Jump to content

Installed poweriso and eset is blocking websites


Recommended Posts

Installed power iso and since did eset is popping up blocking websites that power iso is trying to connect to.  Eset blocked like 62 sites..and this only started after poweriso was installed.  Any idea why?

 

Michael

Link to comment
Share on other sites

My question is why is this type of software attempting to connect to the Internet with the activity you posted? It is basically just software to create a .iso file for the most part. At most, the only outbound connection it would need is to the vendor's server for software updates.

Link to comment
Share on other sites

5 minutes ago, itman said:

My question is why is this type of software attempting to connect to the Internet with the activity you posted? It is basically just software to create a .iso file for the most part. At most, the only outbound connection it would need is to the vendor's server for software updates.

not sure on that..just know that before it was installed it was not blocking sites..but after installed it..it starts popping up that its blocking sites..

 

Michael

Link to comment
Share on other sites

  • Administrators

We still don't know what address is being blocked. As already requested, please post the appropriate record from the Filtered websites or Detection log.

Link to comment
Share on other sites

1 minute ago, Marcos said:

We still don't know what address is being blocked. As already requested, please post the appropriate record from the Filtered websites or Detection log.

working on finding the logs..since not sure where they are..

 

Michael

Link to comment
Share on other sites

12 minutes ago, Marcos said:

We still don't know what address is being blocked. As already requested, please post the appropriate record from the Filtered websites or Detection log.

the site it shows is different ones of this: hxxp://www.tivatuddpnoheni.com

Like this:

hxxp://www.tivatuddpnoheni.com/ofr/Solululadul/osutils.cis;Blocked by internal IP blacklist;E:\PowerISO\PowerISO7-x64.exe;THE-BREWERY

hxxp://www.tivatuddpnoheni.com;Blocked by internal IP blacklist;E:\PowerISO\PowerISO7-x64.exe;THE-BREWERY

hxxp://www.tivatuddpnoheni.com/ofr/Solululadul/icc_v5_8.cis;Blocked by internal IP blacklist;E:\PowerISO\PowerISO7-x64.exe;THE-BREWERY

looks like its in a blacklist list of sites in the program?

 

Michael

 

Link to comment
Share on other sites

Just now, itman said:

Checked this on URLVoid and site is 100% clean.

Thought it might be but want to make sure if its in the program how to remove it..or if it was from eset side to see why it was..

 

Michael

 

Link to comment
Share on other sites

15 minutes ago, mmatthe8667 said:

hxxp://www.tivatuddpnoheni.com/ofr/Solululadul/osutils.cis;Blocked by internal IP blacklist;E:\PowerISO\PowerISO7-x64.exe;THE-BREWERY

hxxp://www.tivatuddpnoheni.com;Blocked by internal IP blacklist;E:\PowerISO\PowerISO7-x64.exe;THE-BREWERY

hxxp://www.tivatuddpnoheni.com/ofr/Solululadul/icc_v5_8.cis;Blocked by internal IP blacklist;E:\PowerISO\PowerISO7-x64.exe;THE-BREWERY

You also need to post the IP addresses associated with these alerts. It's possible a redirect is going on.

Link to comment
Share on other sites

1 minute ago, itman said:

You also need to post the IP addresses associated with these alerts. It's possible a redirect is going on.

ok got ones like this:

www.tivatuddpnoheni.com goes to 95.211.184.67

ww42.tivatuddpnoheni.com goes to 199.115.112.67

also this site comes up: img.powopibobu3.com which goes to 46.166.187.59

Michael

 

Link to comment
Share on other sites

31 minutes ago, mmatthe8667 said:

www.tivatuddpnoheni.com goes to 95.211.184.67

Appear the IPs are associated with a domain server - per Robtex: 

Quote

The IP number is in Netherlands. It is hosted by LEASEWEB.

That server appears to have one or more malicious domains associated with the domains it is hosting:

Quote

We investigated 100 host names that point to 95.211.184.67 . Example: cdneu.dadafarada.com, img.conicono.com, img.yepabonocemm.com and cdneu.appchucklegift.com. We estimate that it is used as ip number by 161 host names.

 

Quote

THREATMINER

Threat information such as virus etc

URI

Last Seen URL
2016-05-20 02:06:45 http://cdneu.dolphinmemory.com/products/PDF-Reader-v2.cis
2016-05-07 06:04:22 http://cdneu.tokoholapisa.com/ofr/Solululadul/asgnd.cis
2016-02-07 10:47:46 http://img.mydivcdn.com/img/CH_logo_new.png
2016-01-22 07:47:47 http://img.sourceforgecdn.com/img/Rerarapepe/Rerarapepe_b.png

 

 
Edited by itman
Link to comment
Share on other sites

4 hours ago, itman said:

Appear the IPs are associated with a domain server - per Robtex: 

That server appears to have one or more malicious domains associated with the domains it is hosting:

 

 

Would we know why its trying to contact those sites..since the exe is from poweriso site?  And since its trying to connect to them is the poweriso itself safe?

 

Michael

Link to comment
Share on other sites

13 hours ago, mmatthe8667 said:

Would we know why its trying to contact those sites..since the exe is from poweriso site? 

One benign reason is the software is trying to update itself. It should have an option to change/disable auto updating. Disable auto update and if the outbound connections cease, you have resolved the issue.

If the outbound connections persist, it could be indicative of malicious or other undesirable activity.  

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...