PDA

View Full Version : Malwarebytes blocking SpyBot?



amzolt
2014-03-21, 01:07
I'm running SpyBot and Malwarebyte both with live protection.

Malwarebytes is saying it's blocking SpyBot's sdfssvc.exe

Malwarebytes is giving me this in its log:

2014/03/20 03:43:56 -0400 OWNER-PC owner IP-BLOCK 78.140.163.135 (Type: outgoing, Port: 62429, Process: sdfssvc.exe)
2014/03/20 03:43:56 -0400 OWNER-PC owner IP-BLOCK 78.140.163.135 (Type: outgoing, Port: 62457, Process: sdfssvc.exe)
2014/03/20 03:44:04 -0400 OWNER-PC owner IP-BLOCK 78.140.163.135 (Type: outgoing, Port: 62484, Process: sdfssvc.exe)
2014/03/20 03:44:13 -0400 OWNER-PC owner IP-BLOCK 78.140.163.135 (Type: outgoing, Port: 62573, Process: sdfssvc.exe)
2014/03/20 03:44:13 -0400 OWNER-PC owner IP-BLOCK 78.140.163.135 (Type: outgoing, Port: 62596, Process: sdfssvc.exe)
2014/03/20 04:26:17 -0400 OWNER-PC owner IP-BLOCK 88.85.68.44 (Type: outgoing, Port: 56089, Process: sdfssvc.exe)
2014/03/20 04:26:17 -0400 OWNER-PC owner IP-BLOCK 88.85.68.44 (Type: outgoing, Port: 56091, Process: sdfssvc.exe)
2014/03/20 04:43:16 -0400 OWNER-PC owner IP-BLOCK 195.208.0.15 (Type: outgoing, Port: 59366, Process: sdfssvc.exe)
2014/03/20 04:43:16 -0400 OWNER-PC owner IP-BLOCK 195.208.0.15 (Type: outgoing, Port: 59369, Process: sdfssvc.exe)
2014/03/20 04:48:20 -0400 OWNER-PC owner IP-BLOCK 94.102.52.196 (Type: outgoing, Port: 60765, Process: sdfssvc.exe)
2014/03/20 04:48:20 -0400 OWNER-PC owner IP-BLOCK 94.102.52.196 (Type: outgoing, Port: 60768, Process: sdfssvc.exe)
2014/03/20 04:48:36 -0400 OWNER-PC owner IP-BLOCK 94.102.52.196 (Type: outgoing, Port: 60906, Process: sdfssvc.exe)
2014/03/20 04:48:36 -0400 OWNER-PC owner IP-BLOCK 94.102.52.196 (Type: outgoing, Port: 60917, Process: sdfssvc.exe)
2014/03/20 04:48:52 -0400 OWNER-PC owner IP-BLOCK 94.102.52.196 (Type: outgoing, Port: 61028, Process: sdfssvc.exe)
2014/03/20 04:48:52 -0400 OWNER-PC owner IP-BLOCK 94.102.52.196 (Type: outgoing, Port: 61031, Process: sdfssvc.exe)

Yesterday I got this:
2014/03/19 17:01:57 -0400 OWNER-PC owner IP-BLOCK 72.21.215.133 (Type: outgoing, Port: 62443, Process: sdfssvc.exe)
2014/03/19 17:01:57 -0400 OWNER-PC owner IP-BLOCK 72.21.215.133 (Type: outgoing, Port: 62445, Process: sdfssvc.exe)
2014/03/19 17:01:57 -0400 OWNER-PC owner IP-BLOCK 72.21.215.133 (Type: outgoing, Port: 62449, Process: sdfssvc.exe)
2014/03/19 17:01:57 -0400 OWNER-PC owner IP-BLOCK 72.21.215.133 (Type: outgoing, Port: 62457, Process: sdfssvc.exe)
2014/03/19 17:01:57 -0400 OWNER-PC owner IP-BLOCK 72.21.215.133 (Type: outgoing, Port: 62458, Process: sdfssvc.exe)
2014/03/19 17:26:32 -0400 OWNER-PC owner IP-BLOCK 72.21.215.133 (Type: outgoing, Port: 49787, Process: sdfssvc.exe)
2014/03/19 17:26:32 -0400 OWNER-PC owner IP-BLOCK 72.21.215.133 (Type: outgoing, Port: 49794, Process: sdfssvc.exe)

What's going on?

What a solution?

tashi
2014-03-21, 05:23
Hello amzolt, :welcome:

IP Block locations:
Netherlands
Russian Federation
United States



Malwarebytes is saying it's blocking SpyBot's sdfssvc.exe

<snip>

What's going on?

What a solution?

As this is a log from a malwarebytes scan please ask at their forum (https://forums.malwarebytes.org/index.php?showtopic=138570) so they can assist. :)

There is a similar topic here (https://forums.malwarebytes.org/index.php?showtopic=138570) but we don't carry adverts on our site.

Please let us know how it goes.

Best regards.

amzolt
2014-03-21, 15:57
Hello amzolt, :welcome:

IP Block locations:
Netherlands
Russian Federation
United States



As this is a log from a malwarebytes scan please ask at their forum (https://forums.malwarebytes.org/index.php?showtopic=138570) so they can assist. :)

There is a similar topic here (https://forums.malwarebytes.org/index.php?showtopic=138570) but we don't carry adverts on our site.

Please let us know how it goes.

Best regards.

I've been dealing with the folks at Malwarebytes and they deny it's blocking sdfssvc.exe

They're telling me something has taken over sdfssvc.exe -- but their reasons don't seem right...

tashi
2014-03-21, 17:02
Hello amzolt,


I've been dealing with the folks at Malwarebytes and they deny it's blocking sdfssvc.exe

They're telling me something has taken over sdfssvc.exe -- but their reasons don't seem right...

In a topic at their site you can link me to or via e-mail support? :)

Kind regards.

amzolt
2014-03-21, 17:04
Hello amzolt,



In a topic at their site or via e-mail support?

Kind regards.

Email support...

tashi
2014-03-21, 17:09
Hi amzolt,


Email support...

Is this a personal computer, or business, corporate, institutional computer and used in such an environment?

Best regards,

amzolt
2014-03-21, 17:11
Hi amzolt,



Is this a personal computer, or business, corporate, institutional computer and used in such an environment?

Best regards,

Just my personal computer...

tashi
2014-03-21, 17:24
Hello amzolt,

Perhaps someone should take a look at the system.

To start that process please start a topic in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) and a volunteer analyst will advise when available.

First see that forum's FAQ which also includes instructions in post #2 on how to provide DDS and aswMBR logs, which are used in the preliminary analysis.
http://forums.spybot.info/showthread.php?t=288

Best regards.

amzolt
2014-03-21, 17:45
Hello amzolt,

Perhaps someone should take a look at the system.

To start that process please start a topic in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) and a volunteer analyst will advise when available.

First see that forum's FAQ which also includes instructions in post #2 on how to provide DDS and aswMBR logs, which are used in the preliminary analysis.
http://forums.spybot.info/showthread.php?t=288

Best regards.

Not sure if this is pertinent but Microsoft Security Essentials just detected and cleaned TrojanClicker:Win32/Clikug.A (I did not have MSE's live protection turned on...) and it said that that trojan could try to connect to the Internet << I mention this because all the blocks of sdfssvc.exe by Malwarebytes were "Outgoing".........

Also, my Spybot AS+AV ended up turned off after that happened!!

tashi
2014-03-21, 18:02
Hello amzolt,


Not sure if this is pertinent but Microsoft Security Essentials just detected and cleaned TrojanClicker:Win32/Clikug.A (I did not have MSE's live protection turned on...) and it said that that trojan could try to connect to the Internet << I mention this because all the blocks of sdfssvc.exe by Malwarebytes were "Outgoing".........

Also, my Spybot AS+AV ended up turned off after that happened!!

How many anti virus programs do you have installed on the machine?

Best regards.

amzolt
2014-03-21, 18:06
Hello amzolt,



How many anti virus programs do you have installed on the machine?

Best regards.

Well, Microsoft Security Essentials but I don't use the Live protection---I run a virus check every Wednesday...

Then, I have Malwarebytes and SpyBot and I run both of their Live Protections as well a using each to scan on Saturdays...

tashi
2014-03-21, 18:29
Hello amzolt,

If you haven't already started a malware topic at any other site please follow the instructions to start a topic in the malware forum here, as previously posted (#8) in this thread. :)

http://forums.spybot.info/showthread.php?70338-Malwarebytes-blocking-SpyBot&p=451469&viewfull=1#post451469

Best regards.