Tunerz Posted January 6, 2012 Share Posted January 6, 2012 For some weird reason, Adobe Reader, SpiderOak, Firefox, and other Internet-aware apps are trying to connect what seems to be some sort of torrent trackers. I managed to find it in Online Armor logs. I'm baffled that all point to localhost address 127.0.0.1 plus some random port.Screenshots:Could it be some backdoor going through? Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted January 6, 2012 Administrator Share Posted January 6, 2012 Are you using any fix for MS Office? Cause I think one of it's fixes does that, but not 100% sure. Check your Hosts file too. Link to comment Share on other sites More sharing options...
Tunerz Posted January 6, 2012 Author Share Posted January 6, 2012 I've been using Office 2010 Toolkit v2.2.3 from MDL for a long time now; however, it only uses KMSEmulator.exe and port 1688.Also, this is the contents of my host file127.0.0.1 activate.adobe.com207.46.170.123 youporn.com #points to microsoft.com207.46.170.123 www.youporn.com #points to microsoft.com66.220.146.11 www.facebook.com66.220.146.11 facebook.com66.220.146.11 www.puntakadito.com66.220.146.11 puntakadito.com207.46.170.123 fhm.com.ph #points to microsoft.com207.46.170.123 www.fhm.com.ph #points to microsoft.com207.46.170.123 www.fhm.com #points to microsoft.com#80.168.48.103 formula1.com#80.168.48.103 www.formula1.comAdditionally, this is one of the prompts I got from Online Armor Link to comment Share on other sites More sharing options...
Atasas Posted January 6, 2012 Share Posted January 6, 2012 Clearly its some sort of malware> Just run MBAM and some CCleaner or else- such connections dont appear to be as what they are. Link to comment Share on other sites More sharing options...
Tunerz Posted January 6, 2012 Author Share Posted January 6, 2012 I also posted this in Emsisoft forums to see if they would also know this issue. Anyway, I'm currently backing up most files, steam games, drivers, and installers. Afterwards, I'll resume MBAM's scanning. If ever it didn't find anything, I'll finally do my very first reformat for my lappy. Link to comment Share on other sites More sharing options...
kmr1684 Posted January 6, 2012 Share Posted January 6, 2012 sorry to dissappointing you buddy but check twice or thrice of your device driver back up before backing up, becoz nowadays nasties can infect the pc any way thsy want so check it before back up thats it bye bye bye :P Link to comment Share on other sites More sharing options...
vin3e Posted January 6, 2012 Share Posted January 6, 2012 207.46.170.123 youporn.com #points to microsoft.com:D:D Link to comment Share on other sites More sharing options...
Kojootti Posted January 6, 2012 Share Posted January 6, 2012 I also posted this in Emsisoft forums to see if they would also know this issue. Anyway, I'm currently backing up most files, steam games, drivers, and installers. Afterwards, I'll resume MBAM's scanning. If ever it didn't find anything, I'll finally do my very first reformat for my lappy.I checked the site, and gotta say.. pretty f*n lame behaviour of an torrent site to plant some malware on their site.You obviously have mistakenly clicked here:If you do so,it won't be the .torrent download,but instead it will add infront of the .torrent url:"http://www.1clickdownloader.com/download/product_download.php?fileName=http://1337x.org/download/xxxxxx/"and then starts to download some downloadersetup.exe on your machine.On my VM,I didn't even open the file,and then Online Armor starts to give me the same alerts as you got.If you must use that site,don't click on that area but instead click on "Torrent Download" (see picture below) Link to comment Share on other sites More sharing options...
Polgaso Posted January 6, 2012 Share Posted January 6, 2012 why would the site allow it anyway? hmm i'm glad i'm not in public tracker anymore. Link to comment Share on other sites More sharing options...
Tunerz Posted January 7, 2012 Author Share Posted January 7, 2012 sorry to dissappointing you buddy but check twice or thrice of your device driver back up before backing up, becoz nowadays nasties can infect the pc any way thsy want so check it before back up thats it bye bye bye :PI just backed up driver installers, to ensure their integrity.207.46.170.123 youporn.com #points to microsoft.com :D:DI'll probably add more sites, so I can surprise porn surfers on me lappy being redirected to Microsoft.I checked the site, and gotta say.. pretty f*n lame behaviour of an torrent site to plant some malware on their site.You obviously have mistakenly clicked here:If you do so,it won't be the .torrent download,but instead it will add infront of the .torrent url:"http://www.1clickdownloader.com/download/product_download.php?fileName=http://1337x.org/download/xxxxxx/"and then starts to download some downloadersetup.exe on your machine.On my VM,I didn't even open the file,and then Online Armor starts to give me the same alerts as you got.If you must use that site,don't click on that area but instead click on "Torrent Download" (see picture below)I'll probably blacklist the site, and do the steps on a VM environment. I'm quite happy you managed to replicate to situation and find the solution. :) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.