Gnutella Forums

Gnutella Forums (
-   Open Discussion topics (
-   -   My searches are being followed (

intanet November 16th, 2005 12:35 AM

My searches are being followed
I posted this in the wrong forum. I thought I'd try here for a solution.
There is a file that is 134.4 kbits where the guy imitates Bill Clinton saying "I did not have sex with Monica Lewinsky." It mascarades under different file names and lately, in so many files I search for, this file comes up under that name. I mean tonight I ran a search for Teddy Randazzo and Emilio Pericoli! Doesn't matter how obscure the search names, this file comes up under those names. It's following me in my searches. It seems the more obscure the file I search for, the more likely it comes up to catch you. When I tried to browse the host, that selection in the menu is greyed for these hosts. I blocked the user but it only blocks them from that particular search, not totally blocking them. I ran about 3 spyware programs, an anti virus search and an adware search and nothing came up. I found out that others are having this problem too and it is called a Trojan. Someone suggested that I block the file extension but if I did that then I wouldn't be able to download mp3 files. Someone else suggested that I notice the size of the file and not download the small file. But what I want to know is how do I locate the program or spyware or trojan they are using to know what I am searching and get rid of it?
Thanks for your help.

Here are the IP addresses that offer this file I blocked so far:

It's like a never ending list.

Sphinx November 16th, 2005 12:07 PM

Please read forum rules as you're not allowed to post IP's and or titles of what you're downloading & sounds to me like that is a virus or a generated mp3 desigused as a trojan or something. Nothing can follow you on P2P unless you got hit with something. I strongly suggest you run an anti virus program as soon as possible. You might have been infested by a bogus MP3.

is some additional AV tools to help you. I use the AntiVir Free Edition as it detects every single virus/trojan thats out there.

intanet November 16th, 2005 08:04 PM

Thanks for the heads up about the titles and IP addresses. I put the IP addresses there so some other Limewire user would not be victim to the bogus download but rules are rules.

Also, thanks for the link to the anti virus software but I mentioned that I .did run an anti virus check.


I ran about 3 spyware programs, an anti virus search and an adware search and nothing came up.
I guess you replied without reading the post closely. Anything in the rules about that? heh heh.

If anyone knows how to locate this bugus mp3 please let me know.

Grandpa November 16th, 2005 08:10 PM

The link below might help

intanet November 16th, 2005 09:45 PM

Thanks Grandpa. Very informative. I wonder if it was that file I downloaded about two weeks ago. I thought I was downloading a movie and, after I scanned it with my Avast anti virus software and got an ok, I opened it and it was full of porn pop ups. They were lightning fast I couldn't close the windows fast enough. There was even a graphic porn movie clip on one of the pages. Scared the heck our of me. I deleted the file but maybe it left something behind like this little trojan bugger. I can't say if it was a wmv. I thought it was avi or mpg but anyhow.
Thanks for the info. I'm still checking out the articles.

Sphinx November 17th, 2005 07:26 PM

welp, if you were more careful about what you're downloading then you wouldnt have gotten infested and Im not the one who makes the forum rules here. :rolleyes:

intanet November 17th, 2005 07:55 PM

By more carefull do you mean scan it with anti virus software before I open downloaded files? I do that.
By more careful do you mean having software that acts as a watchdog to P2P downloads which has Limewire in the list of P2P networks? I have that.
By more careful, do you mean, as new people to this media, we unfortunately will sometimes have to learn by experience of the many dangers that await us by those who say they are offering one thing and instead, offer something entirely different? Guilty as charged. But, as in life, those who learn from their own mistakes are ususally likely to be more understanding in their dealings with others.
Seems like even message boards are not free from snipers these days!

Sphinx November 17th, 2005 08:31 PM

Then HOW did you get infected then if YOU did all that? If you were careful and didnt just randomly click on something stupid that said Bill Clinton on it, you wouldnt have gotten a trojan. its called common sense and you sniped at me first. I tried to help, thats all. :rolleyes:

intanet November 18th, 2005 01:04 AM

The file I downloaded was not named "Clinton" but, since forum rules prohibit naming files as you mentioned before, I can't post the name of the file I downloaded. That's what is so sneaky about it. An unsuspecting person see's the file name that they are looking for and then clicks to download and this junk shows up. From what I read elseware in this fourm, this is happening to others too so maybe this thread will be helpful to others so they can at least be alert for this file size (134.4kb) which, if your not too savvy about these kind of things, you can get caught as I did. Isn't that one of the main points of these message boards anyhow? That people can find answers to their questions which, by the way, I havent' gotten yet. Rather than getting the answer as to how to get rid of this trojan or whatever it is, I have been getting yelled at by you that I am doing something wrong from breaking forum rules to being negligent or being a dumbo by blindly downloading junk and then crying about it. But anyhow, why don't we call a truce here.But, if you have an answer to the question, that would be great. I'd love to hear from you.

DL444 November 18th, 2005 03:32 AM

Sounds like a virus of some sort.

The reason your anti-virus is not working is most likely you do not have a signature for that virus.

You see a virus is just a program, just like every other program on your computer. You cannot tell a virus from a program, but you can tell one program from another.

Once your anti-virus company finds a "program" they want to call a virus, they configure the anti-virus software with a definition for that "program". Now when you ran a scan, if that program is on your hard drive, it will find it and identify it as a virus.

Presently anti-virus companies are not overly concerned about P2P or any virus that might infect P2P programs. If you're into conspiracy theories, it could be suggested a big corporation is releasing these virus and paying the anti-virus companies to look the other way. More than likely though they just do not see the money in P2P virus definitions yet.

You can try and get your anti-virus company to include your virus in their definitions. I doubt whoever wrote the virus went out of their way to make it easy to uninstall, unless you know a lot about computers or the an anti-virus company makes a fix, you might have to reformat your hard drive to rid yourself of this virus.

I recommend you talk to your anti-virus company. This is how anti-virus companies work, they wait for a virus to be released and for someone to report it to them, they then include this virus into their definitions. No help for you if you are one of the first to be infected, but better than nothing.

DO NOT click anything with the extensions .exe .com or .bat that you are not 100% sure about. If you follow that rule you cannot be infected this way.

ukbobboy01 November 18th, 2005 03:49 AM


Your anti-virus advice is spot on, that is indeed how most anti-viral apps work. However, some anti-virus apps, like Norton, look out for virus-like behaviour, e.g. new/unknown virus attacks your PC and your AV does not have a signiature for it yet. But before this new virus can do any damage the AV app catches and deletes it.

About a year, or so, ago my then Norton AV 2003 caught something that was behaving like a virus and zapped it.

So all in all, it depends on the AV you are using and the facilities it has.

UK Bob

DL444 November 18th, 2005 04:22 AM


Sounds like your talking about heuristic scanning. This is a real hit and miss way of looking for a virus. What if your virus does not display "virus like behavour". Not all virus need to open ports, send 1,000 emails etc.

If this virus has modified Limewire I doubt any heuristic type of scan is going to work unless it is tailored for Limewire or Limewire does something wierd that makes it fall within the heuristic search template.

ukbobboy01 November 18th, 2005 04:48 AM

Heuristic scanning

You are right, I was talking about "heuristic scanning" which, as you pointed out, is not foolproof but, along with what we currently have, is certainly better than nothing.

However, until another virus deleting technology emerges, we are stuck primarily with “signature” based AV apps, and you know the inherent problems this old technology faces.

Peace and safe internetting.

UK Bob

intanet November 18th, 2005 12:59 PM

Thanks for the replies.

Actually I never downloaded anything with .exe or .bat or .com. That's the point. The only files I ever downloaded were .mp3, .wma, .wmv and .avi. The link that Grandpa posted brings you to a link to a PC World article that says:

"Risk Your PC's Health for a Song?

Ads and adware have a new way to get on your computer--through files that appear to be music and video. PC World has learned that some Windows Media files on peer-to-peer networks .... contain code that can spawn a string of pop-up ads and install adware. They look just like regular songs or short videos in Windows Media format, but launch ads instead of media clips." ( a quote from the article.)

I once downloaded a regular movie with an .avi extention and after running a virus scan I opened it and the system went crazy using 100% resources with warnings from Windows XP that my resourses are dangerously low. I couldn't delete the file except using software that deleted it at boot up but I later found out that Windows XP has an issue processing .AVI files and that they are going to make a patch for that in their next Service Pack update. Hopefully that's all it was.
No matter how careful, it still can be a crap shoot. But I love my music and now that I just got DSL, I love those movies :) I just wrote to my anti virus software company. Thanks for that info. Funny, they have a feature in their software called "P2P Shield" which is why I chose them in the first place. For that extra protection.

All times are GMT -7. The time now is 03:41 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2020 Gnutella Forums.
All Rights Reserved.