Jump to content

How to use torrents safely?


Recommended Posts


I have an odd situation that I'd like some advice about.

My sister has been using uTorrent for several years now. About once a year she'd get a malware item for no apparent reason. She doesn't do general web browsing, just news etc. I always assumed she was doing something stupid and getting infected without realizing it. However...

I have just recently installed uTorrent and am ONLY downloading .AVI television shows from TVTorrents.com. I don't download any hijacked software, etc. I have been a computer tech for twenty years and own my own consulting company so I know the dangers of spyware/malware. I am extremely safe with my web browsing and if there is even a twinge of suspicion about a website I use FireFox to minimize my exposure. I have been using uTorrent for six months now without issue but mostly for downloading. Within the last six weeks I have been doing more seeding than downloading with the last two weeks being exclusively seeding. I leave it running 24/7 and only shut it down when I need to reclaim the bandwidth for work purposes.

Friday I sat down at my computer to do some work and FireFox as well as IE was redirecting all my google searches to various advertisement sites. The search results of both Yahoo and Google were pointing to http://go.yahoo.com and http://go.google.com and would then push me to an ad. The PC was working fine when I left it the day before. I tracked it down to a TDSSserv.sys driver that was loaded in the hidden devices of my device manager (and had variations on the TDSSxxxx.dll in my system32 folder). I disabled the driver and cleaned the files and all is well. Some say that is closely linked to the WinAntiVirus 2009 infections but I have no evidence of that on my system.

The above facts make me suspect that someone has found my open port and has remotely installed some malware. Or, perhaps someone else connected to my torrents has somehow infected me? I'm not sure. The only thing I am 100% sure about is that this is not operator error.

I'm going to continue using my torrents as I had been, but was wondering if anyone else has had this kind of thing happen to them? How can one protect against someone exploiting the open port? Is there any danger of being infected from a leecher? What other security suggestions do you have?

Thank you

Link to comment
Share on other sites

I will put my two cents in on this one.

Cliff note: Check numerous times with numerous up to date root kit detectors, if you have a kit you might be best off to format.

I had the same type of behavior when I was running a lot of torrent traffic. Everything was fine and then it was not. I was slightly unprotected (not having updated my virus and spy progs) at the time and I guess my computer condom broke. The behavior started with occasional redirects and then it increased over a period of days. What was strange was that any search for a virus site ,help site, or even microsoft was redirected to a fake results site. I was able to google several files in threads that I did not recognize in task manager. I found several suspect files but any delete would cause the file to be reinstalled AND new junk to appear. It just kept getting worse and worse till I began to get blue screens with stupid messages on them. Then I got one that said "bla bla bla sysinternals.com bla bla bla", I knew that that could not be true and googled the message and it was more malware. I think that it was a root kit detector from sysinternals.com that ended up detecting my main problem. I ended up having to format, it was either that or nuke it from orbit to be sure. If you can identify your bug then you can find out what it will take to remove the infestation. You may want to consider running utorrent and keeping all your utorrent stuff on a separate disc or partition with its own OS. It is what I am doing now and have had no further problems.

Link to comment
Share on other sites

Thank you for your input. I am using version 1.8.1.

I currently have the problems removed and the PC is working fine. I suppose I could make a second computer just for uTorrent with the torrents being stored on a drive separate from the OS and then make a image of the OS. Then if it gets hijacked I can just restore the image.

My virus scanner was current but I didn't have an active spyware scanner. I'm going to get uTorrent running again and try some configuration options to see if I can keep it more secure.

Any other comments are gladly welcomed.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...