Problem with Avast

[Zelda7]

Hello!

Since yesterday Avast shows me a warning message each time I open uTorrent. It seems to have appeared after the VPS database of Avast was updated.

It says that a malicious URL has been blocked, and the related processus is said to be uTorrent...

I have tried to removed all the torrents I've downloaded recently, or to install the latest version of uTorrent, but the message keeps appearing several times when uTorrent is running.

Do you have an idea of what the problem can be? Thanks.

[ciaobaby]

Check the URL and the virus name that Avast is warning about.

[Zelda7]

It's an extremely long URL I've never heard of before. I've tried to copy it entirely here but I can't...

It's finishing with: euphoria.sinkdns.org:6969/scrape?info_hash

In "infection" Avast only says: URL:Mal

Edit: here is the complete url on the page when I click on "more details" in avast:

http://puu.sh/4WPos.jpg

[ciaobaby]

Possible false positive, could be caused by:

The info_hash having a similar or identical hex sequence to a malware signature,

Somebody hijacking or faking a tracker URL in a torrent metadata that you have loaded

Other Avast users erroneously reporting the URL.

[Zelda7]

Ok thanks, I'm not exactly sure what you mean but I guess the problem is not so bad.

For the moment I will disable the pop-ups in Avast so I won't see the message anymore.

[ciaobaby]

Ok thanks, I'm not exactly sure what you mean but I guess the problem is not so bad.

For the moment I will disable the pop-ups in Avast so I won't see the message anymore.

The safer way is to look at the trackers for your running jobs and remove any references to euphoria.sinkdns.org:6969 as a tracker.

[1v4n0]

Same problem here, though the URL is a bit different (... X.tbone.sinkdns.org ...) Is there a way to see all the trackers of all my torrents at once, or do I have to check them one by one?

Anyway I noticed that the (loooong) url features this string &uploaded=0&downloaded=0&left=0, so that may mean this torrent is something weird that's not listed

See screenshot http://img13.imageshack.us/img13/4935/m8ol.jpg.

[ciaobaby]

After a bit of DNS research it looks link sinkdns.org is being used as a wildcard DNS redirect for a malware infected machine.

The domain has been recently registered/transferred to a "Domains By Proxy" anonymous owner and is listed by many malware sites.

So if you have a decent firewall, just block the hostname for outgoing requests.

[1v4n0]

I use Windows firewall. Could you explain me how to do that?

Thanks

[ciaobaby]

I did say a decent firewall!!

So, ... in that case use the Windows Hosts file to block it.

Open Notepad as Administrator

File -> Open C:\Windows\System32\drivers\etc\hosts (assuming that C:\Windows\ is your Windows installation)

Add a line of

127.0.0.1				euphoria.sinkdns.org

Then save the file

NB: The file has NO extension so do NOT allow notepad to add a .TXT extension.

[1v4n0]

EDIT Does not work. Still same popup

Thank you very much for your time. I don't know what I did, but I hope it works (we relate to computers the way the ancients related to earthquakes).

[ciaobaby]

Then tell Avast to ignore that particular hostname or find all instances of those trackers and remove them.

Pruning dead trackers is something that should be done in any case, as trying to communicate with them is simply wasted resources and badwidth.

[1v4n0]

Problem is I cant's seem to find any torrent with this tracker. Is there a quick way to look through all my torrents' trackers?

[ciaobaby]

Is there a quick way to look through all my torrents' trackers?

Not in the client.

But you could use Windows Search to run a partial match on file contents in the .torrent store location and take note the names of the files that are found.

[1v4n0]

I searched for all the .torrent files in my PC, opened them all with notepad, and then in one big text file, so I could look through their contents. Couldn't find anything about this "sinkdns".

Anyway maybe it's not that bad. I disabled popups on avast (they were coming every like 20") and everything works fine. Maybe.

[ciaobaby]

I searched for all the .torrent files in my PC, opened them all with notepad, and then in one big text file,

They are not text files, so Notepad wouldn't necessarily find anything.

[1v4n0]

Well it does find all the trackers.