Jump to content


Photo

Pandora and 111.111.111.111 being blocked


  • Please log in to reply
7 replies to this topic

#1 BeechV35Pilot

BeechV35Pilot

    New Member

  • Members
  • Pip
  • 2 posts

Posted 30 March 2012 - 09:38 AM

Hello, I am a long time user of Malwarebytes and have been subscribing to Pandora Internet Radio's "Pandora One" subscription for two years now.

Just today I started receiving IP block notifications from Malwarebytes as seen below in the log. This is happening once a minute, presumably because Pandora keeps attempting the connection. I have sent an email to Pandora asking them about this but I wanted to check here as well

This is a snippit of the log (with my machine/name removed):

2012/03/30 08:01:10 -0400 IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 2903, Process: pandoraservice.exe)
2012/03/30 08:02:14 -0400 IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 2917, Process: pandoraservice.exe)
2012/03/30 08:03:50 -0400 IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 3022, Process: pandoraservice.exe)
2012/03/30 08:03:50 -0400 IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 3023, Process: pandoraservice.exe)

Real or false-positive?

#2 MysteryFCM

MysteryFCM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,389 posts
  • Gender:Male
  • Location:Tyneside, UK

Posted 30 March 2012 - 02:08 PM

It was blacklisted due to the presence of exploits related to Zeus (amongst others). However, it appears the host has finally removed it, so I'll get the block removed.

Steven Burn

Malware Intelligence Analyst


staff.png

Follow us: Twitter, Become a fan: Facebook


#3 BeechV35Pilot

BeechV35Pilot

    New Member

  • Members
  • Pip
  • 2 posts

Posted 30 March 2012 - 09:19 PM

After posting to your forum here I found out some more information:

The Windows 7 service causing all this grief is called PandoraService.exe but it is not from or related to the Internet radio product called Pandora – it is actually a hidden service that was installed by the open source video viewer, KMPlayer. I have no idea what this service is doing but I did find the uninstaller for it and in running it I have completely removed that piece of garbage from my system.

As far as I am concerned Malwarebytes did its job and alerted me to a Windows service installed on my computer without my knowledge or desire. I wonder now if you should remove it from your database?

#4 ipinfo

ipinfo

    New Member

  • Members
  • Pip
  • 1 posts

Posted 25 June 2013 - 05:08 PM

I looked this ip up the current and has red flagged actions and is registered in Japan

Sharing preteen porn,child porn,and underage sex

Has spamming and proxy

#5 vetvet

vetvet

    New Member

  • Members
  • Pip
  • 1 posts

Posted 30 June 2013 - 10:01 AM

BeechV35Pilot

"I did find the uninstaller for it and in running it I have completely removed that piece of garbage from my system."
How did you uninstal piece of garbage from your system. I have the same problem and I need some help.

Thank's in advance.



#6 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 30 June 2013 - 10:39 AM

Hello Velvet and welcome to Malwarebytes forums.

[A]
The Malwarebytes Anti-Malware Website Blocking feature will advise users when an known malicious IP is attempted to be reached(outgoing) or is trying access your PC(incoming).

Incoming threats can be ignored, our software is blocking the attack and there is nothing more that can be done.

No action is required unless you're also experiencing malware symptoms or there are multiple IPs(ex;123.23.34 and 4.44.56). A browser is not required to be running, just an active Internet connection with processes running, such as IM clients, SKYPE or P2P software to trigger these alerts. These are also triggered by banner ads running on websites which is the most common form of alert

Windows Vista and Windows 7 & 8 will show the process, but Windows XP does not have the structure in place for this to be displayed by our software

Please see/review this reference on MBAM's IP blocks
http://helpdesk.malw...malicious-site-

Please see the link below which contains our FAQ's(including reporting false\positives and adding IPs to ignore) on this feature for more information:
http://www.malwareby...t=0#entry107310

IF you Close all your internet browsers and your instant messenger programs, and wait a couple of minutes, then .....
do you still see "Outgoing IP blocks" ?


{B}
Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, ATTACH the MBAM scan log into a new reply.

[C]
IF you still suspect a malware infection,then,
Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.
One of the expert helpers there will give you one-on-one assistance when one becomes available.
After posting your new post make sure under options that you select Follow this topic and choose one of the Email options so that you're alerted when someone has replied to your post.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#7 georgeoflan

georgeoflan

    New Member

  • Members
  • Pip
  • 1 posts

Posted 19 August 2013 - 08:12 AM

is it safe to download kmp player as every time I do I get 111.111.111.111 coming in on the download so I keep having to refresh my computer, also can you tell me if the uploader knows or is part of the problem



#8 Chris_vl

Chris_vl

    New Member

  • Members
  • Pip
  • 5 posts
  • Gender:Male
  • Location:Prov. Antwerp/ Wijnegem/ Belgium.

Posted 18 September 2013 - 07:07 PM

After posting to your forum here I found out some more information:

The Windows 7 service causing all this grief is called PandoraService.exe but it is not from or related to the Internet radio product called Pandora – it is actually a hidden service that was installed by the open source video viewer, KMPlayer. I have no idea what this service is doing but I did find the uninstaller for it and in running it I have completely removed that piece of garbage from my system.

As far as I am concerned Malwarebytes did its job and alerted me to a Windows service installed on my computer without my knowledge or desire. I wonder now if you should remove it from your database?

What shall I do, I'm pc technical two left handed, so... I made the recommended update of KMplayer without the extra options, since then I got  this IP at least every two minutes appearing and blocked by Malware.com

Must I delete KMplayer (and loose my vids), before Pandora caused no troubles, it's since last update. If it's possible without loosing my vids, could you guide me through it? Can I after the deletion install the update again without the 111.111.111.111 so persistent pops up?

 

Thank you,

Chris. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users