Jump to content
Comet Forums
Guyver106

Bitcomet reaching out to UDP connections that are infected with botnet:Blacklist

Recommended Posts

Hello, starting today, I have seen Bitcomet reach out to multiple UDP connections infected with the BOTNET:Blacklist. Has anyone else seen this? 

I have scanned my machine for viruses and it has come up clean. My A/V software is aborting the connections as well. 

Share this post


Link to post
Share on other sites

It's possible that the file you are trying to download contains the virus and your a/v is simply reacting and refusing to download it. The fault isn't at your end - it's on the machine that's seeding

Share this post


Link to post
Share on other sites

The message my antivirus displays:

 

Danger - Botnet:Blacklist

URL - udp://213.152.162.5:47081   < (this changes with every message)

Process - C:\Program files\bitcomet\bitcomet.exe

 

When bitcomet is active, this message keeps showing up and disrupts whatever I'm doing. Even after closing bitcomet, it still shows up for some time before finally stops. I have the same old torrents that have been over a month, but these messages started just few days ago.  This is making using bitcomet nearly impossible.

 

Share this post


Link to post
Share on other sites

There are a couple of youtube videos abiut it and how to remove it here and here plus a note from Avast saying they're investigating it

Share this post


Link to post
Share on other sites

Nope, watched these youtube videos and checked very thoroughly - no viruses, no unknown new programs, no Mail.ru or any other unwanted things anywhere.

Also the note from Avast says to submit the file to their developers for analysis. - does not help - the same file (bitcomet.exe v.1.67) has been fine before and it's not changed or replaced and does not contain virus itself.

So it's not a local problem - something is wrong with UDP connections. 

Share this post


Link to post
Share on other sites

It's nit Bitcomet that is the problem - if it was, this forum would be swamped with complaints. I run Adaware, updated daily, and there is NO problem. Mail.ru was just an example - it said, in that video, to check on any recently installed programs (round the time that the problem occured). Niot knowing what may be on your computyer, I'd recommend doing as suggested and uninstalling any apps that are from that time period and see if it goes away

Share this post


Link to post
Share on other sites

My latest installed program is from 26 May 2020. This problem started just few days ago.

I have checked my computer with antivirus and malwarebytes - nothing found. 

It looks like Bitcomet tries to make udp connections to infected addresses. I know it's not Bitcomet problem, because the same bitcomet.exe had no problems until now.

I suspect the problems are these udp URLs that have become infected. How to prevent Bitcomet from connecting to these infected URLs ?

Is there some way to automatically blacklist these URLs ?

 

 

There is the same problem reported (started just few days ago) with another torrent client: https://www.reddit.com/r/qBittorrent/comments/hir7ym/botnet_blacklist_on_qbittorrent/

So it looks like something global. 

Edited by Konkar (see edit history)

Share this post


Link to post
Share on other sites

An update - today no more antivirus pop-ups. I guess the infected udp URLs are either blocked, no more infected or just gone. Or maybe some update of the antivirus keeps the pop-ups for showing.

Share this post


Link to post
Share on other sites

AsI said - you had a virus/trojan (probably from something you downloaded) and it took a while for the a/v definitions to be updated to catch it

Share this post


Link to post
Share on other sites

As I said - no viruses. (never had any in more than 20 years - I'm an IT specialist by profesion) And I have not downloaded anything new, just seeding.

Antivirus message said that Bitcomet.exe tried to connect to the udp URLs that are infected. (not that my PC has virus) And it also said that these connections were safely interrupted

And the same problem bothered many different people with different torrent clients around the world at a same time - very obviously not something in my PC.

 

For now the antivirus got some update that probably just disables the message.

Share this post


Link to post
Share on other sites

Trust me - you had a virus that was producing that mesage. Now whether you want to believe it or not - that's what happened. I didn't have it and neitherdid a lot of otherpeople. If it was inherent in Bitcomet, this thread would run to several dozen pages of 'me too's

Share this post


Link to post
Share on other sites

How could virus produce a message from Avast antivirus ? (And the message appeared only when running Bitcomet) I checked TaskManager and everything was ok, no unknown processes while these messages appeared, and also checked the process paths to be sure - everything checkd out.

I checked the antivirus logs for the last few days - not a single virus reported, just blocked connections attempts from Bitcomet.exe (Believe me - my system is 100 % virus proof)

The reason that there are not too many users who report it here is that many users don't use Avast. And many users who use Avast, use another torrent client. (I did put a link in earlier post with an example of the same problem with another torrent clients)

The common thing with all these reports is Avast antivirus.

 

No point in talking about viruses anymore - I already know what the problem was. There is a discussion about it in Avast forum and it turned out to be an Avast error. (Avast web shield false positive reports) and it got fixed with the latest update.

 

Share this post


Link to post
Share on other sites

While that is as my be, I'd never EVER claim that "my system is 100% virus proof" (whether it's on Linux or Windows) and I've been in IT (hardware and software) since 8 bit days.

While it may not be a virus per se, it was enough to trigger Avast (which I don't use - I use Adaware on 'doze and Clam on Linux)

Share this post


Link to post
Share on other sites

Well, I know thoroughly everything that goes on with my system and I also know every file and folder and their purposes. I scan my system constantly with different kinds of scanning tools and software and I download only very specific stuff and I always scan it very thorougly. (Every download goes into sandbox first). Also my system is not anything standard - it has been modified heavily for security. As I said earlier - no viruses in my system(s) in over 20 years. (I have also been in IT very long time - my first personal computer was XT)  If I say my system is 100% virus free, then I know what I'm saying.

The stuff that triggered Avast was not in my (or in any other user's) system - it was on these URLs that Avast flagged as infected. 

Share this post


Link to post
Share on other sites

Colour me unimpressed - I have been  WORKING with computers since before even the Intel 8086 - try the 8080 and Z80 - eight bit machines but I am not as blind as to even THINK that 'my system is 100% secure'.

I repeat - if you are online then you are NOT secure. Many years ago the FBI commented that the only reaolly securecompuer was one that had neverbeen plugged in or even taken out of the box. How do you think that servers get hit with ransomware, etc? Do you believe that the people running those don't have working security apps?

Share this post


Link to post
Share on other sites

Hahaha - it's not a d*** measuring contest. (The XT was just the first computer that I owned.) The point is I know what I'm talking about.

Why I claim that my system is 100% secure ?  The same reason I mentioned before - how else do you explain how I'm managed to keep all my systems virus free all the time ?  I could bet a large sum of money and have some security experts check my system. 

 

Always check stuff, then double check with another tools, then, if the stuff is a program, run it in a sandbox first. The system must have more than one shields and firewalls. And it also helps to have a great knowledge about different dangers and about your system's inner works. The biggest enemy to any system is it's user. Always.

 

But it has gotten off topic - the original problem is gone.

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...