Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Copywrited downloads


  • Please log in to reply
3 replies to this topic

#1 dsmithATL

dsmithATL

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 07 January 2011 - 08:23 AM

I am helping a friend on a computer with Vista. She previously had a wireless router, and is served by Comcast. She has gotten several notices that someone has downloaded movies from her pc. Most of them were while her router was in place, probably unprotected. But she removed the router, turned off the computer over Christmas. She returned Dec. 31, plugged it back up without the router, and received a notice on Jan 1 that someone had downloaded something at 2 am on Jan 1. That is the one that I can't figure out.

I've searched her hard drive for *.torrent files, there are none. I ran Malwarebytes, no infections. I see no bit torrent clients in her program lists. I am about to conclude that the notice on Jan 1 is bogus, or at least had the wrong time in it, but wanted to check.

I have attached the tcpview file as requested. I also have a Hijackthis log file that I ran last night if needed.

THANKS very much for any help.

Don

Attached Files



BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,470 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:06 PM

Posted 07 January 2011 - 02:24 PM

Not seeing anything there. Was it definitely bittorrent that the notices were stating was being used?

#3 dsmithATL

dsmithATL
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 07 January 2011 - 02:52 PM

Thank you for your reply. Short answer to the question is "yes". Read below. Thank you VERY much for your help.

Yes. I am pasting in a copy of the notice she received, one of several. Protocol definitely says BitTorrent. This notice is for infringements prior to her removing the router. There is one for after that, Jan 1, and I'll paste that in also. However, as I was looking for it, I read another of her emails saying that she didn't return home from a trip to Florida until about 4 pm on Jan. 1. The notice was at 14 something GMT, which I think is around 9 EST, or 7 hours before she came home. I need to get with her on that. Also of interest, the Jan 1 notice came a few minutes after the supposed infringement. The other one, the December ones came several days after the supposed infringement.

DECEMBER INCIDENT:

Abuse Incident Number: NA0000020575052
> Report Date/Time: Fri, 24 Dec 2010 23:34:23 -0800 (FOUR DAYS AFTER THE LAST INFRINGEMENT DATE)
>
> Evidentiary Information:
> Notice ID: 22-116396882
> Initial Infringement Timestamp: 8 Dec 2010 03:47:11 GMT
> Recent Infringement Timestamp: 20 Dec 2010 23:20:33 GMT
> Protocol: BitTorrent
> Infringed Work: Shrek Forever After
> Infringed Work: Shrek Forever After
> Infringing File Name: Shrek Forever After
> (2010){BrRip.720p.x264}[1337x][blackjesus]
> Infringing File Size: 1472705798
> Bay ID: 5b702a5a38bde3fbe23cbf8a638814ec70b9ff62|1472705798
> Port ID: 0


JANUARY NOTICE:


Abuse Incident Number: NA0000020886991
> Report Date/Time: Sat, 1 Jan 2011 06:26:50 -0800 (TWO MINUTES 32 SECONDS AFTER INFRINGEMENT DATE TIME)


Evidentiary Information:
> Notice ID: 22-117414150
> Initial Infringement Timestamp: 1 Jan 2011 14:18:46 GMT
> Recent Infringement Timestamp: 1 Jan 2011 14:18:46 GMT
> Protocol: BitTorrent
> Infringed Work: How To Train Your Dragon
> Infringed Work: How To Train Your Dragon
> Infringing File Name: How to Train Your Dragon DIvX HQ 2010 ENG
> Infringing File Size: 736292246
> Bay ID: 3388c31c7539dc8bedaa17efaaea380acab42dc1|736292246
> Port ID: 50825
>>

Edited by Grinler, 07 January 2011 - 04:00 PM.
Removed ip


#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,470 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:06 PM

Posted 07 January 2011 - 04:00 PM

OK...pretty straight forward there :)

Have you checked her router and made sure there was no portforwarding going on?

That may give us a clue.

Also do they have any other network devices? I know some network devices have built in bittorrent clients.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users