Jump to content


Photo

False Positives with Utorrent Running?


  • Please log in to reply
2 replies to this topic

#1 hmmhello

hmmhello

    New Member

  • Members
  • Pip
  • 2 posts

Posted 24 January 2010 - 10:26 AM

Wait....

Before you all say "torrenting is normally illegal stuff, yadda yadda" I am seeding Sabayon Linux, foobar, etc etc, nothing illegal. Secondly, this is a fresh install of less than 2 days and I have downloaded nothing fishy or visited any odd websites, so I am thinking this has to do with seeds.

*sorry if this is in the wrong place btw :)*

So, here's a basic log of what has been happening


10:01:02 linux MESSAGE Protection started successfully
10:01:06 linux MESSAGE IP Protection started successfully
10:01:55 linux IP-BLOCK 117.200.241.124
10:02:06 linux IP-BLOCK 212.117.173.187
10:02:26 linux IP-BLOCK 89.248.166.206
10:02:56 linux IP-BLOCK 117.199.67.6
10:02:56 linux IP-BLOCK 117.201.80.62
10:04:06 linux IP-BLOCK 117.197.126.251
10:04:46 linux IP-BLOCK 89.28.91.224
10:04:46 linux IP-BLOCK 89.28.98.48
10:06:47 linux IP-BLOCK 89.28.114.230
10:08:28 linux IP-BLOCK 212.113.33.130
10:09:08 linux IP-BLOCK 212.117.172.36
10:13:15 linux MESSAGE Protection started successfully
10:13:18 linux MESSAGE IP Protection started successfully
10:15:28 linux IP-BLOCK 212.113.33.130
10:15:29 linux IP-BLOCK 212.113.33.130
10:15:39 linux IP-BLOCK 212.113.33.130
10:16:59 linux IP-BLOCK 212.113.33.130
10:16:59 linux IP-BLOCK 212.113.33.130
10:16:59 linux IP-BLOCK 212.113.33.130
10:18:39 linux IP-BLOCK 208.64.120.53
10:18:39 linux IP-BLOCK 208.64.120.53
10:18:49 linux IP-BLOCK 208.64.120.53
10:18:49 linux IP-BLOCK 208.64.120.53
10:18:49 linux IP-BLOCK 208.64.120.53
10:18:49 linux IP-BLOCK 208.64.120.53
10:18:59 linux IP-BLOCK 58.240.121.101
10:18:59 linux IP-BLOCK 208.64.120.53
10:18:59 linux IP-BLOCK 208.64.120.53
10:19:09 linux IP-BLOCK 208.64.120.53
10:19:09 linux IP-BLOCK 208.64.120.53
10:19:09 linux IP-BLOCK 208.64.120.53
10:19:09 linux IP-BLOCK 208.64.120.53
10:19:19 linux IP-BLOCK 208.64.120.53
10:19:19 linux IP-BLOCK 208.64.120.53
10:19:29 linux IP-BLOCK 208.64.120.53
10:19:29 linux IP-BLOCK 208.64.120.53
10:19:29 linux IP-BLOCK 208.64.120.53
10:19:29 linux IP-BLOCK 208.64.120.53
10:21:20 linux IP-BLOCK 212.113.33.130
10:21:20 linux IP-BLOCK 212.113.33.130
10:21:30 linux IP-BLOCK 212.113.33.130


As you can see it's getting a bit maddening for me to see this thing pop up constantly

Any suggestions? I'd hate to just turn it off as I think it's great, but I can't deal with all these false positives either

#2 Fatdcuk

Fatdcuk

    Malware BBQ'er

  • Moderators
  • PipPipPipPipPipPip
  • 20,550 posts
  • Gender:Male
  • Location:127.0.0.1

Posted 24 January 2010 - 10:49 AM

Hi hmmhello,

They are not False positives,

They are indeed traffic too and from blacklisted IP's ranges

Yes you are almost certainly transmitting data if you are seeding to
computers hosted on the blacklisted IP's and yes you are if you are downloading stuff then you also will be receiving data from computers hosted on the blacklisted IP's

Our IP protection is not designed to sniff packets and determine whether they are malicious in content.

It is purely a brute force block against data traffic to and from known bad IP's and thus mitigates any malicious data whether known or unknown being able to gain entry onto your PC from those sources.
Ade Gill
Research Engineer

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 hmmhello

hmmhello

    New Member

  • Members
  • Pip
  • 2 posts

Posted 24 January 2010 - 11:10 AM

Ah thanks for the reply :)

I figured it was uTorrent and not something else, I checked my HJT log and it was fine, I just normally run in Linux so I'm not used to Malwarebytes, I'll keep it on but I'll turn IP protection off while I'm torrenting




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users