arronstakker Posted May 3, 2009 Report Share Posted May 3, 2009 Hi, I think I've picked up a virus that AVG can't detect as every time I search in uTorrent a page on my browser opens up as usual but the page shown seems fake, or at least the entire bottom 3/4 of the it does.The 'click-on-link' symbol (the pointing hand thing) stays on where ever the cursor is on the bottom 3/4 of the page. This was today, yesterday when I tried searching the page showed a list of sites with torrents which seemed normal but the McAfee SiteAdvisor symbols seemed to be over layed (for instance the question mark symbol - meaning the site was untested - had a green 'site is good' symbol over it).Needless to say I haven't clicked on anything and wondered if anyone had any thoughts on this or experienced similar problems. Link to comment Share on other sites More sharing options...
moogly Posted May 3, 2009 Report Share Posted May 3, 2009 What's the url in your web browser after a search in uTorrent bar? (try with Google selected as search engine in uT e.g.) Link to comment Share on other sites More sharing options...
Switeck Posted May 3, 2009 Report Share Posted May 3, 2009 Does your ISP run Phorm? Link to comment Share on other sites More sharing options...
arronstakker Posted May 3, 2009 Author Report Share Posted May 3, 2009 Got it, cheers moogly - I forgot you could change the search engine. It seems to only happen when I select BitTorrent. This is the url that is shown...http://search.utorrent.com/search.php?q=the%20wire%20season%202&e=http%3a%2f%2fwww.bittorrent.com%2fsearch%3fclient%3dutorrent1820%26search%3d&u=1Phorm - that's the dodgy ad company that distributes spyware right? How do I go about finding out if my ISP runs it? Nice one Switeck.Do you think it could still be a problem at my end (a trojan or something) or a problem with BitTorrent? Link to comment Share on other sites More sharing options...
moogly Posted May 3, 2009 Report Share Posted May 3, 2009 Do you have the same issue (when you select Bittorrent) if you bypass the redirection?Here: http://forum.utorrent.com/viewtopic.php?pid=405939#p405939 Link to comment Share on other sites More sharing options...
Switeck Posted May 4, 2009 Report Share Posted May 4, 2009 Can't you legally ask your ISP if it uses Phorm?Phorm may redirect websites to display "targeted ads". Link to comment Share on other sites More sharing options...
arronstakker Posted May 4, 2009 Author Report Share Posted May 4, 2009 Apparently my ISP dropped Phorm last year.Tried setting gui.bypass_search_redirect to True but the same thing still happens when I search in Bittorrent.I scanned the page with Dr.Web anti-virus link checker and it gives it the all clear but apparently Dr.Web isn't that reliable anyway(?). Link to comment Share on other sites More sharing options...
Switeck Posted May 4, 2009 Report Share Posted May 4, 2009 TCP View and Process Explorer...1st link in my signature mentions where to get them. (very bottom) Link to comment Share on other sites More sharing options...
jewelisheaven Posted May 4, 2009 Report Share Posted May 4, 2009 One nice thing MS decided to do for Sysinternals is do "live" which in this case is actually very useful.The format for destination URLs is http://live.sysinternals.com/tools/TOOLNAME so http://live.sysinternals.com/tools/tcpview.exe and http://live.sysinternals.com/tools/procexp.exe will take you directly now ;DIt definitely sounds like you have some sort of page injection going on, I'd go for more of a trojan/rootkit detector than typical AV in your case, though it's never a good idea to go online without AV. Link to comment Share on other sites More sharing options...
arronstakker Posted May 4, 2009 Author Report Share Posted May 4, 2009 Thanks guys I'm going to take out a bit of time and work through your suggestions and will get back to you with the results. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.