Browser Hijack opens torrent process?

max_spam · May 21, 2014, 3:01am

Lately my net connection became slow and showed some weird behaviour.

I did a

lsof -I

and It showed me an open Ktorrent process.

Also access from Chromium to amazonaws and some other unknown pages.

I deleted the chromium folder under .config and restarted the computer and the Ktorrent process does not reappear so far.

lsof -i

also made me aware of the Firefox plug in that turned bad (show IP)

How can chromium get hijacked to start a torrent process?

hendersj · May 21, 2014, 3:31am

On Wed, 21 May 2014 01:06:01 +0000, max spam wrote:

> How can chromium get hijacked to start a torrent process?

It’s probably not that it was “hijacked” but rather that the default
action when clicking a torrent file was to use ktorrent as the default
application for .torrent files.

If you shared some information about your system - like the version of
openSUSE you’re using and the desktop environment you’re using, someone
might be able to point you in the right direction to see what the default
application is for those files.

Jim

Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

tsu2 · May 21, 2014, 7:54pm

Although it’s more likely that what @hendersj described is what happened, it’s not outside the realm of possibility that some kind of adware or other malformed code might have invoked a ktorrent process.

The only diff is that @hendersj described a voluntary, manual process whereas depending on your browser and system permissions, you may be allowing such a process to run without notification. If you define “hijacked” as something that is happening without your knowledge or notification, maybe you should re-inspect permissions (and whatever is being downloaded).

TSU

max_spam · May 22, 2014, 10:57am

OpenSUSE 13.1, 64

I did not start any torrent process in Chromium. I use firefox DTA to download.

only 6 pages opened.
gmail, gdrive, gdocs, homepage, web3.qq.com, and google

Only addon ADP.

There was also a connection to amazonaws opened by chomium

My internet connection was terrible slow for a quite long.

After deleting .config/chromium folder, the torrent process did not reappear and my internet connection ist quite fast again, so I would see it as a hijack

hendersj · May 28, 2014, 6:55pm

On Thu, 22 May 2014 09:06:01 +0000, max spam wrote:

> After deleting .config/chromium folder, the torrent process did not
> reappear and my internet connection ist quite fast again, so I would see
> it as a hijack

Glad you solved the issue, perhaps a plugin was doing something you
didn’t expect.

Jim

–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C