About a 10 days ago my malwarebytes anti-malware program popped with a message that said, “Successfully blocked access to a potentially malicious website. IP Address: 46.229.165.2 Type: Outgoing”. At first I thought, great, the program is paying for itself and doing its job. But then the message popped up again and again and again. It seemed like every time I opened up a new tab or window or went to a new website, the message would appear.
So I did a few basic things like ignore it, restart my computer, runs a system scan, but nothing seemed to work. That is when I did a little more digging. I typed the IP Address into my phone web browser (I didn’t care if my phone crashed) and I saw a little counter in the top left corner of the page that told how many active connections it had, how many connections it was reading, writing and waiting. I refreshed it a couple of times and it was connecting to about 700 sites every time I refreshed the page. This seemed a little fishy to me.
I then did a Google search for the IP address and found a lot of different results. One said the IP Address was from another country but the one that caught my eye was the image below….
http://urlquery.net/report.php?id=1923941
The IP Address belonged to SemRush! Could they have been hacked? I have the SeoQuake toolbar installed on my computer. I immediately removed the extension add-on from my Firefox browser thinking that would do the trick but after I restarted Firefox, I was getting the same popup as before. So I figured I would just ignore it and then the weekend came and I forgot about it.
So now it’s early Monday morning and the SeoQuake is still inactive and I am getting the popup still. I did one more Google search for the IP Address and found that someone made a forum post on the MalwareBytes website explaining that he was getting the same results as I. He has a different seo toolbar installed and he was getting the same malwarebytes message. http://forums.malwarebytes.org/index.php?showtopic=126793
He uninstalled it and it stopped for him. You can read the forum post by clicking the link above. So, I had a problem. I was still getting the message. I have SeoBook Toolbar installed. So I disabled it and restarted Firefox and so far I have not gotten the popup from Malwarebytes.
Could it be that SemRush SeoQuake and the SeoBook Toolbar have been hacked? I don’t know but something is not right. A lot of seo tool bars pull data from SEMRUSH.com so it would make sense that many seo toolbars would cause this problem. Now I have no seo toolbar installed. I am bummed. Maybe someone else has had this issue and fixed it. Please let me know below. Thanks.
I just deleted the SEO Book toolbar as well. Don’t know for sure if it was the cause of it, but I was getting malware that led to popups from a big.deluxeforthefuture.com and associated websites. My anti-virus couldn’t remove it, so I just set both IE and Firefox to ‘original’ setting, leading me to delete SEO Book toolbar and all other toolbars. I will see if this works, and if a week goes by without the malware showing up, I’ll repost here to let you know. But I suspect it is too much of a coincidence for it to be happening to others also.
Bradley