Empyrion.exe and Malwarebytes Trojan Warning

Discussion in 'General Discussion' started by Starscorcher, Feb 24, 2021.

  1. Starscorcher

    Starscorcher Lieutenant

    Dec 23, 2015
    Likes Received:
    So today before i even started playing i was just sitting in the Join Server menu and Malwarebytes started to spam popup message me that Empyrion.exe was trying to connect to a Malwarebytes blocked IP address that they have blocked due to Trojan

    now i have done full checks on my system and my system is not infected, but this ip address Empyrion.Exe is trying to connect to has got Malwarebytes spamming the hek out of me

    is this IP in the attached image an official Empyrion IP that is safe to add to exclusions or is there something else at work here ?

    Attached Files:

    Kassonnade likes this.
  2. Fenra369

    Fenra369 Commander

    Apr 5, 2016
    Likes Received:
    The IP address you listed does not appear to be an official Empyrion IP address. The game is made in Germany, the location for this IP address is located in China, so... I would say it's unsecure. Perhaps changing the Port and see if the issue persists?
    Kassonnade likes this.
  3. Kassonnade

    Kassonnade Rear Admiral

    May 13, 2017
    Likes Received:
    Since you're waiting to access a server, I guess you have EAC running ?
  4. Khaleg

    Khaleg Lieutenant

    Nov 5, 2020
    Likes Received:
    The provider for this address is:
    inetnum -
    netname UNICOM-HA
    descr China Unicom Henan province network
    descr China Unicom
    descr No.21,JiN-Rong Street,
    descr Beijing 100033
    country CN
    admin-c CH1302-AP
    tech-c WW444-AP
    remarks service provider
    mnt-by APNIC-HM
    mnt-lower MAINT-CNCGROUP-HA
    mnt-routes MAINT-CNCGROUP-RR
    mnt-irt IRT-CU-CN
    irt IRT-CU-CN
    address No.21,Financial Street
    address Beijing,100033
    address P.R.China
    e-mail [email protected]
    abuse-mailbox [email protected]
    admin-c CH1302-AP
    tech-c CH1302-AP

    Reverse lookup: hn.kd.ny.adsl

    No reply to pings, no open ports from 00 to 1000, probably there is an active firewall there
  5. Darinth

    Darinth Commander

    Jan 11, 2021
    Likes Received:
    I suspect that someone has a server hosted at this address. Unless the server browser is using pings that are provided by the empyrion server listing (which would be inaccurate because your location can vary wildly from the server location) it sends a ping to every server that it's told about to determine your ping. And it probably doesn't use ICMP ping, it probably uses a UDP packet sent on a specific port. Thus if anybody was hosting a server on an IP that an anti-virus has a block on... this is going to happen.
    zaphodikus likes this.

Share This Page