Randomly my Spyware Doctor intelliguard will be disabled. I think it might be upon reboot and/or whenever I open up intelliguard on the occassion. Not sure how often it occurs.

Additionally, I recently had a "bad site" blocked and the reason given was: Trojan.Storm_Infection_Server

Now, I haven't installed any weird programs at all, and I've generally been as safe as you can be. NoScript & AdBlock in my Firefox, Spyware Doctor does it's almost daily quick scan and weekly full scan. No issues outside of the usual cookies and other junk you get from browsing the web.

Is it safe to assume that the Trojan.Storm_Infection_Server thing was the result of some malicious script in an ad or something trying to run, and Spyware Doctor preventing it from doing so? Y'know, as opposed to me having an actual infection on my PC (considering NOTHING shows up at all when doing a full scan or quick scan.)

DISCLAIMER: I really haven't perused any "unsafe" sites and this is a fresh PC.

Hi MEMANIA,

What version of Spyware Doctor do you have installed?
Do you have any other security apps running?

Could you also post a history file of SD to this thread and we can check out the detection with Trojan.Storm_Infection_Server.

Version: 6.0.1.441

Here are the results in question:

7/21/2009 8:23:41 PM:877
Site Guard: Blocked Site
Threat Name - Trojan.Storm_Infection_Server
Details - Site Guard has blocked access to a bad website
Risk Level - Medium
Infection - 89.137.157.11 (89.137.157.11)

7/21/2009 8:24:48 PM:783
Site Guard: Blocked Site
Threat Name - Trojan.Storm_Infection_Server
Details - Site Guard has blocked access to a bad website
Risk Level - Medium
Infection - 89.254.128.148 (89.254.128.148)

Are you perhaps running BitTorrent, uTorrent or other P2P downloading applications?

That could be a cause.

I had recently installed BitComet, and I uninstalled it once I got the warning out of fear it was related to that.

I would bet that was the cause. When you use P2P programs, you open your PC up to the world. SD is doing its job.

After you installed bitcomet, did the messages go away?

I would bet that was the cause. When you use P2P programs, you open your PC up to the world. SD is doing its job.

After you installed bitcomet, did the messages go away?

Yes. However I hadn't even begun to download anything with BitComet when the warnings popped up. So, by using Spyware Doctor would it be safe to assume that Spyware Doctor will help protect me from anybody wishing to wreck some havoc on my computer if I'm trying to use a P2P program?

I would hate to stop using P2P in general, as it definitely helps out smaller communities without sucking out their bandwidth (like downloading a local bands album they offer for free by using a torrent on their site.)

EDIT: Spyware doctor does seem to occasionally want to disable every couple of days (when scanning sometimes), but I've made it password protected so it can't auto-shutdown without my input.

For more info on the detection, check out: http://www.pctools.com/mrc/infections/id/Trojan.Storm_Infection_Server/

Name: Trojan.Storm_Infection_Server
Threat Level: Medium
Description: Trojan.Storm_Infection_Server is a collection of IP addresses that is known to be hosting storm files.

This doesn't appear to be a detection from BitComet itself, as Site Guard has detected a bad site that you have visited.

What are you actually doing when the notification for SD pops up? I tried recreating the problem and installed BitComet v1.13 but could not recreate the problem.

The weird thing was, I was just scouring the web. I've installed uTorrent and I haven't had any issues since however.

As for Intelliguard, on the occassion it DOES try to shut down. I've made it password required so it doesn't though. It seems to occur, perhaps, whenever I do a FULL scan.

Update: It has apparently been consistently trying to do this once per day. Always the same issue. It didn't happen for a day or two. I installed uTorrent, and it appeared to have started up again. I still have yet to actually torrent anything at all. This is quite upsetting. :-/

EDIT: I've rolled back to July 2nd. I'm keeping my fingers crossed here. As far as I know I don't have any actual trojans or viruses or anything dangerous on this thing. I've done NUMEROUS checks. But, the fact SOMETHING, a well hidden hi-jacker or something, is trying to download these trojans behind my back and/or disable my Spyware Doctor program gives me the creeps. Y'know?

It seems to try and access one of these "bad servers" once a day. But only once a day, and only from the 21st onward. Although it took a break on the 22nd & 23rd, and then it started up again. Prior to me installing uTorrent (I believe.)

If you believe your PC is infected, please follow the instructions in this thread (http://www.pctools.com/forum/showthread.php?t=55923) and I can check this out further.

Btw, when did this problem start occuring? was it when you installed BitComet or uTorrent?

Do you have any other security applications installed?

It happened when I installed BitComet. At least the "bad site" issue that said I was connecting to various IPs that contained the storm trojan or whatever.

I jumped back 3+ weeks to July 2nd. I had a few weird issues, like it said I had a keylogger program (PC_Activity_Monitor) installed, but, I checked through my start menu where it said it was, and I couldn't find it. I removed the problematic things anyways, and reloaded my PC and did like... 5 different scans with Spyware Doctor and some other software like Malware Bytes and HiJackThis and couldn't find anything strange running or hiding.

Earlier today it did a Smart Update, and then disabled itself after it said my Smart Update was up to date. It then said I needed to install the latest updates to enable the Intelliguard and to run a scan, etc. So, I double checked and it was updated and still wouldn't work. I rebooted Spyware Doctor and everything seemed to be working fine at that point. Not sure what any of that means.

Sometimes I think I have an infection, and other times it seems like nothing is wrong at all. I'm going to let this system restore that I did run it's course over the week and see if any of these weird issues occur. The ORIGINAL issue seems to be nowhere in sight, and these other issues I feel were freak occurrences (like the PC_Activity_Monitor could be related to some of the software that was originally installed on my PC after I had someone wipe my computer and reinstall windows, etc. in order to make sure a previous virus issue I had was gone for good, as there were a few programs like that which were "good" that were making Spyware Doctor a little "warning" happy.) but it'd be nice if someone could shed some light.

You might want to try some additional root-kit scans.

There are three good free ones... Panda, Blacklight and Sophos.

Here is more info on some others>
http://www.techsupportalert.com/best-free-rootkit-scanner-remover.htm#Quick_Selection_Guide

Give the root-kit scans a go and see if it picks up anything. I am assuming that you have XP. I do not know if those utilities work on Vista.

Did you ever have Norton on your PC? It leave a lot of stuff behind that remains hidden as well as the live update program. I have had this cause weird things on PCs. If so there is a removal tool available from the Symantec web site or here>

http://www.pctools.com/forum/showthread.php?t=56318

I've run Blacklight and Panda. Didn't have a chance to register and try Phobos, but... yeah, I haven't found anything suspicious with those programs. Any clue why it may have freaked out after running the update and then disabled itself?

The thing did it again after it updated. I uninstalled Spyware Doctor and reinstalled it. Hopefully that solved whatever messed up issue I was having. I think it was related to the rollback in the system restore.

The thing did it again after it updated. I uninstalled Spyware Doctor and reinstalled it. Hopefully that solved whatever messed up issue I was having. I think it was related to the rollback in the system restore.

Let us know if the issue returns.

Happened again. It said my malware databases weren't installed, even though they were.



8/6/2009 6:01:40 PM:531
Scan Finished
Scan Type - Intelli-Scan
Items Processed - 254742
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0

8/6/2009 6:46:40 PM:125
IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - uid quantserve.com

8/6/2009 6:46:40 PM:125
IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - mc quantserve.com

8/6/2009 6:46:40 PM:203
IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - idrxvr xiti.com

8/6/2009 6:46:40 PM:296
IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - NETID01 revsci.net

8/6/2009 6:46:40 PM:296
IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - NETSEGS_K05540 revsci.net

8/6/2009 6:46:40 PM:296
IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - rsi_cls_1000000 revsci.net

8/6/2009 6:46:40 PM:296
IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - rsi_segs_1000000 revsci.net

8/6/2009 11:54:24 PM:593
Smart Update
Smart Update has determined that Spyware Doctor is up to date

8/6/2009 11:54:25 PM:140
Immunizer Results
ActiveX section has been immunized. No items were processed.

8/7/2009 5:56:31 AM:968
Smart Update
Smart Update has successfully installed new updates.

8/7/2009 5:56:32 AM:31
Anti-Malware Engine
Anti-Malware engine configuration failure: #-1 (126, The specified module could not be found)

8/7/2009 5:56:32 AM:812
Immunizer Results
ActiveX section has been immunized. No items were processed.


8/7/2009 11:58:37 AM:968
Smart Update
Smart Update has determined that Spyware Doctor is up to date

8/7/2009 11:58:38 AM:125
Immunizer Results
Immunize operation Stopped

8/7/2009 11:58:38 AM:140
IntelliGuards status
All IntelliGuards were Deactivated (permanently)

8/7/2009 11:58:39 AM:125
Immunizer Results
The ActiveX section has been Unimmunized, Processed 4971 items.

8/7/2009 6:00:07 PM:328
Scheduled task error
Error Initializing Scheduled task: Full scan of this computer

8/7/2009 6:00:44 PM:515
Smart Update
Smart Update has determined that Spyware Doctor is up to date

8/7/2009 8:24:52 PM:156
Service Stopped
Spyware Doctor Service Application Stopped

8/7/2009 8:25:21 PM:968
Service Started
Spyware Doctor Service Application started

8/7/2009 8:25:21 PM:968
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.

8/7/2009 8:25:29 PM:625
Behavior Guard
Successfully initialized the ThreatFire engine.

8/7/2009 8:25:35 PM:390
IntelliGuards status
All IntelliGuards were Enabled

8/7/2009 8:25:39 PM:31
Immunizer Results
ActiveX section has been immunized, Processed 4966 items.

8/7/2009 8:25:50 PM:656
Immunizer Guard status changed
IntelliGuard Protection: Immunizer Guard had been turned off

8/7/2009 8:25:51 PM:359
Immunizer Results
The ActiveX section has been Unimmunized, Processed 4966 items.

8/7/2009 8:25:51 PM:390
Immunizer Guard status changed
IntelliGuard Protection: Immunizer Guard has been turned on

8/7/2009 8:25:54 PM:812
Immunizer Results
ActiveX section has been immunized, Processed 4966 items.

8/7/2009 8:26:27 PM:656
IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_lex7Fihxxx7Fx7Clyq 2o7.net

8/7/2009 8:26:27 PM:656
IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi_jcyonx7Eyjabola 2o7.net

8/7/2009 8:26:27 PM:734
IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - rsi_cls_1000000 revsci.net

8/7/2009 8:26:27 PM:734
IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - rsi_segs_1000000 revsci.net

8/7/2009 8:26:27 PM:734
IntelliGuard Detection Cleaned
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - NETSEGS_J06575 revsci.net

Every time I shutdown/reboot my PC or I shutdown/reboot Spyware Doctor it starts working again. I've also uninstalled, rebooted, and reinstalled Spyware Doctor when this was originally happening.

Esentially, it did an Update, then Immunizer shutdown permanently (without even needing my password) and acted like the databases were never at all installed, etc.

Couple of things.

Would you please provide a HiJackThis log. You get the product at Trend Micro.

Just for grins, would you run a Malwarebyes Antimalware full scan. You get the product a malwarebytes.org.

Let's see if we can anil this problem down.

HijackThis Log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:53 AM, on 8/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\UltraMon\UltraMon.exe
D:\Mp3\Winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Monsters\PowerGramo\PowerGramo.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Zune\Zune.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zune\ZuneNss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Mp3\Winampa.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.ex e
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243091078062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245887638000
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CESQR - Sysinternals - www.sysinternals.com - C:\DOCUME~1\LAUGHI~1\LOCALS~1\Temp\CESQR.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5161 bytes


MBAM says nothing's wrong:


Malwarebytes' Anti-Malware 1.40
Database version: 2577
Windows 5.1.2600 Service Pack 2

8/8/2009 11:06:38 AM
mbam-log-2009-08-08 (11-06-38).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|V:\|)
Objects scanned: 577921
Time elapsed: 2 hour(s), 23 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

As far as I can see, you have a pretty clean HiJackThis log.

Let me know about the MBAM scan.

Posted MBAM log.

I perused both logs again. The only thing that I do not recognize is the following service:

O23 - Service: CESQR - Sysinternals - www.sysinternals.com - C:\DOCUME~1\LAUGHI~1\LOCALS~1\Temp\CESQR.exe

Do you know what this is? It looks to be from Sysinternals which is a suite of tools from Microsoft. Which tool have you loaded?

It is odd in that it is a service pointing to a temporary file in a temporary folder.

I just removed the .exe, it said it was a Rootkit Detection Utility. Perhaps related to one of the programs you had me run earlier.

I didn't notice it when I ran HiJackThis a week or so ago.

If it was the root kit utility it was probably Root Kit Revealer, a safetool.

Other that that I can not see any issues. Maybe somebody else can add to this post.

Since Achen was helping also, you might want to PM to review the additions to this thread. He will be back in Sunday around 3PM Pacific time.

We tried testing this scenario and could not recreate the problem.

We set up SD to auto update for 30 minutes, updating 15 times with no issues no issues. Check the history log and nothing displayed as shutting down/off.

Could let us know how often Intelli-Guard turns off according to the history file. It would be great if you could attach the history file to this thread so we can see how often this happens from previous days.

Attached is the txt file, you should be able to rename it to a .htm and view it properly. I recently got an update today, and it hasn't turned off yet.

One thing that I noticed is that you get a lot of 3rd party ad/tracking cookies.

You might want to edit your Internet Explorer settings to prevent a lot of that.

Control Panel, Internet Options, Privacy, Advanced, Accept First, Block Third, Allow Session.

Control Panel, Internet Options, Privacy, Advanced, Accept First, Block Third, Allow Session.

Just toggled Firefox to disallow Third Party cookies. It was always bugging me/worrying me when I had all of that random junk, just out of paranoia.

I just wanted to keep you all abridged.

I've had zero issues so far with the bad site stuff after the system rollback and it's been quite a few weeks. There was however an issue with uTorrent (I assume) freaking out Spyware Doctor. Spyware Doctor seemed like it was in a perpetual state of disabled, EVERYTHING had red text and it wouldn't restart or let me click on anything. My start bar was also frozen. I rebooted the computer and it asked that I reboot my computer again so Spyware Doctor could update.

This was while downloading files and seeding them over night. I've read on uTorrents website that Spyware Doctor doesn't get along well with uTorrent. Any possible fixes/solutions for this at all? Is Spyware Doctor finicky with ALL P2P services?

I also had some weird issue with Firefox freezing up and not working until I closed it up and rebooted it. But I think that's not directly related to Spyware Doctor.

We tested the issue with uTorrent but was unable to recreate the problem. We tested 1 torrent seeding overnight and it was ok. We'll try it with multiple files and see how this goes.

Thanks for testing. It may have been an isolate incident. The <sarcasm> awesome </sarcasm> thing that happened was my "bad site" issue started popping up again. I'm becoming more and more baffled.

Is it possible for somebody to attempt to connect to malicious sites by using commonly open ports in torrent programs? It seems whenever I begin using a torrent software these issues begin to pop up. 95% of the time it's trying to connect to a Storm Trojan Server and only ONCE was it some other IP address that contained some sort of worm. I'm at my wit's end. I've been plagued by this since the end of JUNE, and before then I had similar issues which I bought Spyware Doctor to help protect me from.

The ONLY thing I'm running on this PC for protection is Spyware Doctor, I'm trying to figure out if there's something supplementary I should be running with it. Like... is Threat Fire built into Spyware Doctor or are they both separate programs that I can run? I'm worried that running without a Firewall might be part of my problem. Like... the reason MalwareBytes, Spyware Doctor, Avast, and everything else under the Sun isn't finding something is because there's actually nothing there because Spyware Doctor is properly blocking all of these bad sites from downloading malicious stuff. I'm just trying to figure out WHAT is the cause of my computer trying to connect to these sites.

EDIT: I also did a system restore just this weekend after noticing the issue and went back 2 weeks in time. So far 24 hours without a pop-up notification about my PC attempting to connect to a bad site. However, I also do not have ANY torrent software installed, trying to run without that for a few days to see if it's gone. My PC usually attempts to go to a bad site (when I have this issue) at least once or twice every 24 hours.

My problems kicked in last week only a few days (literally one or two) after installing uTorrent.

download pc tools internet security (i have it) run a custom scan click select scaners to scan with check all

download pc tools internet security (i have it) run a custom scan click select scaners to scan with check all

I'll give that a try.

Additionally, would Site Guard announce blocked sites/IPs of people you're receiving/uploading torrents to? Maybe that's what all the hooplah is about? 99% of the time the only thing It's blocking are straight up IP addresses, it's never a .com address.

Behaviour Guard is (ThreatFire) which is built into Spyware doctors Intelli-Guard feature. This is an additional addon however and has to be enabled on your license subscription (Smart updating will download this if it has been enabled).


I'll give that a try.

Additionally, would Site Guard announce blocked sites/IPs of people you're receiving/uploading torrents to? Maybe that's what all the hooplah is about? 99% of the time the only thing It's blocking are straight up IP addresses, it's never a .com address.

From what I know, Site Guard blocks www pages.

Instead of installing the Suite (which you'll need a license for), why don't you install the PCT Firewall, which is free - www.pctools.com/firewall/. There is alos a PCT Firewall beta version available in the FW forum. I would recommend running a Firewall since you don't have any running.

Instead of installing the Suite (which you'll need a license for), why don't you install the PCT Firewall, which is free - www.pctools.com/firewall/. There is alos a PCT Firewall beta version available in the FW forum. I would recommend running a Firewall since you don't have any running.

I've already paid for Spyware Doctor w/Anti-Virus. Apparently that doesn't let me have a firewall thing installed and/or it already acts as one?

Anyways, if anybody (staff) knows if Site Guard detects connected IPs (from a torrent) as "bad sites" it would explain a lot of my issues.

I've already paid for Spyware Doctor w/Anti-Virus. Apparently that doesn't let me have a firewall thing installed and/or it already acts as one?


SDAV does not act as a Firewall. The Firewall is free and something you need in addition to SD with Antivirus (its vital to have a Antispyware, Antivirus and Firewall). If you want to install the PCTFW, you will need to install the latest version of SD which was released on the 1st of September. If you already have SD version 6.1.0.447, run a smart update to download the latest files and then you can install the Firewall.

Anyways, if anybody (staff) knows if Site Guard detects connected IPs (from a torrent) as "bad sites" it would explain a lot of my issues.

SD's Site Guard will block a websites domain and blocks IP addresses. It does not mean that if SD blocks a website, it will block the corresponding IP to that website.

SD's Site Guard will block a websites domain and blocks IP addresses. It does not mean that if SD blocks a website, it will block the corresponding IP to that website.

I'm actually saying/theorizing...

I'm downloading a torrent... and let's say some crazy bad server/IP from Russia (that may or may not be host to a virus) is downloading that SAME torrent. Is it possible that the IP itself, just from another user I'm downloading and/or uploading bits of the torrent to... would that cause Site Guard to kick in and alert me about the IP and/or block it?

If that's not something that could/does occur... I'm still baffled about my issues with the bad site IPs and what's particularly causing them. I'm running a test environment on a clean laptop, to make sure it's not something I'm doing and/or some website I'm visiting.

EDIT: Firewall has been installed. I guess my program didn't do a scan for the new release on the 1st.

Sorry for the double post. My test environment totally fresh format Laptop is reporting bad sites. All I've done is install uTorrent and download two different torrents from two different sites that I normally do not torrent from.

It took maybe 24 hours or less but it reported two bad IPs as "storm trojan servers". Since no browser windows were open, and essentially the PC was 100% clean prior to torrenting, I can only assume that Site Guard also detects IPs that you are uploading files to.

When using uTorrent, you will connect to multiple torrent servers/seeders and from what I know, with torrent files and applications, it will be a direct connection going through a specific port. If an IP is bad, SD's Site Guard will block this connection.

When using uTorrent, you will connect to multiple torrent servers/seeders and from what I know, with torrent files and applications, it will be a direct connection going through a specific port. If an IP is bad, SD's Site Guard will block this connection.

Excellent. I think all my issues have finally been answered then. For a very long time I was convinced it was some CRAZY backdoor virus that NOTHING could detect that was trying to forward me to these nasty sites, etc.

It's good to know the percentages of it being the torrents and IPs themselves are high and that my PC isn't home to some uber-stealth virus, haha.

What's bad for me is I finally figured out a lot of my blocked bad sites were simply from torrenting, and I had JUST decided to start torrenting again (some fansubbed anime) and... BOOM trojan alerts. I was just like "Oh God, please why can't I just use my computer without it being a spawning ground for viruses." Thankfully it's a false positive we're dealing with or I'd just give up on using the Internet by now.

My paid Spyware Doctor keeps disabling Intelliguard on Start Up of my PC. I'm on Windows 7.

Additionally it also refuses to complete a full scan (unless I've logged onto my PC in Safe Mode).

Any ideas on Intelliguard?

My paid Spyware Doctor keeps disabling Intelliguard on Start Up of my PC. I'm on Windows 7.

Additionally it also refuses to complete a full scan (unless I've logged onto my PC in Safe Mode).

Any ideas on Intelliguard?

Do you have any other security software installed? It sounds like the service may not be starting due to some sort of conflict.

Only Norton Internet Security...

You might want to check for hidden deveice drivers.

http://www.pctools.com/forum/showthread.php?t=64229