Warning, Peerblock is a virus uploader.

[FelixDeCat]

I had peerblock installed for one month (set to load with windows) and was constantly attacked. After I uninstalled it, the attacks stopped. Coincidence? I think not. They mostly occurred at justin.tv, candystand.com, and zynga. I did everything from disabling wireless to uninstalling pdf reader (sometimes before an attack I would get a "pdf 3d error" type message). The worst is Fake Spy Pro. It is lots of fun to clean from your computer.

Proof:

 

[lokiju]

I use it and have never had a virus on the box it's running on.

 

[FelixDeCat]

I use it and have never had a virus on the box it's running on.

And if I dont visit justin.tv, zynga or candystand.com, it otherwise seemed tame.

Now that Ive uninstalled it, I go to those sites and everything is normal again.

 

[Tobolo]

So if use peerblock and don't visit justin.tv, zynga or candystand.com I should be fine right?

I have a new box that I opened Tuesday and put peerblock on it. So far it's still clean as a whistle! I will keep an eye on it though thanks.

 

[AdamK47]

I've been able to avoid viruses on my home/main/gaming PC for about a decade now by not downloading and using chincy apps such as the one mentioned above. This method of virus protection works every time.

 

[WelshBloke]

Doesn't peerblock just update your hostfiles?
I don't use it but are you sure its this and nothing else on your computer.

 

[Crusty]

Doesn't peerblock just update your hostfiles?
I don't use it but are you sure its this and nothing else on your computer.

No he's not, it's just easy to blame the first thing that makes sense(even if little).

 

[WelshBloke]

Anyway if its for utorrent use this http://www.teckh.com/?p=87

 

[MadScientist]

I also have been using Peerblock since it first came out with no virus or malware problems.

Have it running now, all default lists checked and HTTP is blocked, with IE8 with INPrivate Filtering. Went to justin.tv, zynga, and candystand. Did complete scans of my computer with MSE and MAM, nothing detected.

Peerblock also works with utorrent.

 

[God Mode]

I have no problem with peerblock. It works much nicer than peerguardian. That thing was a nightmare.

 

[FelixDeCat]

I also have been using Peerblock since it first came out with no virus or malware problems.

Have it running now, all default lists checked and HTTP is blocked, with IE8 with INPrivate Filtering. Went to justin.tv, zynga, and candystand. Did complete scans of my computer with MSE and MAM, nothing detected.

Peerblock also works with utorrent.

Im using XP, and Im open to the idea that maybe peerblock is not the culprit. I have two separate installations, one on my main rig and one on the laptop. Both were subject to frequent virus attacks.

I do remember being on the sites for a few hours before an attack started. When you are on justin, have a show streaming, not just the homepage. I was playing "governer of poker" for a few hours on candystand. Now Im playing zynga poker as a myspace app:

http://profile.myspace.com/Modules/Applications/Pages/Canvas.aspx?appId=102102

Is there a way you can run your machine for a few hours, letting those sites run?

 

[MadScientist]

Im using XP, and Im open to the idea that maybe peerblock is not the culprit. I have two separate installations, one on my main rig and one on the laptop. Both were subject to frequent virus attacks.

I do remember being on the sites for a few hours before an attack started. When you are on justin, have a show streaming, not just the homepage. I was playing "governer of poker" for a few hours on candystand. Now Im playing zynga poker as a myspace app:

http://profile.myspace.com/Modules/Applications/Pages/Canvas.aspx?appId=102102

Is there a way you can run your machine for a few hours, letting those sites run?

I don't have a definitive answer for you except go to mechbgon's site and read section 11 of his guide, "How (and why) to secure your Windows PC"

http://www.mechbgon.com/build/security2.html

 

[FelixDeCat]

I don't have a definitive answer for you except go to mechbgon's site and read section 11 of his guide, "How (and why) to secure your Windows PC"

http://www.mechbgon.com/build/security2.html

So you are not going to run it for at least a few hours?

 

[lxskllr]

So you are not going to run it for at least a few hours?

Give me the exact urls of the sites you want me to open, and I'll do it :^)

 

[FelixDeCat]

Give me the exact urls of the sites you want me to open, and I'll do it :^)

zynga: http://profile.myspace.com/Modules/A...x?appId=102102

streaming voyager on jtv: http://www.justin.tv/levon03#r=YK1uZo0~

governer of poker: http://www.candystand.com/play/governor-of-poker

Let them run for at least two or three hours. If you get nothing, lmk.

Also, Im not using adblock or anything like that.

 

[lxskllr]

zynga: http://profile.myspace.com/Modules/A...x?appId=102102

streaming voyager on jtv: http://www.justin.tv/levon03#r=YK1uZo0~

governer of poker: http://www.candystand.com/play/governor-of-poker

Let them run for at least two or three hours. If you get nothing, lmk.

Also, Im not using adblock or anything like that.

Your first link won't open for me. I have the other 2 opened up in 2 instances of IE6. I have PeerBlock installed, with only P2P blocklist active. The only A/V I have running is Avira.

 

[FelixDeCat]

Your first link won't open for me. I have the other 2 opened up in 2 instances of IE6. I have PeerBlock installed, with only P2P blocklist active. The only A/V I have running is Avira.

I hope this is a test machine!

Also if fake spy pro gets past your virus dectector (it got past Microsoft Security Essentials twice, so I submitted them to MS as samples and they updated the virus data), turn off your computer and restart into safe mode. Then open up registry editor and delete the startup command for the virus. The name changes all the time but look for a registry entry for the malware located in your documents and settings/user/application data/"xxxyyy" or a jibberish folder like that. Then find the file and delete it. Also, it will change your IE settings/connections /lan settings to use a proxy server. You have to unclick the box to regain access to the internet.

Heres a direct link to Zynga, click on poker:

http://www.zynga.com/games/index.php?network=facebook

 

[lxskllr]

I hope this is a test machine!

Also if fake spy pro gets past your virus dectector (it got past Microsoft Security Essentials twice, so I submitted them to MS as samples and they updated the virus data), turn off your computer and restart into safe mode. Then open up registry editor and delete the startup command for the virus. The name changes all the time but look for a registry entry for the malware located in your documents and settings/user/application data/"xxxyyy" or a jibberish folder like that. Then find the file and delete it. Also, it will change your IE settings/connections /lan settings to use a proxy server. You have to unclick the box to regain access to the internet.

Heres a direct link to Zynga, click on poker:

http://www.zynga.com/games/index.php?network=facebook

That link works, and I have it open. I'm running these in a VM. I have XP SP2 installed, but I'm a bit behind on updates. I'll delete the machine if things get too out of hand. I only have it so I can try to get my scanner working without actually booting into XP. My scanner came with Vista drivers, but not 64bit. I don't scan much, but it's a PITA to boot into XP when I do have to make a scan.

 

[lxskllr]

Update, Just ran a full scan with Avira, all threat categories checked, and maximum heuristics. Came up clean. Everything's still open, will scan again later....

 

[FelixDeCat]

Sounds good. Curiously what version of Peerblock are you using?

I was using r181, win32

 

[jacc1234]

Dude, peerblock is not a virus uploader. You have no evidence to support your facts and there are thousands of people running this program without issue. I would look elsewhere for the source of your troubles.

 

[lxskllr]

I'm using 1.0. It was the most recent stable release on their site.

 

[olds]

Dude, peerblock is not a virus uploader. You have no evidence to support your facts and there are thousands of people running this program without issue. I would look elsewhere for the source of your troubles.

This.

 

[FelixDeCat]

I'm using 1.0. It was the most recent stable release on their site.

Hmmm....well if you have gone this far, you should try version r181.

 

[lxskllr]

Ok, I'm now using PeerBlock 1.0+ (r277). I think it's best if I get my downloads from their site. I could hunt the older version down somewhere else, but then you can't be certain of it's integrity. I forgot to mention that I have it setup to always allow http.