Jump to content


Photo

Windows Media Player and MBAM..


  • Please log in to reply
74 replies to this topic

#41 garybear

garybear

    Elite Member

  • Banned
  • PipPipPipPipPip
  • 614 posts
  • Gender:Male
  • Location:Oklahoma
  • Interests:I like sharing my limited knowledge with others and learning some thing new every day!

Posted 25 September 2010 - 07:53 PM

I think we all need to just sit back and wait for those in the know to inform us about what's going down. I have said this from the very beginning . I just don't want panic to take over and over load our Malware fighting team.
Garybear

#42 mountaintree16

mountaintree16

    bird lover

  • Honorary Members
  • PipPipPipPipPipPip
  • 7,754 posts
  • Gender:Not Telling
  • Location:USA
  • Interests:Hiking, music, birds, bird watching, walking, reading, animals, computer security, poetry...

Posted 25 September 2010 - 07:59 PM

Just to see, I am going to open up WMP on my computer as soon as I have a chance and see if I get any IP blocks.

I KNOW that I am not infected so I'm interested to see if this happens on my system.

Can anyone please tell me when you got the IP block using Windows Media Player, did it happen when you had JUST opened the program, or were you doing something else, such as listening to music via a radio station, etc... (please be specific).

Our character is what we do when we think no one is looking.

-H. Jackson Brown Jr.

 

It's not what we do once in a while that shapes our lives.
It's what we do consistently.

Tony Robbins


#43 Diana80

Diana80

    New Member

  • Members
  • Pip
  • 14 posts

Posted 25 September 2010 - 08:10 PM

Just to see, I am going to open up WMP on my computer as soon as I have a chance and see if I get any IP blocks.

I KNOW that I am not infected so I'm interested to see if this happens on my system.

Can anyone please tell me when you got the IP block using Windows Media Player, did it happen when you had JUST opened the program, or were you doing something else, such as listening to music via a radio station, etc... (please be specific).


It happens RIGHT AFTER I open WMP, before I even do anything else. Ever since I started getting the IP block pop-up, I haven't been listening to music in the program because I'm uncomfortable having the program open now.

#44 garybear

garybear

    Elite Member

  • Banned
  • PipPipPipPipPip
  • 614 posts
  • Gender:Male
  • Location:Oklahoma
  • Interests:I like sharing my limited knowledge with others and learning some thing new every day!

Posted 25 September 2010 - 08:17 PM

It happens immediately after opening WMP !!
Garybear

#45 mountaintree16

mountaintree16

    bird lover

  • Honorary Members
  • PipPipPipPipPipPip
  • 7,754 posts
  • Gender:Not Telling
  • Location:USA
  • Interests:Hiking, music, birds, bird watching, walking, reading, animals, computer security, poetry...

Posted 25 September 2010 - 08:24 PM

Thank you very much for that information, Diana08 and garybear.

That's helpful for me and anyone else looking into this situation.

Our character is what we do when we think no one is looking.

-H. Jackson Brown Jr.

 

It's not what we do once in a while that shapes our lives.
It's what we do consistently.

Tony Robbins


#46 garybear

garybear

    Elite Member

  • Banned
  • PipPipPipPipPip
  • 614 posts
  • Gender:Male
  • Location:Oklahoma
  • Interests:I like sharing my limited knowledge with others and learning some thing new every day!

Posted 25 September 2010 - 08:29 PM

Hi! Is malwarebytes blocking this IP incoming or out going. That's what I want to know, and I haven't seen that answered yet. Incoming OK! Out going, that scares me. Malware blocks incoming IP's from China all the time on my PC. That don't bother me because I know they hate me. If its a IP trying to get out and connect to a porn site, then that worries me just a little. Not much with Malwarebytes running in real time.
Garybear

#47 DarkSnakeKobra

DarkSnakeKobra

    May the penguin be with you!

  • Honorary Members
  • PipPipPipPipPipPip
  • 5,262 posts
  • Gender:Male
  • Location:~
  • Interests:Scripting, GNU/Linux, photography

Posted 25 September 2010 - 08:29 PM

The only idea I have is maybe a breach in the Microsoft server that is allowing authenticated content to stream through Windows Media Player.


Edit: Of course this probably is a long shot and maybe not practical. :(

I'm not a staff member just another Malwarebytes' user.

Advice: Hug your dog, cat etc everyday! :)


#48 Amethyst

Amethyst

    Elite Member

  • Honorary Members
  • PipPipPipPipPip
  • 637 posts
  • Gender:Female

Posted 25 September 2010 - 08:36 PM

I hardly every use WMP. On my desktop, I have WMP 10 installed and it mainly gets used to open video files I receive by e-mail. On my laptop, I have WMP 11, and I haven't opened it in months. Reading this thread, I opened WMP 11 on the laptop, just out of curiosity. The same IP block came from MWB about 3 seconds after opening WMP. I closed WMP and played an audio file, and the IP block came. I closed WMP and double clicked a little video file, which WMP is currently running, and the IP block did not come up.

I think both my systems are clean.

Oops, the video just ended and the IP block came up. When I ran the audio file, the IP block came up within a few seconds of the audio starting.

WMP 10 on the desktop does not generate the IP block.

Hope that helps. :(

So to summarize: Desktop, WMP 10, no IP block whatsoever. Windows XP Media Center SP3

Laptop, WMP 11, IP block within seconds of opening the program and not even playing anything, or double clicking an audio file to run it. IP block came up at end of a video. Windows XP Pro SP3.

#49 mountaintree16

mountaintree16

    bird lover

  • Honorary Members
  • PipPipPipPipPipPip
  • 7,754 posts
  • Gender:Not Telling
  • Location:USA
  • Interests:Hiking, music, birds, bird watching, walking, reading, animals, computer security, poetry...

Posted 25 September 2010 - 08:39 PM

Amethyst, thanks for the info :( Anything anyone can provide will be helpful here (not just for me, mostly for staff and anyone else looking into this situation as well)

I hardly ever use WMP either; I primarily use iTunes.

I am going to try opening JUST WMP, then try opening a music video from a website that I trust, and try looking for radio stations and see what happens in those situations, as soon as I have a chance.

Our character is what we do when we think no one is looking.

-H. Jackson Brown Jr.

 

It's not what we do once in a while that shapes our lives.
It's what we do consistently.

Tony Robbins


#50 garybear

garybear

    Elite Member

  • Banned
  • PipPipPipPipPip
  • 614 posts
  • Gender:Male
  • Location:Oklahoma
  • Interests:I like sharing my limited knowledge with others and learning some thing new every day!

Posted 25 September 2010 - 08:40 PM

I hope this will help. I just disconnected from the internet. I don't get the IP block while I'm not connected. I can confirm this. It only happens while connected to the internet.
Garybear

#51 noknojon

noknojon

    you know why ---

  • Honorary Members
  • PipPipPipPipPipPip
  • 6,090 posts
  • Gender:Male

Posted 25 September 2010 - 08:40 PM

Need something to start with - Still using my Win 7 L/top (have been since this started) -
I will need to unplug it and risk my XP now -
Just another private helper .......................... The answer is always 42, or Reboot
If you are waiting for an answer Press F5 ................. you may have one waiting for you ........

#52 mountaintree16

mountaintree16

    bird lover

  • Honorary Members
  • PipPipPipPipPipPip
  • 7,754 posts
  • Gender:Not Telling
  • Location:USA
  • Interests:Hiking, music, birds, bird watching, walking, reading, animals, computer security, poetry...

Posted 25 September 2010 - 08:42 PM

Garybear,

You wouldn't get an IP block when not connected to the internet; nothing can go in or out when you are NOT connected to the internet. :(

Our character is what we do when we think no one is looking.

-H. Jackson Brown Jr.

 

It's not what we do once in a while that shapes our lives.
It's what we do consistently.

Tony Robbins


#53 garybear

garybear

    Elite Member

  • Banned
  • PipPipPipPipPip
  • 614 posts
  • Gender:Male
  • Location:Oklahoma
  • Interests:I like sharing my limited knowledge with others and learning some thing new every day!

Posted 25 September 2010 - 09:10 PM

Hi mountaintree

I hear what your saying but if I had a infection on my PC, wouldn't malwarebytes try to stop it from getting out even if I'm not connected to the net. I don't know ??? I think Malwarebytes needs to up grade and tell us if the blocked IP is coming in or going out. I guess I just assumed until now it only blocked incoming, and never worried about out going. If I had a nastie on my PC, I would want MBAM to stop it going out.
Garybear

#54 mountaintree16

mountaintree16

    bird lover

  • Honorary Members
  • PipPipPipPipPipPip
  • 7,754 posts
  • Gender:Not Telling
  • Location:USA
  • Interests:Hiking, music, birds, bird watching, walking, reading, animals, computer security, poetry...

Posted 25 September 2010 - 09:17 PM

Hey Garybear,

I am not on staff or anything like that so I can't speak for Malwarebytes staff, admins, or moderators, but my guess is that they probably don't know at this time if it is coming in or out. MY GUESS (and this is ONLY a guess and MY OPINION ONLY) is that it's incoming, so probably nothing to be worried about.

I'm sure that someone will be looking into this soon.

I am going to test this out on my system and see what happens for me as soon as I have a chance. I doubt that that'll be tonight, though.

If you are NOT connected to the internet, nothing can "call in" or "call out", so to speak.
If you try to update Malwarebytes or your antivirus, for example, when you are not connected to the internet, it will not work.

If you have a data-stealing Trojan on your machine, for example, you will be advised to immediately disconnect from the internet. This is because when you are NOT connected to the internet, nothing can "call home" to your machine.

You'll be happy to know that Malwarebytes blocks both incoming and outgoing IP addresses :(

Our character is what we do when we think no one is looking.

-H. Jackson Brown Jr.

 

It's not what we do once in a while that shapes our lives.
It's what we do consistently.

Tony Robbins


#55 garybear

garybear

    Elite Member

  • Banned
  • PipPipPipPipPip
  • 614 posts
  • Gender:Male
  • Location:Oklahoma
  • Interests:I like sharing my limited knowledge with others and learning some thing new every day!

Posted 25 September 2010 - 09:19 PM

The big question is "Whats causing WMP to trigger this?" "And how long has this been waiting to effect everyone"? That's the scary part. One thing I'm not going to do is turn off my IP blocker, or allow this IP on my PC. I think someone said they done that. Dumb.
Garybear!

#56 mountaintree16

mountaintree16

    bird lover

  • Honorary Members
  • PipPipPipPipPipPip
  • 7,754 posts
  • Gender:Not Telling
  • Location:USA
  • Interests:Hiking, music, birds, bird watching, walking, reading, animals, computer security, poetry...

Posted 25 September 2010 - 09:25 PM

I agree, the IP blocker should NOT be turned off, it most certainly should be left on.

Our character is what we do when we think no one is looking.

-H. Jackson Brown Jr.

 

It's not what we do once in a while that shapes our lives.
It's what we do consistently.

Tony Robbins


#57 garybear

garybear

    Elite Member

  • Banned
  • PipPipPipPipPip
  • 614 posts
  • Gender:Male
  • Location:Oklahoma
  • Interests:I like sharing my limited knowledge with others and learning some thing new every day!

Posted 25 September 2010 - 09:35 PM

Hi mountaintree!


Glad to hear Mbam blocks both ways. I don't know much about these things, and I'm always learning. Thanks for your post. If this is incoming, what is the purpose? Is it trying to infect our PC's?? If I allow it, what happens? Where is it coming from? Who's trying to shake hands with my PC? Is this like malware or spies or Virus? I have a lot of questions.
Garybear

#58 mountaintree16

mountaintree16

    bird lover

  • Honorary Members
  • PipPipPipPipPipPip
  • 7,754 posts
  • Gender:Not Telling
  • Location:USA
  • Interests:Hiking, music, birds, bird watching, walking, reading, animals, computer security, poetry...

Posted 25 September 2010 - 09:52 PM

Garybear,

You're welcome :(

It is great to know that Mbam blocks both ways, I agree :)

Basically with incoming, the IP's that are blocked are malicious IP addresses that would otherwise most likely infect your computer. (Either something malicious from the IP or website itself or from an advertisement that is on a malicious IP address/range that is malcious itself, even if the rest of the website is fine).

Please check out this link for information on the IP Protection Module :):
http://forums.malwar...mp;#entry162100

I am not sure of all the answers to your questions; though. I'm sure someone will be able to jump in here and explain better than I.

Our character is what we do when we think no one is looking.

-H. Jackson Brown Jr.

 

It's not what we do once in a while that shapes our lives.
It's what we do consistently.

Tony Robbins


#59 Haider

Haider

    Forum Deity

  • Honorary Members
  • PipPipPipPipPipPip
  • 1,823 posts
  • Gender:Male

Posted 25 September 2010 - 10:22 PM

I think someone said they done that. Dumb.Garybear!


Please be very careful, when you make these comments, the person who did this is way ahead of us in terms of knowledge, even Experts praise him
"Learning is the only thing the mind never exhausts, never fears, and never regrets"

#60 noknojon

noknojon

    you know why ---

  • Honorary Members
  • PipPipPipPipPipPip
  • 6,090 posts
  • Gender:Male

Posted 25 September 2010 - 10:29 PM

I hope this will help. I just disconnected from the internet. I don't get the IP block while I'm not connected. I can confirm this. It only happens while connected to the internet.
Garybear

This action proves that MBAM is only blocking while it is getting an incoming/infection alert - The IP concerned -
It has not installed on the system or you would get the constant notices like described in Section G of the FAQ , as with P2P (or similar) popup blocking -
There is an issue here that is involved with some common ?? download/application via Media Player -
EDIT -
If the IP is being blocked and WMP is still playing music etc it seems safe to use - Unless it shuts WMP down - Then do not try to open til the experts solve the issue -
Just another private helper .......................... The answer is always 42, or Reboot
If you are waiting for an answer Press F5 ................. you may have one waiting for you ........




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users