MBAM IP-BLOCK

[Dennis]

My mother's PC's MBAM is reporting...

2012/02/05 12:00:12 -0500 DOGWOOD Denny IP-BLOCK 194.54.81.86 (Type:
incoming)
2012/02/05 12:00:54 -0500 DOGWOOD Denny IP-BLOCK 194.54.81.86 (Type:
outgoing)

It looks like MBAM is doing its job, but I am a little bit concerned
about this. 'whois' reports that this is a server in the Ukraine, which
raises red flags. Does anyone have any suggestions on what to do to
track this down? Is there a way to see which program is making this
request?

Thanks,

 

[David W. Hodgins]

My mother's PC's MBAM is reporting...

2012/02/05 12:00:12 -0500 DOGWOOD Denny IP-BLOCK 194.54.81.86 (Type:
incoming)
2012/02/05 12:00:54 -0500 DOGWOOD Denny IP-BLOCK 194.54.81.86 (Type:
outgoing)

It looks like MBAM is doing its job, but I am a little bit concerned
about this. 'whois' reports that this is a server in the Ukraine, which
raises red flags. Does anyone have any suggestions on what to do to

$ host 194.54.81.86
86.81.54.194.in-addr.arpa domain name pointer server9301.teamviewer.com

Have you installed teamviewer on that system?

Regards, Dave Hodgins

 

[Dustin]

$ host 194.54.81.86
86.81.54.194.in-addr.arpa domain name pointer
server9301.teamviewer.com

Have you installed teamviewer on that system?

Regards, Dave Hodgins

*sigh*. Probably should report that to them. teamviewer shouldnt be
blocked by default...

 

[Dennis]

From: "Dennis" <[email protected]>

| My mother's PC's MBAM is reporting...
|
| 2012/02/05 12:00:12 -0500 DOGWOOD Denny IP-BLOCK 194.54.81.86 (Type:
| incoming)
| 2012/02/05 12:00:54 -0500 DOGWOOD Denny IP-BLOCK 194.54.81.86 (Type:
| outgoing)
|
| It looks like MBAM is doing its job, but I am a little bit concerned
| about this. 'whois' reports that this is a server in the Ukraine, which
| raises red flags. Does anyone have any suggestions on what to do to
| track this down? Is there a way to see which program is making this
| request?
|
| Thanks,

What anti virus application is used in conjunction with MBAM ?

Avira free. I am running scans right now. I googled around for more info
on the MBAM IP-BLOCK and found some sample logs. Those MBAM logs showed
the process name somewhere after incoming/outgoing. I am wondering why I
didn't get that.

When my scans are complete I plan on shutting everything down and then
bringing the system back up without opening any other programs. Then I
will watch for the IP-BLOCKs. It seems like I saw them fairly quickly
after I first logged in to her PC, but they stopped happening within a
minute or so.

 

[Dennis]

$ host 194.54.81.86
86.81.54.194.in-addr.arpa domain name pointer server9301.teamviewer.com

Have you installed teamviewer on that system?

AH-HA! Yes. I looked at the Windows firewall and noted that TeamViewer
was listed under 'exceptions'. But apparently not in MBAM. That explains
a lot.

Thanks,

 

[Dennis]

*sigh*. Probably should report that to them. teamviewer shouldnt be
blocked by default...

Report to MBAM?

 

[Dustin]

Report to MBAM?

yep.

 

[Dennis]

yep.

Done.

Thanks for your help. I believe I can manually mark that IP as an
exception, but if it only pops up when I remotely connect to her PC than
I am not going to bother. I'll let MBAM handle it.

 

[David W. Hodgins]

yep.

Depends on who installed teamviewer. If it's been intentionally
installed by the owner of the system, then it can be ignored. If
not, then the owner does need to be made aware that it has been
installed. In my opinion, it's a potentially un-wanted program.

Regards, Dave Hodgins

 

[FredW]

Say, that's a nice program. May I ask where you got it?

- Teamviewer 7.0.12541 (free)
http://www.teamviewer.com/en/index.aspx

I prefer the portable version:
http://www.teamviewer.com/en/download/index.aspx

 

[Shadow]

Say, that's a nice program. May I ask where you got it?

It's linux, and very expensive. There is a free trial here:

http://centralops.net/co/DomainDossier.aspx



[]'s

 

[G. Morgan]

Depends on who installed teamviewer. If it's been intentionally
installed by the owner of the system, then it can be ignored. If
not, then the owner does need to be made aware that it has been
installed. In my opinion, it's a potentially un-wanted program.

Regards, Dave Hodgins

Then why do they ignore commercial key loggers that corporations use?

 

[David W. Hodgins]

It's linux, and very expensive. There is a free trial here:
http://centralops.net/co/DomainDossier.aspx

Lol! Didn't occur to me that Caesar was referring to the
host command. I also assumed he was referring to the teamviewer
program.

In windows, you can use the nslookup command, as in ...
C:\>nslookup 194.54.81.86
*** Can't find server name for address 192.168.20.101: No response from server
Server: ns1.ody.ca
Address: 216.240.0.1

Name: server9301.teamviewer.com
Address: 194.54.81.86

I'm using the Mageia distribution of linux, which you can get from
http://www.mageia.org/en/downloads/

Regards, Dave Hodgins

 

[FromTheRafters]

Then why do they ignore commercial key loggers that corporations use?

IMO, such a program loses all of its claim to legitimacy if it offers a
way to install it surreptitiously. Both keyloggers and RATs are
legitimate programs when installed with the administrators blessing.

 

[G. Morgan]

IMO, such a program loses all of its claim to legitimacy if it offers a
way to install it surreptitiously. Both keyloggers and RATs are
legitimate programs when installed with the administrators blessing.

I agree, but I also would like to know about it in the scan.

 

[G. Morgan]

| IMO, such a program loses all of its claim to legitimacy if it offers a
| way to install it surreptitiously. Both keyloggers and RATs are
| legitimate programs when installed with the administrators blessing.

And the EULA defines its capabilities properly.

What this? Standard CYA,stuff. Where does it get specific?

Warranties and Damages

16. Malwarebytes makes no warranty about the quality of the Software or
its ability to eliminate any specific malware threats.
17. Malwarebytes makes no warranty as to the completeness of the
Database or protection modules.
18. Malwarebytes makes no warranty concerning the comparison of the
Software to any similar software or any industry standard.
19. Malwarebytes makes no warranty about the compatibility of the
Software with any other software or hardware.
20. Malwarebytes does not give any warranty in relation to
non-infringement of intellectual property rights.
21. Malwarebytes makes no warranty about the availability of its
customer service representatives or their ability to solve any malware
or other computer issues.

 

[David H. Lipman]

LOL
ping -a 194.54.81.86

Pinging server9301.teamviewer.com [194.54.81.86] with 32 bytes of data:

Well gee, I don't get the hostname resolution from my ping.

ping -a IP_address

 

[David H. Lipman]

|> IMO, such a program loses all of its claim to legitimacy if it offers a
|> way to install it surreptitiously. Both keyloggers and RATs are
|> legitimate programs when installed with the administrators blessing.

What this? Standard CYA,stuff. Where does it get specific?

Warranties and Damages

16. Malwarebytes makes no warranty about the quality of the Software or
its ability to eliminate any specific malware threats.
17. Malwarebytes makes no warranty as to the completeness of the
Database or protection modules.
18. Malwarebytes makes no warranty concerning the comparison of the
Software to any similar software or any industry standard.
19. Malwarebytes makes no warranty about the compatibility of the
Software with any other software or hardware.
20. Malwarebytes does not give any warranty in relation to
non-infringement of intellectual property rights.
21. Malwarebytes makes no warranty about the availability of its
customer service representatives or their ability to solve any malware
or other computer issues.

There are legitimate kleyloggers. If the product surreptitiously and it is a EULA that
covers the actions it takes then it is not malwware.

Any questions, post on the Malwarebytes forum and ask .

 

[Shadow]

There are legitimate kleyloggers. If the product surreptitiously and it is a EULA that
covers the actions it takes then it is not malwware.

Kind of awkward if my son or his buddies plant a "legitimate
Keylogger" on my PC when I'm out. (Thank goodness, he does not have
the capabilities, he's in his last year at Computer Science at
University, and seems to think software installing is something techs
should study kkkkkkkkkkkkkk)

Companies in all fairness should inform employees that
keyloggers are planted for security reasons.
Malwarebytes should have a "Keylogger" section, with warnings
that if the Keylogger is detected, it should not be removed, unless
the user has legal rights to do so on that computer. But the user
should be allowed to know.
IMHO
[]'s

 

[FromTheRafters]

I agree, but I also would like to know about it in the scan.

Agreed, especially since a miscreant could conceivably install
legitimate software surreptitiously if he or she had the access and
sufficient privileges.

The thing is, how to make it so the target being legitimately under
surveillance (or remote administration/control) doesn't see the *warning*.