Jump to content

Windows Media Player and MBAM..


Recommended Posts

Also getting it on a known clean machine and one with a fresh Windows install. Both Win XP and WMP 11 all updated.

IP-BLOCK 213.174.154.144

Same for me on my XP Pro system.

No probem on my Windows 7 system though.

post-100-1285448176_thumb.png

Link to post
Share on other sites

  • Replies 74
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted Images

We had a long post to Karimoo deleted by Maurice Naggar that we put in the "HiJack This! sub-forum" because we hadn't read the terms of use and were alarmed by this IP that is being blocked. It is nasty. I won't repeat everything we've been through from a sense of alarm, and I do hope it's okay to post here -- it's rare that we join forums so please forgive us if we breach any protocol. E-SET (NOD32) helped examine our OS and said we do NOT have an infection. Further, without an infection to submit and examine, there is nothing they can do. We do not believe all of these computers are infected but time will tell. The experts at SUPERAntiSpyware are working on this as well, sent a highly detailed response saying it is HIGHLY UNLIKELY we have an infection, but they will continue examining. So it will be interesting. I do hope we haven't annoyed anyone with this non-infection annoyance, but that IP address represents some very ugly subjects and is alarming.

Link to post
Share on other sites

sho-dan, that is likely a correct action on your part, based on a TELEPHONE CALL from a malware expert who cleans and restores OS systems for a living. He read a previous post on this forum from a User who said it could NOT be a "false positive" although that response was muddled at best. Here's what this IT Professional did. He took a computer he knew was clean, but had not been used for several weeks, so the MBAM definitions were not current. He used the WMP and other Apps without incident. He then updated the definitions, clicked his WMP -- "malicious site 213.174.154.144 has been blocked." In an effort to help others, we had posted a response in the wrong sub-section that might have saved much worry or work, but that post was deleted. It could have easily been moved. I do hope this helps, and that we haven't annoyed anyone with this False Positive, non-infection annoyance. I do hope we posted correctly and haven't offended anyone.

Link to post
Share on other sites

I got the IP-BLOC 213.174.154.144 on my Vista sp2 wmp v.11( clicking on song), I believing this is a FP which needs to be confirmed. This is a clean machine so I just added IP addy to the Ignore list.

Windows Media Player 12 is only available for Windows 7 that I am using on my Windows 7 system:

Using Windows Media Player 12 for Windows 7

http://windows.microsoft.com/en-US/windows...media-player-12

Link to post
Share on other sites

MBAM may be causing it but it can't be a "false positive" if the IP actually exists... and is bad, which it is.. Every nasty site you can imagine in the porn world is under that IP.

So riddle me this; how can MBAM affect the media player (or vice-versa) to try to connect to the bad site??

What you're being told, in fact, is that the Media Player has ALWAYS been connecting to that IP but now MBAM definitions are updated to catch/block it.

~Shy

Edited by ShyWriter
Link to post
Share on other sites

Guest garybear

Hi ShyWriter! Very interesting observations that you make. That this IP has always been attached to WMP and is just now showing up. Wow now that's way out of my league. Is there a way that we can tell if it's a incoming or out going IP that's being blocked. I just assumed it was incoming, but how could that be? Like I said, it's out of my league, but sure looks like Malwarebytes is blocking it from getting out when we use WMP. Or is it in WMP and it's trying to hook up with this porn site and infect our PC's. I think this is some thing really big going on . Congrats to the person that reported this. The big boys will get it.

Garybear.

Link to post
Share on other sites

Guest garybear

Hi noknojon. I don't think I'm infected. I really don't think any of us that are reporting this is infected. Not sure that would help, but I'm willing to post these logs if it would help. I show no sign of any infection. All my scans are clean. Malwarebytes, Superantispyware, ESET Avira GMER. All are clean.

Garybear

Link to post
Share on other sites

Has any person with this problem posted with DDS Logs yet -

Without them it is hard to diagnose the problem more -

Thank You -

I did. I did what you suggested right back at the start of the thread and did the requisite scans for the HJT forum and posted it there last night. There should be DDS and GMER logscans in that post.

Link to post
Share on other sites

Guest garybear

Hi karimoo & Diana ! I assume they are busy doing other things at this moment. I thank you for your reports. I just don't think we are infected. I think you were the first to report this karimoo. Nice work and thank you. I may be wrong about all this. I hope I'm not, but I don't think we have been infected. I really think this could have been serious and still might get that way. That's why I always have my OS backed up at all times, and why I'll never be with out Malwarebytes running in real time on my PC. Thanks guys and or girls. Nice work!

Garybear!

Link to post
Share on other sites

Guest garybear

I think we all need to just sit back and wait for those in the know to inform us about what's going down. I have said this from the very beginning . I just don't want panic to take over and over load our Malware fighting team.

Garybear

Link to post
Share on other sites

Just to see, I am going to open up WMP on my computer as soon as I have a chance and see if I get any IP blocks.

I KNOW that I am not infected so I'm interested to see if this happens on my system.

Can anyone please tell me when you got the IP block using Windows Media Player, did it happen when you had JUST opened the program, or were you doing something else, such as listening to music via a radio station, etc... (please be specific).

Link to post
Share on other sites

Just to see, I am going to open up WMP on my computer as soon as I have a chance and see if I get any IP blocks.

I KNOW that I am not infected so I'm interested to see if this happens on my system.

Can anyone please tell me when you got the IP block using Windows Media Player, did it happen when you had JUST opened the program, or were you doing something else, such as listening to music via a radio station, etc... (please be specific).

It happens RIGHT AFTER I open WMP, before I even do anything else. Ever since I started getting the IP block pop-up, I haven't been listening to music in the program because I'm uncomfortable having the program open now.

Link to post
Share on other sites

Guest garybear

Hi! Is malwarebytes blocking this IP incoming or out going. That's what I want to know, and I haven't seen that answered yet. Incoming OK! Out going, that scares me. Malware blocks incoming IP's from China all the time on my PC. That don't bother me because I know they hate me. If its a IP trying to get out and connect to a porn site, then that worries me just a little. Not much with Malwarebytes running in real time.

Garybear

Link to post
Share on other sites

I hardly every use WMP. On my desktop, I have WMP 10 installed and it mainly gets used to open video files I receive by e-mail. On my laptop, I have WMP 11, and I haven't opened it in months. Reading this thread, I opened WMP 11 on the laptop, just out of curiosity. The same IP block came from MWB about 3 seconds after opening WMP. I closed WMP and played an audio file, and the IP block came. I closed WMP and double clicked a little video file, which WMP is currently running, and the IP block did not come up.

I think both my systems are clean.

Oops, the video just ended and the IP block came up. When I ran the audio file, the IP block came up within a few seconds of the audio starting.

WMP 10 on the desktop does not generate the IP block.

Hope that helps. :(

So to summarize: Desktop, WMP 10, no IP block whatsoever. Windows XP Media Center SP3

Laptop, WMP 11, IP block within seconds of opening the program and not even playing anything, or double clicking an audio file to run it. IP block came up at end of a video. Windows XP Pro SP3.

Link to post
Share on other sites

Amethyst, thanks for the info :( Anything anyone can provide will be helpful here (not just for me, mostly for staff and anyone else looking into this situation as well)

I hardly ever use WMP either; I primarily use iTunes.

I am going to try opening JUST WMP, then try opening a music video from a website that I trust, and try looking for radio stations and see what happens in those situations, as soon as I have a chance.

Link to post
Share on other sites

Guest garybear

I hope this will help. I just disconnected from the internet. I don't get the IP block while I'm not connected. I can confirm this. It only happens while connected to the internet.

Garybear

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.