Zelda7 Posted October 22, 2013 Report Share Posted October 22, 2013 Hello!Since yesterday Avast shows me a warning message each time I open uTorrent. It seems to have appeared after the VPS database of Avast was updated.It says that a malicious URL has been blocked, and the related processus is said to be uTorrent...I have tried to removed all the torrents I've downloaded recently, or to install the latest version of uTorrent, but the message keeps appearing several times when uTorrent is running.Do you have an idea of what the problem can be? Thanks. Link to comment Share on other sites More sharing options...
ciaobaby Posted October 22, 2013 Report Share Posted October 22, 2013 Check the URL and the virus name that Avast is warning about. Link to comment Share on other sites More sharing options...
Zelda7 Posted October 22, 2013 Author Report Share Posted October 22, 2013 It's an extremely long URL I've never heard of before. I've tried to copy it entirely here but I can't...It's finishing with: euphoria.sinkdns.org:6969/scrape?info_hashIn "infection" Avast only says: URL:MalEdit: here is the complete url on the page when I click on "more details" in avast:http://puu.sh/4WPos.jpg Link to comment Share on other sites More sharing options...
ciaobaby Posted October 22, 2013 Report Share Posted October 22, 2013 Possible false positive, could be caused by:The info_hash having a similar or identical hex sequence to a malware signature,Somebody hijacking or faking a tracker URL in a torrent metadata that you have loadedOther Avast users erroneously reporting the URL. Link to comment Share on other sites More sharing options...
Zelda7 Posted October 22, 2013 Author Report Share Posted October 22, 2013 Ok thanks, I'm not exactly sure what you mean but I guess the problem is not so bad.For the moment I will disable the pop-ups in Avast so I won't see the message anymore. Link to comment Share on other sites More sharing options...
ciaobaby Posted October 23, 2013 Report Share Posted October 23, 2013 Ok thanks, I'm not exactly sure what you mean but I guess the problem is not so bad.For the moment I will disable the pop-ups in Avast so I won't see the message anymore.The safer way is to look at the trackers for your running jobs and remove any references to euphoria.sinkdns.org:6969 as a tracker. Link to comment Share on other sites More sharing options...
1v4n0 Posted October 28, 2013 Report Share Posted October 28, 2013 Same problem here, though the URL is a bit different (... X.tbone.sinkdns.org ...) Is there a way to see all the trackers of all my torrents at once, or do I have to check them one by one?Anyway I noticed that the (loooong) url features this string &uploaded=0&downloaded=0&left=0, so that may mean this torrent is something weird that's not listed See screenshot http://img13.imageshack.us/img13/4935/m8ol.jpg. Link to comment Share on other sites More sharing options...
ciaobaby Posted October 28, 2013 Report Share Posted October 28, 2013 After a bit of DNS research it looks link sinkdns.org is being used as a wildcard DNS redirect for a malware infected machine.The domain has been recently registered/transferred to a "Domains By Proxy" anonymous owner and is listed by many malware sites.So if you have a decent firewall, just block the hostname for outgoing requests. Link to comment Share on other sites More sharing options...
1v4n0 Posted October 28, 2013 Report Share Posted October 28, 2013 I use Windows firewall. Could you explain me how to do that?Thanks Link to comment Share on other sites More sharing options...
ciaobaby Posted October 28, 2013 Report Share Posted October 28, 2013 I did say a decent firewall!!So, ... in that case use the Windows Hosts file to block it.Open Notepad as AdministratorFile -> Open C:\Windows\System32\drivers\etc\hosts (assuming that C:\Windows\ is your Windows installation)Add a line of 127.0.0.1 euphoria.sinkdns.orgThen save the file NB: The file has NO extension so do NOT allow notepad to add a .TXT extension. Link to comment Share on other sites More sharing options...
1v4n0 Posted October 29, 2013 Report Share Posted October 29, 2013 EDIT Does not work. Still same popup Thank you very much for your time. I don't know what I did, but I hope it works (we relate to computers the way the ancients related to earthquakes). Link to comment Share on other sites More sharing options...
ciaobaby Posted October 29, 2013 Report Share Posted October 29, 2013 Then tell Avast to ignore that particular hostname or find all instances of those trackers and remove them.Pruning dead trackers is something that should be done in any case, as trying to communicate with them is simply wasted resources and badwidth. Link to comment Share on other sites More sharing options...
1v4n0 Posted October 29, 2013 Report Share Posted October 29, 2013 Problem is I cant's seem to find any torrent with this tracker. Is there a quick way to look through all my torrents' trackers? Link to comment Share on other sites More sharing options...
ciaobaby Posted October 29, 2013 Report Share Posted October 29, 2013 Is there a quick way to look through all my torrents' trackers?Not in the client.But you could use Windows Search to run a partial match on file contents in the .torrent store location and take note the names of the files that are found. Link to comment Share on other sites More sharing options...
1v4n0 Posted October 29, 2013 Report Share Posted October 29, 2013 I searched for all the .torrent files in my PC, opened them all with notepad, and then in one big text file, so I could look through their contents. Couldn't find anything about this "sinkdns". Anyway maybe it's not that bad. I disabled popups on avast (they were coming every like 20") and everything works fine. Maybe. Link to comment Share on other sites More sharing options...
ciaobaby Posted October 29, 2013 Report Share Posted October 29, 2013 I searched for all the .torrent files in my PC, opened them all with notepad, and then in one big text file,They are not text files, so Notepad wouldn't necessarily find anything. Link to comment Share on other sites More sharing options...
1v4n0 Posted October 29, 2013 Report Share Posted October 29, 2013 Well it does find all the trackers. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.