BeechV35Pilot

Pandora and 111.111.111.111 being blocked

8 posts in this topic

Hello, I am a long time user of Malwarebytes and have been subscribing to Pandora Internet Radio's "Pandora One" subscription for two years now.

Just today I started receiving IP block notifications from Malwarebytes as seen below in the log. This is happening once a minute, presumably because Pandora keeps attempting the connection. I have sent an email to Pandora asking them about this but I wanted to check here as well

This is a snippit of the log (with my machine/name removed):

2012/03/30 08:01:10 -0400 IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 2903, Process: pandoraservice.exe)

2012/03/30 08:02:14 -0400 IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 2917, Process: pandoraservice.exe)

2012/03/30 08:03:50 -0400 IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 3022, Process: pandoraservice.exe)

2012/03/30 08:03:50 -0400 IP-BLOCK 111.111.111.111 (Type: outgoing, Port: 3023, Process: pandoraservice.exe)

Real or false-positive?

Share this post


Link to post
Share on other sites

It was blacklisted due to the presence of exploits related to Zeus (amongst others). However, it appears the host has finally removed it, so I'll get the block removed.

Share this post


Link to post
Share on other sites

After posting to your forum here I found out some more information:

The Windows 7 service causing all this grief is called PandoraService.exe but it is not from or related to the Internet radio product called Pandora – it is actually a hidden service that was installed by the open source video viewer, KMPlayer. I have no idea what this service is doing but I did find the uninstaller for it and in running it I have completely removed that piece of garbage from my system.

As far as I am concerned Malwarebytes did its job and alerted me to a Windows service installed on my computer without my knowledge or desire. I wonder now if you should remove it from your database?

Share this post


Link to post
Share on other sites

I looked this ip up the current and has red flagged actions and is registered in Japan

Sharing preteen porn,child porn,and underage sex

Has spamming and proxy

Share this post


Link to post
Share on other sites

BeechV35Pilot

"I did find the uninstaller for it and in running it I have completely removed that piece of garbage from my system."
How did you uninstal piece of garbage from your system. I have the same problem and I need some help.

Thank's in advance.

Share this post


Link to post
Share on other sites

Hello Velvet and welcome to Malwarebytes forums.

[A]

The Malwarebytes Anti-Malware Website Blocking feature will advise users when an known malicious IP is attempted to be reached(outgoing) or is trying access your PC(incoming).

Incoming threats can be ignored, our software is blocking the attack and there is nothing more that can be done.

No action is required unless you're also experiencing malware symptoms or there are multiple IPs(ex;123.23.34 and 4.44.56). A browser is not required to be running, just an active Internet connection with processes running, such as IM clients, SKYPE or P2P software to trigger these alerts. These are also triggered by banner ads running on websites which is the most common form of alert

Windows Vista and Windows 7 & 8 will show the process, but Windows XP does not have the structure in place for this to be displayed by our software

Please see/review this reference on MBAM's IP blocks

http://helpdesk.malwarebytes.org/entries/23482998-What-does-it-mean-when-I-get-an-IP-alert-about-blocking-a-malicious-site-

Please see the link below which contains our FAQ's(including reporting false\positives and adding IPs to ignore) on this feature for more information:

http://www.malwarebytes.org/forums/index.php?showtopic=21076&st=0#entry107310

IF you Close all your internet browsers and your instant messenger programs, and wait a couple of minutes, then .....

do you still see "Outgoing IP blocks" ?

{B}

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, ATTACH the MBAM scan log into a new reply.

[C]

IF you still suspect a malware infection,then,

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Follow this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Share this post


Link to post
Share on other sites

is it safe to download kmp player as every time I do I get 111.111.111.111 coming in on the download so I keep having to refresh my computer, also can you tell me if the uploader knows or is part of the problem

Share this post


Link to post
Share on other sites

After posting to your forum here I found out some more information:

The Windows 7 service causing all this grief is called PandoraService.exe but it is not from or related to the Internet radio product called Pandora – it is actually a hidden service that was installed by the open source video viewer, KMPlayer. I have no idea what this service is doing but I did find the uninstaller for it and in running it I have completely removed that piece of garbage from my system.

As far as I am concerned Malwarebytes did its job and alerted me to a Windows service installed on my computer without my knowledge or desire. I wonder now if you should remove it from your database?

What shall I do, I'm pc technical two left handed, so... I made the recommended update of KMplayer without the extra options, since then I got  this IP at least every two minutes appearing and blocked by Malware.com

Must I delete KMplayer (and loose my vids), before Pandora caused no troubles, it's since last update. If it's possible without loosing my vids, could you guide me through it? Can I after the deletion install the update again without the 111.111.111.111 so persistent pops up?

 

Thank you,

Chris. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.