Today while checking the network connections I found something strange. The KeisTrayAgent running on my PC is connecting to some IP Address in the internet. It seemed something strange and I am thinking that there is something wrong with the connections, so did a bit more analysis. Here are my findings
Kies Tray Agent (KiesTrayAgent.exe) is part of the Samsung Keis application suite. Samsung uses the Keis application suite for managing the Samsung Galaxy application suits. I have installed this sometime back for managing the Samsung Galaxy S phone.
The KiesTrayAgent in my PC is connecting to the IP address 82.148.102.3. Why should an agent connect to an external IP address, especially something which manages the Mobile phone? Now I thought the IP address would be located in the Samsung network.
To my surprise, the IP Address 82.148.102.3 is located in the Qatar Doha Qatar Telecom (qtel) Q.s.c network. It is also identified to be part of the ADSL pool
inetnum: 82.148.102.0 – 82.148.102.255
netname: Mobile-Broadband-Pool-No-6
descr: ADSLPOOL
country: qa
So why is the KeisAgentTray.exe connects to an HTTP service at 82.148.102.3? I have checked up the webpage at this IP address. The access is redirected to a login page http://82.148.102.3/login/
It just give me the above screen. Wrong password; enter password.
My current guess is that either the KeisAgentTray on my PC is compromised. But on a larger scale, it could be that the above file is compromised and unnoticed. What do you say?
thanks
I have EXACTLY the same problem. Have you found a solution? The AuthentiCode signature of my KiesTrayAgent.exe is valid.
These addresses that show up are off-load servers. Usually nothing to worry about. They help distribute content from one countries servers to a server that is local to your connecting ip.