77.78.236.111 (Type: outgoing, Port: 53607, Process: svchost.exe)
IP-BLOCK	77.78.236.111 (Type: outgoing, Port: 53607, Process: svchost.exe)
IP-BLOCK	77.78.236.111 (Type: outgoing, Port: 53607, Process: svchost.exe)
IP-BLOCK	77.78.236.111 (Type: outgoing, Port: 53607, Process: svchost.exe)
IP-BLOCK	77.78.236.111 (Type: outgoing, Port: 53607, Process: svchost.exe)
IP-BLOCK	77.78.236.111 (Type: outgoing, Port: 53607, Process: svchost.exe)
IP-BLOCK	222.65.191.88 (Type: outgoing, Port: 53607, Process: svchost.exe)
IP-BLOCK	222.65.191.88 (Type: outgoing, Port: 53607, Process: svchost.exe)

The IP addresses are all over the world.

Yikes, says I. But I can’t figure out what’s in there. I’ve run both quick and full scans by Malware Bytes, MSSE, and TrendMicro online, but none has returned any hits. Am I missing something (i.e. this is a non-issue) or do need to keep trying scanners until something comes up?

RealityChuck · May 8, 2012, 3:33pm

I’d suggest downloanding the old reliable hijackthis. Read the logs and see if there’s a svchost.exe that isn’t in the system32 or system64 folder.

It’s not uncommon for viruses to call themselves svchost, since it’s commonly used by many programs. But they don’t put it into the proper location.

This may be something new that Malwarebytes doesn’t detect quite yet.

Topic		Replies	Views
Why do I get "website blocked due to malware" when I have no browser open? Factual Questions	8	427	September 21, 2022
Firefox is outbound pinging 'Angelfire.' Miscellaneous and Personal Stuff I Must Share	9	836	March 30, 2018
A strange virus... Factual Questions	11	2024	October 7, 2011
"XP Home Security" malware just ruined my fucking day...Malwarebytes blocked Factual Questions	33	7820	May 15, 2011
Blocked outbound connection attempt About This Message Board	1	1860	April 24, 2011

Malware Bytes blocking outgoing traffic but no virus/malware detected

Related topics