iPREnZ Posted January 17, 2007 Report Posted January 17, 2007 Reset my exception list on Norman Firewall the other day (discovered a wierd "leak" on my internet connection), and what a sweet surprise I got when 100+ connections (stopped blocking per Ip after approximately 110 attempts and just blocket the fkng ports) tried to establish inbound connections on port 50026 n' 31336 (my assigned uTorrent port and the port I used 1 week ago). And @ the time my uTorrent wasn't even running!Scanned the computer with 3 different Antiviiri progs + Adaware n' Ad-Watch and found none. Therefore my conclusion is that something is seriously amiss with uTorrent ( does it: start without me having started the process?(and not visibly running in processes) build in virus?, exploit? bug? or is just 200+ hackers trying constant portscans on my comp @ tha same time and just randomly happened to scan these ports?)Plz. can someone explain this to me (moderators?) before I send a abuse report on everym*th*erfkkng ip that I have logged!thnx in advance (or fu depending on answer
iPREnZ Posted January 17, 2007 Author Report Posted January 17, 2007 and btw ... sry bout bad n foul language; is just a bit upset right now.
µtorrent-Guest Posted January 17, 2007 Report Posted January 17, 2007 it's normal to get connection attemps on ports you are using/having used in the past, even if you are not running any service on that port now.The other computers that are "knocking" on that port have "your" IP and port still in their peer lists and they to try to connect you.This is in most cases "normal background noise" on the net and no reason to send any abuse report to any ISP. You don't complain to the police if someone just rings your doorbell, do you?!Edit:A Personal Firewall that bugs you with important-reports about connection attemps and labels for example a simple ping as a "hacker attack" that he successfully prevented is just snakeoil that uses these reports/messages to convince you how important he is!you can ignore these messages or even better disable this sensefree reporting!
Harry Poppins Posted January 18, 2007 Report Posted January 18, 2007 People can try to connect to you regardless of what you're running or not running on your computer, and even if your computer is turned off or crushed into a fine powder. Those connection attempts are probably from people who were your peers when you were running uTorrent, whose clients did not immediately "get the message" that you have left the swarm. Either that, or they're out to get you, whatever floats your boat.
Falcon4 Posted January 18, 2007 Report Posted January 18, 2007 i AGReE WiTH eXaCTLY WhaT uTORRent-GUEst SaID... PERSonAL FiREWaLLS ARE FULL OF CRAP. AND TALKiNG LiKE THiS IS HURTING MY BRaiN!!1
Switeck Posted January 18, 2007 Report Posted January 18, 2007 Let me guess...you had DHT enabled?If so, if your ip does not change those ports may be pounded on for weeks.Barring that, your ip may still be hit by peers/seeds on torrents you recently downloaded for a week.
lsd Posted January 18, 2007 Report Posted January 18, 2007 Falcon4; This is a Carbon error, problem or so called "EibKaC" (Error in between Keybard and Chair): your pf (personal firewall) is doing what is supposed to do, it is you who don't understand what is happeningPERSonAL FiREWaLLS ARE FULL OF CRAP- wtf ???blame yourself.ps.: find somewhere and turn of logging packets going to unopened ports if you are paranoid.
Falcon4 Posted January 18, 2007 Report Posted January 18, 2007 Maybe you don't get it. The point is, if you have an IQ over 100 (which is tough to expect of the American public) you have absolutely no need for spyware, virus, or network so-called "protection" beyond incoming attacks, which are almost completely eradicated by the invention of the NAT router. All it takes is a little bit of common sense in Web browsing and you'll stay perfectly safe.So-called "Personal firewalls" such as Norton Internet Security are the worst thing to be installed on a computer. They just slow you down and think "Oh, geez, I'm glad I have this thing, it just invented some crap attack it blocked!". It's like a security company that installed your security system dirt cheap then hires burglars to try breaking into your house. Gee, what a perfect bit of security we have.Of course the computing world is so distorted and botched today, there's no way for one person, such as myself, to clean it up. Computers ship pre-loaded with crapware and paranoiaware, as well as tons upon tons of useless junk and so-called "offers" people actually buy, that there's no saving the world anymore. It's too far gone. I can only hope HP goes out of business, Microsoft slits their throat on the release of Vista, and we can have a "clean PC" revolution powered by nLite and Firefox.*pff* Like that'll ever happen.
lsd Posted January 18, 2007 Report Posted January 18, 2007 I got it alright, you don't want to use pf and you are not capable of understanding people that do use it. So by the time you finaly learn how to use Linux(how long it can take you, ru dumb or something), you will recompile kernel without IPTABLES(assuming you have iq>=100 )- is that it ??? Because like you said pf just slows things down (stupid again...) and IPTABLES is nothing more than pf And by the way, so what you saying is - people on lan, behind nat - they are all stupid becuase they use pf ? And again by the way, you can get malware not only by browsing bangbuss sites with ie with activeX on dude And at last - i'm not American, but i guess some of people here are...
iPREnZ Posted January 18, 2007 Author Report Posted January 18, 2007 Thnx µtorrent-Guest for the help... no need 2 panic then.......just dont trust nothin on the iNet (common sense, paranoia, whatever; acctually I dont even trust NPF or my nLite WinXP installation ). Truth be told I wouldn't report those iP's as abuse (as if my Isp would acctually care.............. ) although I would prob. report 2 my landlord if it rang on my doorbell 110+ times...(exploit?, bug? yadda yadda ) WKRMEbtw. 2 BaD iF UR HeAD HurtS FALC0N, PeRhAPS U ShouLD G0 SeE A D0cT0r? ( or cut down on that grrrreeen sh!t?). But I Got Ur Attention Didn't I?postscriptum: and of course, thnx 2 the rest of u who tried 2 help...
jaydenl Posted May 12, 2010 Report Posted May 12, 2010 Well - my version of uTorrent is definitely infected with a trojan virus. the last two times ive opened utorrent, I almost immediately get this fake virus scanning program appear in the system tray, and it shuts down all my anti-virus programs, stops access to msconfig - its nasty!!so ive come on here to see if anyone else has had the problem. i saw one guy had something similar here:http://www.utorrent.com/forum/viewtopic.php?id=36225but now that's conveniently been put in the trash and the guy was virtually mocked!anyhow - just wanted to post that this can be an issue for some people - utorrent being infected with virus' some how. i'm certain it was infected by another virus, but i just want to put it out there that utorrent may be a target of virus infections and the cause of ongoing virus issues.
moogly Posted May 13, 2010 Report Posted May 13, 2010 @jaydenl: post Hijackthis log.Guide: http://forum.utorrent.com/viewtopic.php?id=29748
Switeck Posted May 13, 2010 Report Posted May 13, 2010 If you got a virus, it wasn't from utorrent's website.If you downloaded uTorrent.exe from somewhere other than utorrent's website, all bets are off.What you download using uTorrent may be infected, but that doesn't sound like what you're saying...
jaydenl Posted May 14, 2010 Report Posted May 14, 2010 @moogly - here it is. All looks fine to me, but I'm sure it'll be a different story if I open uTorrent. Okay I'll post this now, and I'll run uTorrent and we'll see what happens:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:56:55 PM, on 14/05/2010Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Boot Camp\Bootcamp.exeC:\Program Files\AVG\AVG9\avgtray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Windows\system32\taskhost.exeC:\Users\Jayden\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Windows Live\Contacts\wlcomm.exeC:\Program Files\Microsoft Office\Office14\OUTLOOK.EXEC:\Program Files\iTunes\iTunes.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exeC:\Windows\system32\conhost.exeC:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exeC:\Windows\system32\conhost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://co107w.col107.mail.live.com/default.aspx?wa=wsignin1.0R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLLO2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllO4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exeO4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htmO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\Windows\system32\AppleOSSMgr.exeO23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\Windows\system32\AppleTimeSrv.exeO23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exeO23 - Service: Comodo BackUp Service (SynchronizationService.exe) - Unknown owner - C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exeO23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe--End of file - 6905 bytes
Recommended Posts
Archived
This topic is now archived and is closed to further replies.