Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Malwarebytes blocking SpyBot?

  1. #1
    Junior Member amzolt's Avatar
    Join Date
    Mar 2014
    Location
    Kettering, OH, USA
    Posts
    7

    Exclamation Malwarebytes blocking SpyBot?

    I'm running SpyBot and Malwarebyte both with live protection.

    Malwarebytes is saying it's blocking SpyBot's sdfssvc.exe

    Malwarebytes is giving me this in its log:

    2014/03/20 03:43:56 -0400 OWNER-PC owner IP-BLOCK 78.140.163.135 (Type: outgoing, Port: 62429, Process: sdfssvc.exe)
    2014/03/20 03:43:56 -0400 OWNER-PC owner IP-BLOCK 78.140.163.135 (Type: outgoing, Port: 62457, Process: sdfssvc.exe)
    2014/03/20 03:44:04 -0400 OWNER-PC owner IP-BLOCK 78.140.163.135 (Type: outgoing, Port: 62484, Process: sdfssvc.exe)
    2014/03/20 03:44:13 -0400 OWNER-PC owner IP-BLOCK 78.140.163.135 (Type: outgoing, Port: 62573, Process: sdfssvc.exe)
    2014/03/20 03:44:13 -0400 OWNER-PC owner IP-BLOCK 78.140.163.135 (Type: outgoing, Port: 62596, Process: sdfssvc.exe)
    2014/03/20 04:26:17 -0400 OWNER-PC owner IP-BLOCK 88.85.68.44 (Type: outgoing, Port: 56089, Process: sdfssvc.exe)
    2014/03/20 04:26:17 -0400 OWNER-PC owner IP-BLOCK 88.85.68.44 (Type: outgoing, Port: 56091, Process: sdfssvc.exe)
    2014/03/20 04:43:16 -0400 OWNER-PC owner IP-BLOCK 195.208.0.15 (Type: outgoing, Port: 59366, Process: sdfssvc.exe)
    2014/03/20 04:43:16 -0400 OWNER-PC owner IP-BLOCK 195.208.0.15 (Type: outgoing, Port: 59369, Process: sdfssvc.exe)
    2014/03/20 04:48:20 -0400 OWNER-PC owner IP-BLOCK 94.102.52.196 (Type: outgoing, Port: 60765, Process: sdfssvc.exe)
    2014/03/20 04:48:20 -0400 OWNER-PC owner IP-BLOCK 94.102.52.196 (Type: outgoing, Port: 60768, Process: sdfssvc.exe)
    2014/03/20 04:48:36 -0400 OWNER-PC owner IP-BLOCK 94.102.52.196 (Type: outgoing, Port: 60906, Process: sdfssvc.exe)
    2014/03/20 04:48:36 -0400 OWNER-PC owner IP-BLOCK 94.102.52.196 (Type: outgoing, Port: 60917, Process: sdfssvc.exe)
    2014/03/20 04:48:52 -0400 OWNER-PC owner IP-BLOCK 94.102.52.196 (Type: outgoing, Port: 61028, Process: sdfssvc.exe)
    2014/03/20 04:48:52 -0400 OWNER-PC owner IP-BLOCK 94.102.52.196 (Type: outgoing, Port: 61031, Process: sdfssvc.exe)

    Yesterday I got this:
    2014/03/19 17:01:57 -0400 OWNER-PC owner IP-BLOCK 72.21.215.133 (Type: outgoing, Port: 62443, Process: sdfssvc.exe)
    2014/03/19 17:01:57 -0400 OWNER-PC owner IP-BLOCK 72.21.215.133 (Type: outgoing, Port: 62445, Process: sdfssvc.exe)
    2014/03/19 17:01:57 -0400 OWNER-PC owner IP-BLOCK 72.21.215.133 (Type: outgoing, Port: 62449, Process: sdfssvc.exe)
    2014/03/19 17:01:57 -0400 OWNER-PC owner IP-BLOCK 72.21.215.133 (Type: outgoing, Port: 62457, Process: sdfssvc.exe)
    2014/03/19 17:01:57 -0400 OWNER-PC owner IP-BLOCK 72.21.215.133 (Type: outgoing, Port: 62458, Process: sdfssvc.exe)
    2014/03/19 17:26:32 -0400 OWNER-PC owner IP-BLOCK 72.21.215.133 (Type: outgoing, Port: 49787, Process: sdfssvc.exe)
    2014/03/19 17:26:32 -0400 OWNER-PC owner IP-BLOCK 72.21.215.133 (Type: outgoing, Port: 49794, Process: sdfssvc.exe)

    What's going on?

    What a solution?

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,471

    Default

    Hello amzolt,

    IP Block locations:
    Netherlands
    Russian Federation
    United States

    Quote Originally Posted by amzolt View Post
    Malwarebytes is saying it's blocking SpyBot's sdfssvc.exe

    <snip>

    What's going on?

    What a solution?
    As this is a log from a malwarebytes scan please ask at their forum so they can assist.

    There is a similar topic here but we don't carry adverts on our site.

    Please let us know how it goes.

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member amzolt's Avatar
    Join Date
    Mar 2014
    Location
    Kettering, OH, USA
    Posts
    7

    Default

    Quote Originally Posted by tashi View Post
    Hello amzolt,

    IP Block locations:
    Netherlands
    Russian Federation
    United States



    As this is a log from a malwarebytes scan please ask at their forum so they can assist.

    There is a similar topic here but we don't carry adverts on our site.

    Please let us know how it goes.

    Best regards.
    I've been dealing with the folks at Malwarebytes and they deny it's blocking sdfssvc.exe

    They're telling me something has taken over sdfssvc.exe -- but their reasons don't seem right...
    Last edited by amzolt; 2014-03-21 at 15:10.

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,471

    Default

    Hello amzolt,

    Quote Originally Posted by amzolt View Post
    I've been dealing with the folks at Malwarebytes and they deny it's blocking sdfssvc.exe

    They're telling me something has taken over sdfssvc.exe -- but their reasons don't seem right...
    In a topic at their site you can link me to or via e-mail support?

    Kind regards.
    Last edited by tashi; 2014-03-21 at 16:04. Reason: clarify
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  5. #5
    Junior Member amzolt's Avatar
    Join Date
    Mar 2014
    Location
    Kettering, OH, USA
    Posts
    7

    Default

    Quote Originally Posted by tashi View Post
    Hello amzolt,



    In a topic at their site or via e-mail support?

    Kind regards.
    Email support...

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,471

    Default

    Hi amzolt,

    Quote Originally Posted by amzolt View Post
    Email support...
    Is this a personal computer, or business, corporate, institutional computer and used in such an environment?

    Best regards,
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  7. #7
    Junior Member amzolt's Avatar
    Join Date
    Mar 2014
    Location
    Kettering, OH, USA
    Posts
    7

    Default

    Quote Originally Posted by tashi View Post
    Hi amzolt,



    Is this a personal computer, or business, corporate, institutional computer and used in such an environment?

    Best regards,
    Just my personal computer...

  8. #8
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,471

    Default

    Hello amzolt,

    Perhaps someone should take a look at the system.

    To start that process please start a topic in the Malware Removal Forum and a volunteer analyst will advise when available.

    First see that forum's FAQ which also includes instructions in post #2 on how to provide DDS and aswMBR logs, which are used in the preliminary analysis.
    http://forums.spybot.info/showthread.php?t=288

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  9. #9
    Junior Member amzolt's Avatar
    Join Date
    Mar 2014
    Location
    Kettering, OH, USA
    Posts
    7

    Default

    Quote Originally Posted by tashi View Post
    Hello amzolt,

    Perhaps someone should take a look at the system.

    To start that process please start a topic in the Malware Removal Forum and a volunteer analyst will advise when available.

    First see that forum's FAQ which also includes instructions in post #2 on how to provide DDS and aswMBR logs, which are used in the preliminary analysis.
    http://forums.spybot.info/showthread.php?t=288

    Best regards.
    Not sure if this is pertinent but Microsoft Security Essentials just detected and cleaned TrojanClicker:Win32/Clikug.A (I did not have MSE's live protection turned on...) and it said that that trojan could try to connect to the Internet << I mention this because all the blocks of sdfssvc.exe by Malwarebytes were "Outgoing".........

    Also, my Spybot AS+AV ended up turned off after that happened!!
    Last edited by amzolt; 2014-03-21 at 16:47.

  10. #10
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,471

    Default

    Hello amzolt,

    Quote Originally Posted by amzolt View Post
    Not sure if this is pertinent but Microsoft Security Essentials just detected and cleaned TrojanClicker:Win32/Clikug.A (I did not have MSE's live protection turned on...) and it said that that trojan could try to connect to the Internet << I mention this because all the blocks of sdfssvc.exe by Malwarebytes were "Outgoing".........

    Also, my Spybot AS+AV ended up turned off after that happened!!
    How many anti virus programs do you have installed on the machine?

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •