Official eMule-Board: Phantom Downloads - Official eMule-Board

Jump to content


Page 1 of 1

Phantom Downloads

#1 User is offline   engjs 

  • Newbie
  • Pip
  • Group: Members
  • Posts: 2
  • Joined: 15-May 14

Posted 15 May 2014 - 01:46 AM

I've had a NOTICE OF COPYRIGHT INFRINGEMENT which I take to mean that a file has been downloaded from my PC through eMule.

Evidentiary Information:
Protocol: eDonkey
Infringed Work: Hot in Cleveland_S4_E419_Corpse Bride
Infringing FileName: Póquer de Reinas (Hot in Cleveland) 4x21 El novio cadáver [HDRip+DVB][Spanish-English][saave][ShareRip-GrupoTS].avi
Infringing FileSize: 360 MB
Infringer's IP Address: [removed]
Infringer's Port: 12968
Infringer’s User Name: [removed]
URL: ed2k://|file|

I've never downloaded the file, nor had it on my system, but the IP Address matches my system and it is unique to my system. The only file copying software I have is eMule. The port address matches. It looks like someone has hijacked my eMule installation to download a file, and I am copping the blame for it.

Can anyone explain what has happened?

Thanks in advance.

Jim

This post has been edited by Some Support: 15 May 2014 - 08:05 AM

0

#2 User is offline   sircid 

  • Newbie
  • Pip
  • Group: Members
  • Posts: 3
  • Joined: 04-November 04

Posted 23 May 2014 - 04:59 AM

View Postengjs, on 15 May 2014 - 01:46 AM, said:

I've had a NOTICE OF COPYRIGHT INFRINGEMENT which I take to mean that a file has been downloaded from my PC through eMule.

Evidentiary Information:
Protocol: eDonkey
Infringed Work: Hot in Cleveland_S4_E419_Corpse Bride
Infringing FileName: Póquer de Reinas (Hot in Cleveland) 4x21 El novio cadáver [HDRip+DVB][Spanish-English][saave][ShareRip-GrupoTS].avi
Infringing FileSize: 360 MB
Infringer's IP Address: [removed]
Infringer's Port: 12968
Infringer’s User Name: [removed]
URL: ed2k://|file|

I've never downloaded the file, nor had it on my system, but the IP Address matches my system and it is unique to my system. The only file copying software I have is eMule. The port address matches. It looks like someone has hijacked my eMule installation to download a file, and I am copping the blame for it.

Can anyone explain what has happened?

Thanks in advance.

Jim


maybe your neighbors are connecting to your wifi?
0

#3 User is offline   coluche 

  • hm ?
  • PipPipPipPipPipPipPip
  • Group: Members
  • Posts: 2274
  • Joined: 02-May 05

Posted 23 May 2014 - 12:46 PM

View Postsircid, on 23 May 2014 - 05:59 AM, said:

maybe your neighbors are connecting to your wifi?


I am no expert, but I think then the port address should not match ?

Maybe engis does have the file, but under a different name.
You know, downloading stuff and then not (immediately) checking it; thinking it is something this, but in fact it is "Hot in Cleveland", and the file maybe still being shared under its faulty name.
Happened to me, too.

engis, you could do a kademlia search for some relevant searchterms and see if among the results, the incriminated file turns up in red or green (= downloaded, downloading, shared or download canceled).
search result colours explained (at the bottom)

Next would be trying to download that file (again) : maybe eMule will not let engis do that and in the log display a message along the lines of : "You already have the file whatever.local.filename.you.have.for.this.file.***".
Then at least you know under what name it hides on your PC.

good luck!

This post has been edited by coluche: 23 May 2014 - 12:49 PM

It's Screamin' Jay Hawkins and he's a Wild Man, so bug off!
0

#4 User is offline   Zimouille 

  • Member
  • PipPip
  • Group: Members
  • Posts: 41
  • Joined: 07-March 14

Posted 23 May 2014 - 08:15 PM

IP Address matches my system and it is unique to my system. The only file copying software I have is eMule. The port address matches. It looks like someone has hijacked my eMule installation to download a file, and I am copping the blame for it.


---
Using emule with a static IP?

Check for backdoors using online tools. Your resident Antivirus/Firewall may have been corrupted and cannot recognize them.

- Change your WIFI password (and windows password)
- Check logs/registered users on your router
- Change Emule unique TCP/UDP ports and delete previous open ports from your router.

Was the file on your computer? Can you post the hash of this file?

This post has been edited by Zimouille: 23 May 2014 - 08:27 PM

0

#5 User is offline   engjs 

  • Newbie
  • Pip
  • Group: Members
  • Posts: 2
  • Joined: 15-May 14

Posted 01 June 2014 - 09:22 AM

Thanks everyone for your responses. I've had two of these warnings now, both for files I've never heard of, and as a result I've turned off the software and closed the ports. After the first warning I removed all shared files from my system so that there were no files being shared at all, so it is not possible that the software could be confusing one file for another. Further, the port number I am using is not the standard port, and my firewall directs access to that port to my personal machine, so it couldn't be another machine on the internal network. I suspect that I have some sort of trojan that is causing emule to relay requests to some other site. Is this possible, and if so where can I find some information about it?

Thanks.

Jim
0
  • Member Options

Page 1 of 1

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users