Author Topic: weird outgoing  (Read 6800 times)

0 Members and 1 Guest are viewing this topic.

Offline junsai

  • Newbie
  • *
  • Posts: 3
weird outgoing
« on: April 02, 2012, 05:45:43 AM »
Well i have malwarebytes and it keeps blocking avastsvc from.. whatever this is. it happens very often about every two minutes.

It's way way way more than what I posted below.



2012/04/01 22:39:03 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54874, Process: avastsvc.exe)
2012/04/01 22:43:12 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54899, Process: avastsvc.exe)
2012/04/01 22:43:12 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54900, Process: avastsvc.exe)
2012/04/01 22:45:12 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54909, Process: avastsvc.exe)
2012/04/01 22:45:12 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54910, Process: avastsvc.exe)
2012/04/01 22:48:16 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54922, Process: avastsvc.exe)
2012/04/01 22:48:16 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54923, Process: avastsvc.exe)
2012/04/01 22:50:17 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54930, Process: avastsvc.exe)
2012/04/01 22:50:17 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54931, Process: avastsvc.exe)
2012/04/01 22:50:57 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54933, Process: avastsvc.exe)
2012/04/01 22:50:57 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54934, Process: avastsvc.exe)
2012/04/01 22:51:21 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54939, Process: avastsvc.exe)
2012/04/01 22:51:21 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54940, Process: avastsvc.exe)
2012/04/01 22:53:21 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54947, Process: avastsvc.exe)
2012/04/01 22:53:21 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54948, Process: avastsvc.exe)
2012/04/01 22:54:26 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54957, Process: avastsvc.exe)
2012/04/01 22:54:26 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54958, Process: avastsvc.exe)
2012/04/01 22:54:42 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54962, Process: avastsvc.exe)
2012/04/01 22:54:42 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54963, Process: avastsvc.exe)
2012/04/01 22:54:42 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54965, Process: avastsvc.exe)
2012/04/01 22:54:42 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54966, Process: avastsvc.exe)
2012/04/01 22:54:42 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54968, Process: avastsvc.exe)
2012/04/01 22:54:42 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54969, Process: avastsvc.exe)
2012/04/01 22:54:42 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54971, Process: avastsvc.exe)
2012/04/01 22:54:42 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54972, Process: avastsvc.exe)
2012/04/01 22:54:42 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54974, Process: avastsvc.exe)
2012/04/01 22:54:42 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54975, Process: avastsvc.exe)
2012/04/01 22:54:42 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54977, Process: avastsvc.exe)
2012/04/01 22:54:42 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54978, Process: avastsvc.exe)
2012/04/01 22:54:42 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54982, Process: avastsvc.exe)
2012/04/01 22:54:42 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54983, Process: avastsvc.exe)
2012/04/01 22:54:42 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54985, Process: avastsvc.exe)
2012/04/01 22:54:42 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54986, Process: avastsvc.exe)
2012/04/01 22:54:42 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54988, Process: avastsvc.exe)
2012/04/01 22:54:42 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54989, Process: avastsvc.exe)
2012/04/01 22:54:42 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54991, Process: avastsvc.exe)
2012/04/01 22:54:42 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 54992, Process: avastsvc.exe)
2012/04/01 22:56:35 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55147, Process: avastsvc.exe)
2012/04/01 22:56:35 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55148, Process: avastsvc.exe)
2012/04/01 22:57:39 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55173, Process: avastsvc.exe)
2012/04/01 22:57:39 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55174, Process: avastsvc.exe)
2012/04/01 23:00:43 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55184, Process: avastsvc.exe)
2012/04/01 23:00:44 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55185, Process: avastsvc.exe)
2012/04/01 23:01:08 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55187, Process: avastsvc.exe)
2012/04/01 23:01:08 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55188, Process: avastsvc.exe)
2012/04/01 23:03:48 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55202, Process: avastsvc.exe)
2012/04/01 23:03:48 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55203, Process: avastsvc.exe)
2012/04/01 23:05:49 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55211, Process: avastsvc.exe)
2012/04/01 23:05:49 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55212, Process: avastsvc.exe)
2012/04/01 23:07:50 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55245, Process: avastsvc.exe)
2012/04/01 23:07:50 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55246, Process: avastsvc.exe)
2012/04/01 23:14:08 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55364, Process: avastsvc.exe)
2012/04/01 23:14:08 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55365, Process: avastsvc.exe)
2012/04/01 23:16:08 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55382, Process: avastsvc.exe)
2012/04/01 23:16:08 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55383, Process: avastsvc.exe)
2012/04/01 23:20:17 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55400, Process: avastsvc.exe)
2012/04/01 23:20:17 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55401, Process: avastsvc.exe)
2012/04/01 23:22:25 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55409, Process: avastsvc.exe)
2012/04/01 23:22:25 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55410, Process: avastsvc.exe)
2012/04/01 23:23:21 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55414, Process: avastsvc.exe)
2012/04/01 23:23:21 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55415, Process: avastsvc.exe)
2012/04/01 23:24:25 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55418, Process: avastsvc.exe)
2012/04/01 23:24:25 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55419, Process: avastsvc.exe)
2012/04/01 23:28:35 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55440, Process: avastsvc.exe)
2012/04/01 23:28:35 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55441, Process: avastsvc.exe)
2012/04/01 23:30:35 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55449, Process: avastsvc.exe)
2012/04/01 23:30:35 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55450, Process: avastsvc.exe)
2012/04/01 23:32:45 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55521, Process: avastsvc.exe)
2012/04/01 23:32:45 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55522, Process: avastsvc.exe)
2012/04/01 23:33:42 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55529, Process: avastsvc.exe)
2012/04/01 23:33:42 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55530, Process: avastsvc.exe)
2012/04/01 23:34:46 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55533, Process: avastsvc.exe)
2012/04/01 23:34:46 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55534, Process: avastsvc.exe)
2012/04/01 23:38:48 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55637, Process: avastsvc.exe)
2012/04/01 23:38:48 -0400   COURTNEY-HP   Courtney   IP-BLOCK   111.111.111.111 (Type: outgoing, Port: 55638, Process: avastsvc.exe)

Online CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9099
Re: weird outgoing
« Reply #1 on: April 02, 2012, 07:14:41 AM »
Something on your system is being blocked from connecting to here in Japan

inetnum:        111.96.0.0 - 111.111.255.255netname:        KDDIdescr:          KDDI CORPORATIONdescr:          Garden Air Tower,3-10-10,Iidabashi,Chiyoda-ku,Tokyo,102-8460,Japancountry:        JPadmin-c:        JNIC1-APtech-c:         JNIC1-APstatus:         ALLOCATED PORTABLEremarks:        Email address for spam or abuse complaints abuse@dion.ne.jpchanged:        hm-changed@apnic.net 20090612changed:        ip-apnic@nic.ad.jp 20090624mnt-by:         MAINT-JPNICmnt-lower:      MAINT-JPNICsource:         APNIC role:           Japan Network Information Centeraddress:        Kokusai-Kougyou-Kanda Bldg 6F, 2-3-4 Uchi-Kandaaddress:        Chiyoda-ku, Tokyo 101-0047, Japancountry:        JPphone:          +81-3-5297-2311fax-no:         +81-3-5297-2312e-mail:         hostmaster@nic.ad.jpadmin-c:        JI13-APtech-c:         JE53-APnic-hdl:        JNIC1-APmnt-by:         MAINT-JPNICchanged:        hm-changed@apnic.net 20041222changed:        hm-changed@apnic.net 20050324changed:        ip-apnic@nic.ad.jp 20051027source:         APNIC inetnum:        111.111.111.0 - 111.111.111.255netname:        KDDI-NETdescr:          KDDI CORPORATIONcountry:        JPadmin-c:        JP00000127tech-c:         JP00000181remarks:        This information has been partially mirrored by APNIC fromremarks:        JPNIC. To obtain more specific information, please use theremarks:        JPNIC WHOIS Gateway atremarks:         orremarks:        whois.nic.ad.jp for WHOIS client. (The WHOIS clientremarks:        defaults to Japanese output, use the /e switch for Englishremarks:        output)changed:        apnic-ftp@nic.ad.jp 20091225source:         JPNIC
« Last Edit: April 02, 2012, 07:18:37 AM by craigb »

Offline junsai

  • Newbie
  • *
  • Posts: 3
Re: weird outgoing
« Reply #2 on: April 02, 2012, 02:39:23 PM »
idk what it could be but it must only happen when I have a certain site open. After closing all my browsers I havne't been getting those errors.

Online CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9099
Re: weird outgoing
« Reply #3 on: April 02, 2012, 03:55:15 PM »
You'll just have to monitor which site your on when you start recieving the blocked notices, it could be something just as simple as an image on a page your viewing - could be a forum with a member from Japan who has a gif or jpeg included in there post or signiture ??? to get a better understanding of it you would be better asking on the Malwarebytes forum.

Online polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 23627
  • malware fighter
Re: weird outgoing
« Reply #4 on: April 02, 2012, 04:08:03 PM »
Hi folks,

That is/was a malicious IP, see: -http://malc0de.com/database/index.php?search=111.111.111.111&IP=on
Could have been a connection to a Zeus C&C,
Quote
The address for this service  Process: pandoraservice.exe, not related to Pandora av but actually a hidden service that was installed
by the open source video viewer, KMPlayer,
was blocked by MBAM just because it was related to Zeus.
Probably the host has finally removed it, so MBAM is considering to remove the IP block, 
link:  http://forums.malwarebytes.org/index.php?showtopic=107952 quote info from MysteryFCM and  BeechV35Pilot,

If you have that KMPlayer, then now you know where the culprit of the problem is, hope you solve it soon.
Then do a full MBAM scan,

polonus


Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline junsai

  • Newbie
  • *
  • Posts: 3
Re: weird outgoing
« Reply #5 on: April 02, 2012, 07:05:15 PM »
kmplayer!! That's exactly it! I downloaded it a while ago but I never started getting those blocks until recently.

I did a scan last night with avast and malwarebytes and they found nothing. Also I haven't gotten any outgoing blocks since I closed chrome.

Online CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9099
Re: weird outgoing
« Reply #6 on: April 02, 2012, 07:22:02 PM »
kmplayer!! That's exactly it! I downloaded it a while ago but I never started getting those blocks until recently.

I did a scan last night with avast and malwarebytes and they found nothing. Also I haven't gotten any outgoing blocks since I closed chrome.
That was a good find by polonus, best to uninstall KMPlayer imo if it is doing this.

A better player for you would be VLC Player, excellent program and plays everything http://www.videolan.org/