csutak40 Posted November 21, 2013 Report Share Posted November 21, 2013 I just wrote a long post, went to "preview", and the page disappeared!So, this time I may start with what I had at the end of my last post first.I have had terrible problems trying to log in here, keep getting :This organization's certificate has been revoked.I have been having all sorts of problems with my computer, now reading here, it may all be connected.I found myself with the Bing browser, which I presumed had to do with iGoogle's demise, but maybe not?I use Malwarebytes, which has now found (several times) PUP.Optional.Conduit. I had no idea what that was, now it looks like it has to do with uTorrent?I had a "professional" look at my computer last week and he noticed uTorrent being installed, so told me to get rid of it and expressed his strong disapproval, which I took to mean that he didn't approve of the practice. Maybe I should have listened?Now to my most obvious problem, which is obviously 100% uTorrent related.I keep getting a pop-up https://www.dropbox.com/s/17skfttsukksil4/21-11-2013%201-03-18%20PM.png I was happening occasionally, now seems to be happening every few minutes.I am not very technically minded and although I do want to keep using uTorrent, I certainly don't want to do that by risking the security of my computer, so I certainly wouldn't want to change any settings that may render me unsafe.What do I do to fix this? Incidentally, i also have two versions of uTorrent in my add/remove programs list,https://www.dropbox.com/s/1fn7hb98lebsmon/21-11-2013%201-40-36%20PM.png but this has always been the case since I can remember.FWIW, I am running Win7 Pro and version 3.3.2 of uTorrentI am now sending this, without reviewing :-) Link to comment Share on other sites More sharing options...
DreadWingKnight Posted November 21, 2013 Report Share Posted November 21, 2013 That popup is malwarebytes being overparanoid.It blanket blocks by address without investigating or even pretending to investigate what the traffic actually is. Link to comment Share on other sites More sharing options...
csutak40 Posted November 21, 2013 Author Report Share Posted November 21, 2013 That popup is malwarebytes being overparanoid.It blanket blocks by address without investigating or even pretending to investigate what the traffic actually is.So, if that is the case, is there a way of stopping it? It is now happening every few seconds. Link to comment Share on other sites More sharing options...
ciaobaby Posted November 21, 2013 Report Share Posted November 21, 2013 Turn OFF malwarebytes, it doesn't actually do what you think it is doing in any case.Warning about outbound traffic is TOO LATE, your machine is already infected! Link to comment Share on other sites More sharing options...
csutak40 Posted November 23, 2013 Author Report Share Posted November 23, 2013 OK. I am not sure if to take your answer seriously, or is it tongue in cheek. Please give me serious answers, as I said I am not technically minded I have checked the IP addresses that keep showing up, one is in Holland, a couple in China and one in particular is a worry, as it says: The Project Honey Pot system has detected behavior from the IP address 194.165.0.3 that is consistent with that of a Mail Server and Dictionary Attacker.So, I am not sure that Malwarebytes is the problem, it may be uTorrent? I have been using it for years and this has only just started to happen. I have now taken to closing uTorrent when not it use. I opened it this afternoon and immediately, my virus checker (Kaspersky) blocked something to do with uTorrent as well. Funnily enough all these things being blocked doesn't seem to effect uTorrent. It is still working.However, these error messages popping up every few seconds are disconcerting and until/unless I know that those things are really harmless, I am not game to set up an exception for themI get 219.151.186.118218.9.223.7494.228.222.192194.165.0.3And there are two ports mentioned Port 50 & 11801 Always Process: utorrent.exeIs someone willing to help me here, please? Link to comment Share on other sites More sharing options...
ciaobaby Posted November 23, 2013 Report Share Posted November 23, 2013 IPs change all the time, what was being used for malicious purposes two hours ago may not be right now.'Blackhole' and RDNS lookup lists are ALWAYS historical, and tools that report outbound traffic when you are using P2P clients are simply distracting because a P2P client is ALWAYS communicating with remote IPs that are responding on MANY different ports, and at some point in the past over 25% of ALL IPs from ANY ISP may have been playing host to a "Zombie" or as part of a 'BotNet' and used maliciously. So you ARE going to get a LOT of 'false positives'.And; No it was not "tongue in cheek" any application that is communicating out from your machine is already installed and operational, so have ANY tool reporting it is very much "after the fact" and as such is a waste of time.Stopping the malware getting in and getting rooted is what you need, NOT being told that it is already there. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.