Jump to content

ViruS? Exploit? BuG?!!! SOMEThiNG ELsE (attacks?)!! IMPORTANT!!! HELP


iPREnZ

Recommended Posts

Posted

Reset my exception list on Norman Firewall the other day (discovered a wierd "leak" on my internet connection), and what a sweet surprise I got when 100+ connections (stopped blocking per Ip after approximately 110 attempts and just blocket the fkng ports) tried to establish inbound connections on port 50026 n' 31336 (my assigned uTorrent port and the port I used 1 week ago). And @ the time my uTorrent wasn't even running!

Scanned the computer with 3 different Antiviiri progs + Adaware n' Ad-Watch and found none. Therefore my conclusion is that something is seriously amiss with uTorrent ( does it: start without me having started the process?(and not visibly running in processes) build in virus?, exploit? bug? or is just 200+ hackers trying constant portscans on my comp @ tha same time and just randomly happened to scan these ports?)

Plz. can someone explain this to me (moderators?) before I send a abuse report on everym*th*erfkkng ip that I have logged!

thnx in advance (or fu depending on answer ;)

Posted

it's normal to get connection attemps on ports you are using/having used in the past, even if you are not running any service on that port now.

The other computers that are "knocking" on that port have "your" IP and port still in their peer lists and they to try to connect you.

This is in most cases "normal background noise" on the net and no reason to send any abuse report to any ISP.

You don't complain to the police if someone just rings your doorbell, do you?!

Edit:

A Personal Firewall that bugs you with important-reports about connection attemps and labels for example a simple ping as a "hacker attack" that he successfully prevented is just snakeoil that uses these reports/messages to convince you how important he is!

you can ignore these messages or even better disable this sensefree reporting!

Posted

People can try to connect to you regardless of what you're running or not running on your computer, and even if your computer is turned off or crushed into a fine powder. Those connection attempts are probably from people who were your peers when you were running uTorrent, whose clients did not immediately "get the message" that you have left the swarm. Either that, or they're out to get you, whatever floats your boat.

Posted

Let me guess...you had DHT enabled?

If so, if your ip does not change those ports may be pounded on for weeks.

Barring that, your ip may still be hit by peers/seeds on torrents you recently downloaded for a week.

Posted

Falcon4; This is a Carbon error, problem or so called "EibKaC" (Error in between Keybard and Chair): your pf (personal firewall) is doing what is supposed to do, it is you who don't understand what is happening

PERSonAL FiREWaLLS ARE FULL OF CRAP

- wtf ???

blame yourself.

ps.: find somewhere and turn of logging packets going to unopened ports if you are paranoid.

Posted

Maybe you don't get it. The point is, if you have an IQ over 100 (which is tough to expect of the American public) you have absolutely no need for spyware, virus, or network so-called "protection" beyond incoming attacks, which are almost completely eradicated by the invention of the NAT router. All it takes is a little bit of common sense in Web browsing and you'll stay perfectly safe.

So-called "Personal firewalls" such as Norton Internet Security are the worst thing to be installed on a computer. They just slow you down and think "Oh, geez, I'm glad I have this thing, it just invented some crap attack it blocked!". It's like a security company that installed your security system dirt cheap then hires burglars to try breaking into your house. Gee, what a perfect bit of security we have.

Of course the computing world is so distorted and botched today, there's no way for one person, such as myself, to clean it up. Computers ship pre-loaded with crapware and paranoiaware, as well as tons upon tons of useless junk and so-called "offers" people actually buy, that there's no saving the world anymore. It's too far gone. I can only hope HP goes out of business, Microsoft slits their throat on the release of Vista, and we can have a "clean PC" revolution powered by nLite and Firefox.

*pff* Like that'll ever happen. :rolleyes:

Posted

I got it alright, you don't want to use pf and you are not capable of understanding people that do use it. So by the time you finaly learn how to use Linux(how long it can take you, ru dumb or something), you will recompile kernel without IPTABLES(assuming you have iq>=100 :P)- is that it ??? Because like you said pf just slows things down (stupid again...) and IPTABLES is nothing more than pf :)

And by the way, so what you saying is - people on lan, behind nat - they are all stupid becuase they use pf :) ?

And again by the way, you can get malware not only by browsing bangbuss sites with ie with activeX on dude :)

And at last - i'm not American, but i guess some of people here are...

Posted

Thnx µtorrent-Guest for the help... no need 2 panic then.......just dont trust nothin on the iNet (common sense, paranoia, whatever; acctually I dont even trust NPF or my nLite WinXP installation :) ).

Truth be told I wouldn't report those iP's as abuse (as if my Isp would acctually care.............. ) although I would prob. report 2 my landlord if it rang on my doorbell 110+ times...(exploit?, bug? yadda yadda ) ;)

WKR

ME

btw. 2 BaD iF UR HeAD HurtS FALC0N, PeRhAPS U ShouLD G0 SeE A D0cT0r? ( or cut down on that grrrreeen

sh!t?). But I Got Ur Attention Didn't I?

postscriptum: and of course, thnx 2 the rest of u who tried 2 help...

  • 3 years later...
Posted

Well - my version of uTorrent is definitely infected with a trojan virus. the last two times ive opened utorrent, I almost immediately get this fake virus scanning program appear in the system tray, and it shuts down all my anti-virus programs, stops access to msconfig - its nasty!!

so ive come on here to see if anyone else has had the problem. i saw one guy had something similar here:

http://www.utorrent.com/forum/viewtopic.php?id=36225

but now that's conveniently been put in the trash and the guy was virtually mocked!

anyhow - just wanted to post that this can be an issue for some people - utorrent being infected with virus' some how. i'm certain it was infected by another virus, but i just want to put it out there that utorrent may be a target of virus infections and the cause of ongoing virus issues.

Posted

If you got a virus, it wasn't from utorrent's website.

If you downloaded uTorrent.exe from somewhere other than utorrent's website, all bets are off.

What you download using uTorrent may be infected, but that doesn't sound like what you're saying...

Posted

@moogly - here it is. All looks fine to me, but I'm sure it'll be a different story if I open uTorrent. Okay I'll post this now, and I'll run uTorrent and we'll see what happens:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:56:55 PM, on 14/05/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Boot Camp\Bootcamp.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\system32\taskhost.exe

C:\Users\Jayden\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://co107w.col107.mail.live.com/default.aspx?wa=wsignin1.0

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\Windows\system32\AppleOSSMgr.exe

O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\Windows\system32\AppleTimeSrv.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Comodo BackUp Service (SynchronizationService.exe) - Unknown owner - C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--

End of file - 6905 bytes

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...