Jump to content

weird chars in Client (of peers) and while creating New Label


bugger1

Recommended Posts

I notice that some peers on some torrents have garbage "Client" text, as shown in the screenshots. Maybe this is affecting the following:

And then later on when I tried to create a New Label I noticed that the prefilled text was semi-garbage and it's always different every time I choose Right Click on same torrent then choose Labels then New Label. But sometimes it does properly prefill/show the text of 2 of my existing labels. Sometimes their first letter is a random garbage character.

 

 

Other stuff:

That Hijackthis link gives me 404 "Not Found The requested URL /portal/en-US/threat_analytics/HJTInstall.exe was not found on this server." and the root url is "Forbidden You don't have permission to access / on this server." and the first link on ddg looks like a scam website, so I gave up trying Hijackthis.

Here's Process Explorer "save as":

Process	CPU	Private Bytes	Working Set	PID	Description	Company Name
svchost.exe		3,032 K	7,212 K	712	Host Process for Windows Services	Microsoft Corporation
svchost.exe	0.01	9,656 K	12,480 K	800	Host Process for Windows Services	Microsoft Corporation
svchost.exe		3,336 K	10,164 K	864	Host Process for Windows Services	Microsoft Corporation
svchost.exe		4,532 K	14,328 K	908	Host Process for Windows Services	Microsoft Corporation
svchost.exe	0.57	19,300 K	29,372 K	932	Host Process for Windows Services	Microsoft Corporation
svchost.exe		2,140 K	6,912 K	296	Host Process for Windows Services	Microsoft Corporation
svchost.exe	< 0.01	9,844 K	11,456 K	928	Host Process for Windows Services	Microsoft Corporation
TinyWall.exe	< 0.01	27,628 K	38,368 K	736	TinyWall	Károly Pados
taskhost.exe	< 0.01	8,636 K	11,208 K	1152	Host Process for Windows Tasks	Microsoft Corporation
explorer.exe	0.06	23,296 K	46,080 K	1216	Windows Explorer	Microsoft Corporation
 VBoxTray.exe	< 0.01	1,968 K	6,824 K	1316	VirtualBox Guest Additions Tray Application	Oracle Corporation
 TinyWall.exe	< 0.01	33,024 K	46,668 K	1324	TinyWall	Károly Pados
 peerblock.exe	< 0.01	14,424 K	2,348 K	1332	PeerBlock	PeerBlock, LLC
 uTorrent.exe	2.69	964,120 K	942,312 K	1164	µTorrent	BitTorrent Inc.
  utorrentie.exe	< 0.01	1,724 K	7,280 K	3060	WebHelper	BitTorrent Inc.
  utorrentie.exe	< 0.01	1,724 K	7,272 K	2360	WebHelper	BitTorrent Inc.
 TOTALCMD64.EXE	< 0.01	13,256 K	25,744 K	2376	Total Commander	Ghisler Software GmbH
  procexp64.exe	71.31	22,064 K	40,020 K	3676	Sysinternals Process Explorer	Sysinternals - www.sysinternals.com
svchost.exe	0.97	13,528 K	13,556 K	1496	Host Process for Windows Services	Microsoft Corporation
WmiPrvSE.exe	0.92	5,224 K	11,060 K	1708	WMI Provider Host	Microsoft Corporation
WmiPrvSE.exe	< 0.01	27,460 K	32,932 K	1968	WMI Provider Host	Microsoft Corporation
WmiPrvSE.exe		5,632 K	10,388 K	1472	WMI Provider Host	Microsoft Corporation
sppsvc.exe		9,804 K	15,144 K	2432	Microsoft Software Protection Platform Service	Microsoft Corporation
System Idle Process	14.10	0 K	24 K	0		
System	0.16	140 K	732 K	4		
 Interrupts	5.50	0 K	0 K	n/a	Hardware Interrupts and DPCs	
 smss.exe		384 K	1,196 K	264	Windows Session Manager	Microsoft Corporation
csrss.exe	< 0.01	1,748 K	4,804 K	336	Client Server Runtime Process	Microsoft Corporation
wininit.exe		1,300 K	4,628 K	384	Windows Start-Up Application	Microsoft Corporation
 services.exe	2.53	3,372 K	7,624 K	480	Services and Controller app	Microsoft Corporation
  svchost.exe		3,136 K	8,948 K	592	Host Process for Windows Services	Microsoft Corporation
  VBoxService.exe	< 0.01	2,504 K	6,716 K	652	VirtualBox Guest Additions Service	Oracle Corporation
 lsass.exe	0.89	3,536 K	10,828 K	492	Local Security Authority Process	Microsoft Corporation
 lsm.exe		2,200 K	4,296 K	500	Local Session Manager Service	Microsoft Corporation
csrss.exe	0.24	2,124 K	7,360 K	396	Client Server Runtime Process	Microsoft Corporation
winlogon.exe		2,412 K	7,156 K	424	Windows Logon Application	Microsoft Corporation
firefox.exe	0.01	188,392 K	268,944 K	796	Firefox	Mozilla Corporation
 firefox.exe		136,352 K	96,204 K	2904	Firefox	Mozilla Corporation
 firefox.exe		18,508 K	14,196 K	1304	Firefox	Mozilla Corporation
 firefox.exe		150,744 K	176,796 K	3108	Firefox	Mozilla Corporation
 firefox.exe		35,084 K	50,028 K	2560	Firefox	Mozilla Corporation
 firefox.exe		61,596 K	93,496 K	2180	Firefox	Mozilla Corporation
 firefox.exe	0.01	44,952 K	70,408 K	3312	Firefox	Mozilla Corporation
 firefox.exe		30,568 K	31,248 K	1396	Firefox	Mozilla Corporation

 

Let me know if I can provide more info? That utorrent session is still currently running...

capture_001_03032021_190855.jpg

capture_002_03032021_190911.jpg

capture_003_03032021_190953.jpg

capture_004_03032021_191001.jpg

capture_005_03032021_191009.jpg

capture_006_03032021_191015.jpg

capture_007_03032021_191020.jpg

capture_008_03032021_191026.jpg

capture_009_03032021_191040.jpg

capture_010_03032021_191045.jpg

capture_011_03032021_191051.jpg

capture_012_03032021_191057.jpg

Link to comment
Share on other sites

On 3/6/2021 at 3:40 AM, rafi said:

Sounds like corrupted  settings.dat file. Close utorrent, back it up, and replace it with a  0 size text file. Then, re-run uTorrent.

I haven't done it yet because I'm having trouble finding any such peers anymore, so far. But wouldn't it be more likely that it's some kind of memory corruption issue (not like bad ram, but like utorrent programming error which accidentally causes memory overwrites depending on incoming data, or worse, peers knowingly exploiting some flaw which had that side effect - or a flaw that only worked on older utorrent versions and the newer ones just show the Client as is and aren't affected - which means those peers set their Client to known garbage chars to exploit older utorrent versions; just guessing)

 

To me, it wouldn't make much sense that a corrupted settings.dat file would cause this(unless there are some other utorrent programming errors? and I presume client names aren't stored in that file because why would they!), but hey, I am willing to try that - as soon as I find such peers again.

 

Thanks for the suggestion.

 

EDIT: replying here due to

You have reached the maximum number of posts you can make per day.
 
so it's Windows 7 Pro 64bit

EDIT2: ok I've found 2 peers in 2 torrents, new settings.dat has no effect, however if you want to try it(before they finish downloading, they are leechers) it's on these 2 torrents:

Marvels.Agents.of.S.H.I.E.L.D.S05.1080p.BluRay.x264-SHORTBREHD[rartv]
Marvels.Agents.of.S.H.I.E.L.D.S02.1080p.BluRay.x264-SHORTBREHD[rartv]

from rarbg.to site

and it's these 2 IPs (respectively):

94.249.48.179:50321

77.171.73.237:50321

notice how they use the same port, though different countries. Also whenever I connect to them, their Client chars are newly randomized (ie. never the same chars)

Considering how the New Label also gives me random chars each time, I can only speculate that somehow some utorrent memory got overwritten at some point, which likely indicates the possibility for exploitation... my guess.

Link to comment
Share on other sites

Testing this is easiest. You can use my settings  to also get rid of some ads, plus try the newest LAA beta with it as well (both in my sig) ... There is always time for more complex troubleshooting... Which Windows version is this running on?

Link to comment
Share on other sites

I have found another torrent (Intimacy.2001.1080p.BluRay.x264-GUACAMOLE[rarbg] from rarbg.to site) whereby there's a host with the same 50321 port (uTP) and it has the same random chars in Client, but also all the other hosts which have different ports, on the same torrent, have random chars in Client column. I don't suppose anyone would be interested in checking it? you could set download speed to 1 KB so you wouldn't have to download it, and just see if you get the same issue. See also my prev. post's "edit".

 

EDIT: it's just "Intimacy.2001.1080p.BluRay.x264-GUACAMOLE" on rarbg.to site, 9.84GB

EDIT2: screenshot:

screen.jpg

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...