LilSnoop40 Posted November 29, 2020 Share Posted November 29, 2020 hello, question Malwarebytes keeps popping up this alert every minute... can anyone explain as i tried to google the ip address and have no idea what's happening? Link to comment https://www.neowin.net/forum/topic/1402765-malwarebytes/ Share on other sites More sharing options...
0 Jim K Global Moderator Posted November 29, 2020 Global Moderator Share Posted November 29, 2020 Looks like someone from Russia is trying to Remote Desktop into your computer (if all of those are port 3389) and MalwareBytes is blocking it. Maybe block that IP address at the router? According to Ultratools... Quote Source: whois.ripe.net IP Address: 45.146.165.153 inetnum: 45.146.164.0 - 45.146.165.255 netname: RU-HOSTWAY-20200907 country: RU Someone might have a better answer. It could just go away after "they" give up? Link to comment https://www.neowin.net/forum/topic/1402765-malwarebytes/#findComment-598606467 Share on other sites More sharing options...
0 Steven P. Administrators Posted November 29, 2020 Administrators Share Posted November 29, 2020 Port 3389 is used for Remote Desktop, if you do not use it ensure that it is disabled in Windows. Usually these things can be blocked on the router level unless you have opted to have that port open, at a guess I would think you are being port scanned. It happens to most people including me, but my ISP router blocks these requests before they ever reach Windows/Malwarebytes. You can also add that IP to your Windows firewall and block it if it won't stop probing your connection, Link to comment https://www.neowin.net/forum/topic/1402765-malwarebytes/#findComment-598606468 Share on other sites More sharing options...
0 +Biscuits Brown MVC Posted November 29, 2020 MVC Share Posted November 29, 2020 Wouldn't his router already block that (assuming NAT) unless he has forwarded the port? Surely the PC isn't just connected directly to the web. Link to comment https://www.neowin.net/forum/topic/1402765-malwarebytes/#findComment-598606469 Share on other sites More sharing options...
0 Steven P. Administrators Posted November 29, 2020 Administrators Share Posted November 29, 2020 1 minute ago, Biscuits Brown said: Wouldn't his router already block that (assuming NAT) unless he has forwarded the port? Surely the PC isn't just connected directly to the web. Depends how the router is configured. Mine lets me completely disable the firewall heheh. Link to comment https://www.neowin.net/forum/topic/1402765-malwarebytes/#findComment-598606470 Share on other sites More sharing options...
0 +Biscuits Brown MVC Posted November 29, 2020 MVC Share Posted November 29, 2020 Right but NAT should have blocked his internal IP regardless of the firewall unless he forwarded the port. Link to comment https://www.neowin.net/forum/topic/1402765-malwarebytes/#findComment-598606471 Share on other sites More sharing options...
0 LilSnoop40 Posted November 30, 2020 Author Share Posted November 30, 2020 Is this ok and question about NAT, I was told before to open NAT for XBOX Live instead of leaving it secured so I have it set to open?: Link to comment https://www.neowin.net/forum/topic/1402765-malwarebytes/#findComment-598606493 Share on other sites More sharing options...
0 LilSnoop40 Posted November 30, 2020 Author Share Posted November 30, 2020 also I just logged into my router and the logs show this, can you explain what I am looking at? [LAN access from remote] from 193.93.62.4:58240 to 192.168.1.2:3389, Sunday, November 29, 2020 20:58:04 [LAN access from remote] from 185.193.88.63:49772 to 192.168.1.2:3389, Sunday, November 29, 2020 20:58:03 [LAN access from remote] from 185.156.74.32:45892 to 192.168.1.2:3389, Sunday, November 29, 2020 20:58:02 [LAN access from remote] from 193.93.62.27:60671 to 192.168.1.2:3389, Sunday, November 29, 2020 20:58:01 [LAN access from remote] from 185.156.74.26:47268 to 192.168.1.2:3389, Sunday, November 29, 2020 20:58:00 [LAN access from remote] from 193.27.229.103:35020 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:59 [LAN access from remote] from 87.251.67.27:4066 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:58 [LAN access from remote] from 87.251.67.28:47896 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:57 [LAN access from remote] from 87.251.67.28:47898 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:56 [LAN access from remote] from 87.251.67.21:2343 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:55 [LAN access from remote] from 45.146.165.237:58054 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:54 [LAN access from remote] from 45.146.165.151:55314 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:53 [LAN access from remote] from 185.193.88.93:33162 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:52 [LAN access from remote] from 45.146.165.151:50808 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:51 [LAN access from remote] from 193.93.62.27:52582 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:50 [LAN access from remote] from 185.202.2.39:19911 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:49 [LAN access from remote] from 45.146.166.7:47774 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:48 [LAN access from remote] from 193.27.229.103:8913 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:47 [LAN access from remote] from 193.29.13.11:59237 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:46 [LAN access from remote] from 185.153.196.72:57868 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:45 [LAN access from remote] from 185.153.196.72:57477 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:44 [LAN access from remote] from 194.61.55.68:5037 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:43 [LAN access from remote] from 45.82.153.14:63903 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:42 [LAN access from remote] from 193.93.62.51:54547 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:41 [LAN access from remote] from 185.193.88.76:39692 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:40 [LAN access from remote] from 185.193.88.118:44294 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:39 [LAN access from remote] from 87.251.67.10:15050 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:38 [LAN access from remote] from 87.251.67.16:13127 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:37 [LAN access from remote] from 185.193.88.86:56050 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:36 [LAN access from remote] from 185.156.74.33:59718 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:35 [LAN access from remote] from 193.93.62.59:59318 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:34 [LAN access from remote] from 193.93.62.24:57582 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:33 [LAN access from remote] from 87.251.67.157:33552 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:32 [LAN access from remote] from 45.82.153.18:32187 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:31 [LAN access from remote] from 193.93.62.98:58053 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:30 [LAN access from remote] from 193.29.13.19:60543 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:29 [LAN access from remote] from 185.156.74.32:55362 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:28 [LAN access from remote] from 185.156.74.26:42342 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:27 [LAN access from remote] from 87.251.67.157:15454 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:26 [LAN access from remote] from 185.202.2.211:60324 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:25 [LAN access from remote] from 193.93.62.59:49404 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:24 [LAN access from remote] from 45.82.153.20:39680 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:23 [LAN access from remote] from 87.251.66.28:50332 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:22 [LAN access from remote] from 87.251.67.23:15130 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:21 [LAN access from remote] from 45.146.165.93:59732 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:20 [LAN access from remote] from 193.93.62.32:58517 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:19 [LAN access from remote] from 193.93.62.65:60599 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:18 [LAN access from remote] from 193.93.62.92:55686 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:17 [LAN access from remote] from 193.27.229.103:50756 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:16 [LAN access from remote] from 193.93.62.50:56940 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:15 [LAN access from remote] from 194.61.54.38:12386 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:14 [LAN access from remote] from 185.193.88.93:45652 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:13 [LAN access from remote] from 45.146.165.237:45878 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:12 [LAN access from remote] from 45.82.153.22:24106 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:11 [LAN access from remote] from 87.251.66.21:61297 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:10 [LAN access from remote] from 45.146.165.93:39094 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:09 [LAN access from remote] from 45.146.166.5:49312 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:08 [LAN access from remote] from 193.93.62.99:63238 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:07 [LAN access from remote] from 193.93.62.39:54496 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:06 [LAN access from remote] from 193.93.62.43:58096 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:05 [LAN access from remote] from 193.93.62.60:60427 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:04 [LAN access from remote] from 193.93.62.39:63150 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:03 [LAN access from remote] from 185.193.88.93:35396 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:02 [LAN access from remote] from 45.146.165.151:35018 to 192.168.1.2:3389, Sunday, November 29, 2020 20:57:00 [LAN access from remote] from 185.202.2.218:36365 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:59 [LAN access from remote] from 45.146.166.7:52124 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:58 [LAN access from remote] from 185.156.74.9:35418 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:57 [LAN access from remote] from 185.193.88.95:57544 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:56 [LAN access from remote] from 185.202.2.211:25888 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:55 [LAN access from remote] from 45.146.165.180:46840 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:54 [LAN access from remote] from 185.193.88.76:56306 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:53 [LAN access from remote] from 87.251.67.10:49121 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:52 [LAN access from remote] from 185.193.88.118:52244 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:51 [LAN access from remote] from 185.193.88.86:39882 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:50 [LAN access from remote] from 185.156.74.33:49032 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:49 [LAN access from remote] from 45.82.153.19:28837 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:48 [LAN access from remote] from 193.27.229.103:14911 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:47 [LAN access from remote] from 185.193.88.63:47548 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:46 [LAN access from remote] from 87.251.67.15:58365 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:45 [LAN access from remote] from 185.153.199.142:35166 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:44 [LAN access from remote] from 87.251.67.6:10916 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:43 [LAN access from remote] from 185.156.74.32:42050 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:42 [LAN access from remote] from 185.156.74.26:36454 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:41 [LAN access from remote] from 193.93.62.6:50580 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:40 [LAN access from remote] from 87.251.67.20:39992 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:39 [LAN access from remote] from 193.93.62.33:63592 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:38 [LAN access from remote] from 45.146.165.93:50182 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:37 [LAN access from remote] from 193.93.62.5:61235 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:36 [LAN access from remote] from 194.61.54.38:56301 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:35 [LAN access from remote] from 185.153.199.143:33256 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:34 [LAN access from remote] from 193.93.62.36:64380 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:33 [LAN access from remote] from 45.146.165.237:33748 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:32 [LAN access from remote] from 193.93.62.99:50600 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:31 [LAN access from remote] from 87.251.67.22:30548 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:30 [LAN access from remote] from 193.93.62.46:51185 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:29 [LAN access from remote] from 193.93.62.27:63073 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:28 [LAN access from remote] from 185.202.2.39:56248 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:27 [LAN access from remote] from 87.251.67.10:39795 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:26 [LAN access from remote] from 87.251.67.14:5506 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:25 [LAN access from remote] from 45.146.165.93:32956 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:24 [LAN access from remote] from 193.29.13.13:63538 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:23 [LAN access from remote] from 193.93.62.45:61466 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:22 [LAN access from remote] from 193.29.13.13:51147 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:21 [LAN access from remote] from 87.251.67.157:6686 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:20 [LAN access from remote] from 45.146.166.5:41022 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:19 [LAN access from remote] from 185.156.74.35:45612 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:18 [LAN access from remote] from 193.29.13.15:60153 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:17 [LAN access from remote] from 193.93.62.53:54106 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:16 [LAN access from remote] from 193.93.62.45:60878 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:15 [LAN access from remote] from 185.193.88.93:40972 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:14 [LAN access from remote] from 45.146.165.151:45896 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:13 [LAN access from remote] from 45.146.166.7:59488 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:12 [LAN access from remote] from 185.193.88.95:37558 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:11 [LAN access from remote] from 45.146.165.167:37410 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:10 [LAN access from remote] from 45.146.165.180:33140 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:09 [LAN access from remote] from 185.193.88.76:43654 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:08 [LAN access from remote] from 185.193.88.118:60460 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:07 [LAN access from remote] from 193.93.62.6:54692 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:06 [LAN access from remote] from 193.93.62.42:65280 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:05 [LAN access from remote] from 185.193.88.86:34924 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:04 [LAN access from remote] from 185.156.74.33:47694 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:03 [LAN access from remote] from 45.146.166.10:43878 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:02 [LAN access from remote] from 193.93.62.50:60434 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:01 [LAN access from remote] from 87.251.67.16:25008 to 192.168.1.2:3389, Sunday, November 29, 2020 20:56:00 [LAN access from remote] from 45.82.153.18:50054 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:59 [LAN access from remote] from 87.251.66.21:59964 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:58 [LAN access from remote] from 87.251.67.27:45962 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:57 [LAN access from remote] from 87.251.67.23:4331 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:56 [LAN access from remote] from 87.251.66.22:64740 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:55 [LAN access from remote] from 87.251.67.28:33213 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:54 [LAN access from remote] from 87.251.67.26:2569 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:53 [LAN access from remote] from 87.251.66.21:56829 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:52 [LAN access from remote] from 45.146.165.153:35506 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:51 [LAN access from remote] from 87.251.67.24:34303 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:50 [LAN access from remote] from 193.93.62.31:54489 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:49 [LAN access from remote] from 45.146.165.94:50268 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:48 [LAN access from remote] from 45.146.165.245:41960 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:47 [LAN access from remote] from 87.251.67.27:5201 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:46 [LAN access from remote] from 87.251.67.27:5083 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:45 [LAN access from remote] from 87.251.67.22:56920 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:44 [LAN access from remote] from 87.251.66.23:62239 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:43 [LAN access from remote] from 87.251.67.26:19787 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:42 [LAN access from remote] from 185.156.74.16:56954 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:41 [LAN access from remote] from 45.82.153.17:18212 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:40 [LAN access from remote] from 185.193.88.86:35654 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:39 [LAN access from remote] from 185.156.74.33:60340 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:38 [LAN access from remote] from 185.193.88.31:28881 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:37 [LAN access from remote] from 193.93.62.76:61528 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:36 [LAN access from remote] from 45.146.166.10:60558 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:35 [LAN access from remote] from 193.27.229.103:50760 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:34 [LAN access from remote] from 87.251.75.19:7196 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:33 [LAN access from remote] from 193.93.62.5:51340 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:32 [LAN access from remote] from 185.156.74.11:55738 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:31 [LAN access from remote] from 87.251.67.25:2104 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:30 [LAN access from remote] from 193.93.62.20:60615 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:29 [LAN access from remote] from 185.153.199.142:17795 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:28 [LAN access from remote] from 185.156.74.26:50008 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:27 [LAN access from remote] from 185.156.74.32:50008 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:26 [LAN access from remote] from 194.61.54.38:26753 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:25 [LAN access from remote] from 193.93.62.47:56520 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:24 [LAN access from remote] from 87.251.67.30:51083 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:23 [LAN access from remote] from 193.93.62.99:54112 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:22 [LAN access from remote] from 185.193.88.33:47716 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:21 [LAN access from remote] from 45.82.153.17:1358 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:20 [LAN access from remote] from 87.251.67.13:50607 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:19 [LAN access from remote] from 87.251.67.28:13444 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:18 [LAN access from remote] from 87.251.67.12:30750 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:17 [LAN access from remote] from 87.251.67.12:30673 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:16 [LAN access from remote] from 87.251.67.12:30444 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:15 [LAN access from remote] from 193.93.62.33:63646 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:14 [LAN access from remote] from 87.251.67.12:30295 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:13 [LAN access from remote] from 87.251.67.12:30208 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:12 [LAN access from remote] from 87.251.67.15:33399 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:11 [LAN access from remote] from 45.146.166.7:42244 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:10 [LAN access from remote] from 87.251.67.11:48381 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:09 [LAN access from remote] from 193.93.62.96:58969 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:08 [LAN access from remote] from 45.146.165.245:44458 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:07 [LAN access from remote] from 185.156.74.16:44820 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:06 [LAN access from remote] from 193.27.229.103:14696 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:05 [LAN access from remote] from 45.146.165.94:48052 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:04 [LAN access from remote] from 193.93.62.94:56856 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:03 [LAN access from remote] from 87.251.67.14:19109 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:02 [LAN access from remote] from 193.93.62.24:53983 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:01 [LAN access from remote] from 87.251.66.26:58551 to 192.168.1.2:3389, Sunday, November 29, 2020 20:55:00 [LAN access from remote] from 194.61.54.38:22875 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:59 [LAN access from remote] from 87.251.67.8:9850 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:58 [LAN access from remote] from 45.146.166.10:51508 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:57 [LAN access from remote] from 185.156.74.11:52844 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:56 [LAN access from remote] from 87.251.66.22:52672 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:55 [LAN access from remote] from 185.193.88.121:38480 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:54 [LAN access from remote] from 185.156.74.36:46290 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:53 [LAN access from remote] from 45.82.153.22:44357 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:52 [LAN access from remote] from 193.93.62.32:65145 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:51 [LAN access from remote] from 193.93.62.51:61873 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:50 [LAN access from remote] from 193.27.229.103:5177 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:49 [LAN access from remote] from 193.93.62.65:57313 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:48 [LAN access from remote] from 87.251.67.17:57975 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:47 [LAN access from remote] from 185.156.74.26:47516 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:46 [LAN access from remote] from 185.156.74.32:44600 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:45 [LAN access from remote] from 193.93.62.32:64077 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:44 [LAN access from remote] from 87.251.67.26:26470 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:43 [LAN access from remote] from 193.93.62.43:64654 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:42 [LAN access from remote] from 185.193.88.33:52122 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:41 [LAN access from remote] from 45.146.165.153:53910 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:40 [LAN access from remote] from 193.93.62.39:60843 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:39 [LAN access from remote] from 185.193.88.93:40744 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:38 [LAN access from remote] from 45.146.165.151:40446 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:37 [LAN access from remote] from 45.146.165.237:57122 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:35 [LAN access from remote] from 185.153.199.143:55751 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:34 [LAN access from remote] from 185.193.88.87:47348 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:33 [LAN access from remote] from 193.27.229.103:55106 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:32 [LAN access from remote] from 87.251.67.7:24449 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:31 [LAN access from remote] from 194.61.54.67:53270 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:30 [LAN access from remote] from 185.193.88.93:44814 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:29 [LAN access from remote] from 45.146.165.151:60190 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:28 [LAN access from remote] from 193.93.62.27:51383 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:27 [LAN access from remote] from 185.193.88.121:37408 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:26 [LAN access from remote] from 45.146.165.245:46006 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:25 [LAN access from remote] from 45.146.166.7:46944 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:24 [LAN access from remote] from 45.146.165.94:55258 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:23 [LAN access from remote] from 185.156.74.16:52048 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:22 [LAN access from remote] from 87.251.67.30:20751 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:21 [LAN access from remote] from 185.156.74.9:57364 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:20 [LAN access from remote] from 193.27.229.103:27135 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:19 [LAN access from remote] from 87.251.67.23:27053 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:18 [LAN access from remote] from 185.193.88.86:43628 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:17 [LAN access from remote] from 185.156.74.33:53838 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:16 [LAN access from remote] from 193.93.62.59:51119 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:15 [LAN access from remote] from 87.251.67.20:22796 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:14 [LAN access from remote] from 45.146.166.10:34234 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:13 [LAN access from remote] from 185.202.2.39:10066 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:12 [LAN access from remote] from 194.61.54.38:64609 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:11 [LAN access from remote] from 193.93.62.65:54352 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:10 [LAN access from remote] from 193.29.13.17:49337 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:09 [LAN access from remote] from 185.156.74.26:36788 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:08 [LAN access from remote] from 185.156.74.32:60772 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:07 [LAN access from remote] from 193.93.62.23:52992 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:06 [LAN access from remote] from 193.93.62.12:54344 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:05 [LAN access from remote] from 193.93.62.59:52976 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:04 [LAN access from remote] from 193.93.62.92:52590 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:03 [LAN access from remote] from 193.93.62.100:62018 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:02 [LAN access from remote] from 193.93.62.47:58169 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:01 [LAN access from remote] from 45.82.153.19:21174 to 192.168.1.2:3389, Sunday, November 29, 2020 20:54:00 [LAN access from remote] from 185.193.88.93:53300 to 192.168.1.2:3389, Sunday, November 29, 2020 20:53:59 [LAN access from remote] from 193.93.62.45:61515 to 192.168.1.2:3389, Sunday, November 29, 2020 20:53:58 [LAN access from remote] from 45.146.165.237:46926 to 192.168.1.2:3389, Sunday, November 29, 2020 20:53:57 [LAN access from remote] from 87.251.67.15:50288 to 192.168.1.2:3389, Sunday, November 29, 2020 20:53:56 [LAN access from remote] from 45.146.165.151:57266 to 192.168.1.2:3389, Sunday, November 29, 2020 20:53:55 [LAN access from remote] from 185.193.88.87:33294 to 192.168.1.2:3389, Sunday, November 29, 2020 20:53:54 [LAN access from remote] from 193.93.62.78:64281 to 192.168.1.2:3389, Sunday, November 29, 2020 20:53:53 [LAN access from remote] from 87.251.66.21:59326 to 192.168.1.2:3389, Sunday, November 29, 2020 20:53:52 [LAN access from remote] from 193.29.13.11:65060 to 192.168.1.2:3389, Sunday, November 29, 2020 20:53:51 [LAN access from remote] from 185.193.88.118:44850 to 192.168.1.2:3389, Sunday, November 29, 2020 20:53:50 [LAN access from remote] from 185.156.74.9:53476 to 192.168.1.2:3389, Sunday, November 29, 2020 20:53:49 [LAN access from remote] from 185.193.88.120:53866 to 192.168.1.2:3389, Sunday, November 29, 2020 20:53:48 [LAN access from remote] from 185.153.199.142:35121 to 192.168.1.2:3389, Sunday, November 29, 2020 20:53:47 Thank you Link to comment https://www.neowin.net/forum/topic/1402765-malwarebytes/#findComment-598606494 Share on other sites More sharing options...
0 jnelsoninjax Posted November 30, 2020 Share Posted November 30, 2020 Paging @BudMan, he would be the best source of answers for you! Link to comment https://www.neowin.net/forum/topic/1402765-malwarebytes/#findComment-598606496 Share on other sites More sharing options...
0 +Warwagon MVC Posted November 30, 2020 MVC Share Posted November 30, 2020 Shields up https://www.grc.com/shieldsup Go there and have it test all your ports, but first do a test for just port 3389 Link to comment https://www.neowin.net/forum/topic/1402765-malwarebytes/#findComment-598606499 Share on other sites More sharing options...
0 LilSnoop40 Posted November 30, 2020 Author Share Posted November 30, 2020 ok, prior to seeing this posted I changed my port in my registry then ran the following test as you said. should I now put the port back to default and see if the results are different?: "All Service Ports": "File Sharing Ports": "Common Ports": "Universal Plug n'Play (UPnP)": Link to comment https://www.neowin.net/forum/topic/1402765-malwarebytes/#findComment-598606500 Share on other sites More sharing options...
0 +Warwagon MVC Posted November 30, 2020 MVC Share Posted November 30, 2020 Go under the port forwarding section of your router and see if you have an entry in there, port forwarding port 3389 to 192.168.1.2. It should be located under ADVANCED > Advanced Setup > Port Forwarding/Port Triggering. It could be that a little critter running on your system used UPnP to open a port on your router. Link to comment https://www.neowin.net/forum/topic/1402765-malwarebytes/#findComment-598606501 Share on other sites More sharing options...
0 +Warwagon MVC Posted November 30, 2020 MVC Share Posted November 30, 2020 3 hours ago, Jim K said: It could just go away after "they" give up? It should NOT be making it so far in that malwarebytes is detecting it. Smells of a Malicious UPnP port forward. Link to comment https://www.neowin.net/forum/topic/1402765-malwarebytes/#findComment-598606506 Share on other sites More sharing options...
0 LilSnoop40 Posted November 30, 2020 Author Share Posted November 30, 2020 ok after running the test above I changed back RDP port in my registry to default 3389 and back in the router and then ran the above test again but nothing changed. but since changing back in the router and in the registry Malwarebytes is back to alerting me of possible compromised. is this something to be worried about as all the test have came back passed? should I change my RDP port to stop this?: This has always been set to off: a And NAT has always been set this way per XBOX instructions: Link to comment https://www.neowin.net/forum/topic/1402765-malwarebytes/#findComment-598606514 Share on other sites More sharing options...
0 +Warwagon MVC Posted November 30, 2020 MVC Share Posted November 30, 2020 13 minutes ago, LilSnoop40 said: ok after running the test above I changed back RDP port in my registry to default 3389 and back in the router and then ran the above test again but nothing changed. but since changing back in the router and in the registry Malwarebytes is back to alerting me of possible compromised. is this something to be worried about as all the test have came back passed? should I change my RDP port to stop this?: This has always been set to off: a And NAT has always been set this way per XBOX instructions: Seeing as you have "port forward like activity" and you have a port forward entry for RDP pointing to your desktop IP, I'd delete that entry out of there. I don't think it's off. I think just being in there means it's on. I don't see a disable option. . Delete it and apply. Link to comment https://www.neowin.net/forum/topic/1402765-malwarebytes/#findComment-598606516 Share on other sites More sharing options...
0 LilSnoop40 Posted November 30, 2020 Author Share Posted November 30, 2020 ok, I have deleted that out. But I use RDP when I am away from my house and I need to get into my laptop remotely. Can I change the port in my registry then on that router page above to a new port will that fix this and am I safe? is there anything to worry about after all the test said I have passed? Link to comment https://www.neowin.net/forum/topic/1402765-malwarebytes/#findComment-598606517 Share on other sites More sharing options...
0 +Warwagon MVC Posted November 30, 2020 MVC Share Posted November 30, 2020 20 minutes ago, LilSnoop40 said: ok, I have deleted that out. But I use RDP when I am away from my house and I need to get into my laptop remotely. Can I change the port in my registry then on that router page above to a new port will that fix this and am I safe? is there anything to worry about after all the test said I have passed? Number #1 rule of thumb, never open / expose RDP to the internet, for reasons you've just experienced. What you need to do is get a rasberry pi and run PiVPN. Dirt simple to setup and it will allow you to securly access your lan without exposing RDP to the interwebs. This is how I access my Quickbooks workstation computer when i'm working from my gf's house. I connect to my VPN, THEN connect to RDP. Changing your port # would be considered "Security through obscurity" Link to comment https://www.neowin.net/forum/topic/1402765-malwarebytes/#findComment-598606518 Share on other sites More sharing options...
0 LilSnoop40 Posted November 30, 2020 Author Share Posted November 30, 2020 I do have a Pi-Hole on my network that is plugged into my Orbi and the Pi-Hole handles the DHCP across my network. I looked up trying to setup the vpn on my pi-hole but I couldn't figure it out and wasn't sure if there was a free VPN to use? Link to comment https://www.neowin.net/forum/topic/1402765-malwarebytes/#findComment-598606520 Share on other sites More sharing options...
0 +Warwagon MVC Posted November 30, 2020 MVC Share Posted November 30, 2020 3 minutes ago, LilSnoop40 said: I do have a Pi-Hole on my network that is plugged into my Orbi and the Pi-Hole handles the DHCP across my network. I looked up trying to setup the vpn on my pi-hole but I couldn't figure it out and wasn't sure if there was a free VPN to use? Ya, if you have pihole running on a rasberry pi, you could probably run both off the same pi. Link to comment https://www.neowin.net/forum/topic/1402765-malwarebytes/#findComment-598606521 Share on other sites More sharing options...
0 LilSnoop40 Posted November 30, 2020 Author Share Posted November 30, 2020 I believe I am using the Raspberry Pi Model B v2.0? they are from 2013, 2014 I believe. Is there a free reliable VPN that I can use across my network that won't limit me? Link to comment https://www.neowin.net/forum/topic/1402765-malwarebytes/#findComment-598606524 Share on other sites More sharing options...
0 adrynalyne Posted November 30, 2020 Share Posted November 30, 2020 (edited) 15 minutes ago, LilSnoop40 said: I believe I am using the Raspberry Pi Model B v2.0? they are from 2013, 2014 I believe. Is there a free reliable VPN that I can use across my network that won't limit me? Limit you in what way? If you mean speed-wise, probably not. It takes a lot of processing power for VPNs and if you have high speed internet, it’s going to take an expensive piece if hardware to keep that speed up. A Pi won’t cut it. They said, you can use PiVPN and it’s free. Link to comment https://www.neowin.net/forum/topic/1402765-malwarebytes/#findComment-598606528 Share on other sites More sharing options...
0 LilSnoop40 Posted November 30, 2020 Author Share Posted November 30, 2020 (edited) ok, I am using this guide now to try and install this https://medium.com/@timebarrier/install-pivpn-with-wireguard-on-a-raspberry-pi-with-pihole-19d95ba8d206 will this do the same thing as mentioned above? not really sure about the VPN thing. Link to comment https://www.neowin.net/forum/topic/1402765-malwarebytes/#findComment-598606529 Share on other sites More sharing options...
0 +Warwagon MVC Posted November 30, 2020 MVC Share Posted November 30, 2020 8 hours ago, LilSnoop40 said: ok, I am using this guide now to try and install this https://medium.com/@timebarrier/install-pivpn-with-wireguard-on-a-raspberry-pi-with-pihole-19d95ba8d206 will this do the same thing as mentioned above? not really sure about the VPN thing. I am running my VPN off a raspberry pi 3 b+ I have 250 Down and 20 up Link to comment https://www.neowin.net/forum/topic/1402765-malwarebytes/#findComment-598606577 Share on other sites More sharing options...
0 LilSnoop40 Posted November 30, 2020 Author Share Posted November 30, 2020 ok, I have 550 down and 25 up. I tried to follow the video on doing this but the part where you pick Public IP or the website method for changing IP's I got lost. I created the name at No-IP but noticed that in the setup on the pi-hole when you select DNS public it doesn't ask me for the name of which I created so I stopped. Another question about the VPN, I might not be understanding something so as of now any device on my network is being protected by the pi-hole. If I setup the VPN on my Pi-Hole will all me devices be on a VPN as well? Thank you Link to comment https://www.neowin.net/forum/topic/1402765-malwarebytes/#findComment-598606582 Share on other sites More sharing options...
0 +Warwagon MVC Posted November 30, 2020 MVC Share Posted November 30, 2020 19 minutes ago, LilSnoop40 said: ok, I have 550 down and 25 up. I tried to follow the video on doing this but the part where you pick Public IP or the website method for changing IP's I got lost. I created the name at No-IP but noticed that in the setup on the pi-hole when you select DNS public it doesn't ask me for the name of which I created so I stopped. Another question about the VPN, I might not be understanding something so as of now any device on my network is being protected by the pi-hole. If I setup the VPN on my Pi-Hole will all me devices be on a VPN as well? Thank you When connecting to the vpn all that does is put what ever device opens up openVPN and connects, on your network. All your other devices are already on your network but will then be accessible outside the house when connecting to the vpn. As to your first question I think you can edit a config file after the fact and that No-IP address. Link to comment https://www.neowin.net/forum/topic/1402765-malwarebytes/#findComment-598606587 Share on other sites More sharing options...
0 adrynalyne Posted November 30, 2020 Share Posted November 30, 2020 (edited) 56 minutes ago, warwagon said: I am running my VPN off a raspberry pi 3 b+ I have 250 Down and 20 up Through your VPN? Prove it. This highlights what I am saying. https://github.com/pivpn/pivpn/issues/605 Link to comment https://www.neowin.net/forum/topic/1402765-malwarebytes/#findComment-598606590 Share on other sites More sharing options...
Question
LilSnoop40
hello, question Malwarebytes keeps popping up this alert every minute... can anyone explain as i tried to google the ip address and have no idea what's happening?
Link to comment
https://www.neowin.net/forum/topic/1402765-malwarebytes/Share on other sites
32 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now