Botnet:Blacklist Avast Virus

Botnet Blacklist is the detection result brought by Avast AV engine when users attempt to connect to torrent sites

Botnet Blacklist, a.k.a. re:botnet:blacklist or botnet:blacklist, is a malware detection name delivered by Avast anti-virus solution. At the moment it’s not yet clear whether the detection is genuine and relates to a malicious file used to hijack PC and connect it to a botnet, so users should be cautious and take precautionary measures to protect their machines.

However, people have started reporting the Botnet Blacklist Avast virus on July 1st on Reddit^[1] forum indicating that the AV engine detected malicious behavior when trying to connect uTorrent, BitTorrent, QBittorent, and other torrent sites. Based on people’s reports, they have been using these torrent sites for years and no problems have been registered up till now. Note that Avast (like most reputable AV tools) release software updates twice a week. Therefore, the botnet:blacklist detection may be a false positive due to the recent changes in virus definitions or Behavior Shield, Web Shield, or Network Shield^[2] improvements. 

Nevertheless, the Botnet Blacklist virus name can also indicate that the security program encountered malicious behavior and blocked a threat. The Avast popup may be triggered by BCMUPnP_Hunter botnet, Mirai, Torii, VPNFilter, and other botnets or related malicious files. 

The issue with supposed Avast false positives has emerged at the beginning of July 2020. People started reported intrusive pop-up alters every few minutes when they attempt to establish TOR connections to qBittorrent and torrent sites. One of the Avast users states on Reddit:

AVG popup repeatedly pops up with a warning that threat has been secured and connection aborted to a udp url claiming infection with Botnet:Blacklist. The process is to Library app (exe). I have had this app for over two months and today was the first time AVG Web Shield considers it a threat.  What can I do to prevent this popup? 

Suchlike reports appeared en masses, so it’s very likely that the culprit of the botnet:blacklist virus detection is on the Avast’s end. The latest changes on the Avast Web Shield might be encountering some inconsistencies and, therefore, some sites may be falsely recognized as being connected to a botnet. 

Usually, the false positive detections can be bypassed by adding the file, program, or website to the list of exceptions or whitelists. However, the Botnet Blacklist Avast virus detection cannot be disabled this way. Avast blocks the connection from UDP or TCP address in relation to the supposedly malicious qbittorrent.exe file. The problem is that the UDP and TCP IP addresses keep changing, so whitelisting all of them is impossible. 

According to the users’ reports, including the qBittorrent to the exceptions list does not solve the problem either, so it may seem like a problem without a solution. Experts from Dievire.de^[3] recommend people who are facing this issue to disable Avast temporarily and employ alternative security software until Avast fixes the bug. Besides, notify the company about a possible false-positive botnet:blacklist virus detection on the “Report a suspected false positive” site.

Avast has an official website where suspected false positive detections can be reported

Avast has an official website where suspected false positive detections can be reported

Botnet:blacklist virus detection can mean a targeted malware attack

Every anti-virus program has its pros and cons, though false-positive detections are a common problem for all of them, which occurs after some virus definition updates. Therefore, irritating Avast popups is not something exceptional. However, popup warnings about the Botnet Blacklist Avast virus should not be ignored. 

There are many examples when botnets^[4] were targeting PCs via torrent sites. Infecting and spreading pirated software via sites like uTorrent, BitTorrent, QBittorent, and others is a rather easy task that ultimately allows cybercriminals to build a network of Internet-connected devices and perform crimes like DDoS attacks. 

Typically, attackers infect a file (in this case Avast indicates an infected qbittorrent.exe file), which once opened, can download other malicious entries and take control over the PC. Therefore, if you’ve been warned about a virus detection or malicious behavior by the AV tool, try to remove Botnet Blacklist virus or related files in the first place. For that, run a full system scan with the AV program and remove all entries that it indicates as malicious. 

Botnet Blacklist Avast virus may be a false positive detection. However, while it hasn’t been approved as such, precautionary measures have to be taken to protect the machine

Botnet Blacklist Avast virus may be a false positive detection. However, while it hasn’t been approved as such, precautionary measures have to be taken to protect the machine

If Botnet Blacklist removal is not possible because the software does not recognize related files, we recommend downloading an alternative security tool and double-checking the system with it. If no malware is detected, then most probably the alarm was false. In this case, check your machine with Reimage Reimage Cleaner Intego utility to check if the system is not encountering any software crashes.

Botnet:Blacklist virus presence on the machine would be accompanied by additional symptoms, such as:

• slow machine’s performance;
• unusual CPU consumption leaps;
• questionable processes running in the background;
• new programs installed without your consent;
• settings changed on a web browser, random sites open, etc.

In this case, it’s advisable to run a full system scan and immediately remove Botnet Blacklist virus from the machine. For that, you can try any professional security software.

Avoid pirated software to protect the machine from malware

You should not consider every detection brought by AV tools false positive. Most of the applications detected by security software are really questionable and, even more, dangerous. If you consider the software to be malfunctioning, you can always download its latest updates and repair its work. Only a fully functional antivirus program can ensure PC’s protection. 

Unfortunately, if you are a devoted user of torrenting services and pirated software is welcomed on your machine, there’s always a risk of downloading a malware-infected piece of software, which may bypass security software and hack your machine for various purposes. Therefore, before downloading anything from the Internet for free, check the comments about it, read info about the people who share files, and scan the downloaded file before opening it. 

Botnet Blacklist virus typically detected by Avast when trying to connect to the torrent sites

Botnet Blacklist virus typically detected by Avast when trying to connect to the torrent sites

Update Avast to remove Botnet Blacklist virus and eliminate other malware

Botnet:Blacklist Avast virus detection is one of the controversial scan results, which may indicate software inconsistencies or malicious behavior on the machine. The warning is likely to be real if the pop-up is not the only symptom. In this case, a full system scan with a proper tool is a must. 

If your machine is infected by a Botnet:Blacklist malware, robust anti-malware programs like SpyHunter 5Combo Cleaner or Malwarebytes would help. Restart the machine into Safe Mode to disable dangerous processes, download a preferable security program, and run a scan with it. 

If, after all, it turns out that the Botnet Blacklist Avast is a non-existent virus, the temporarily switch to another AV tool and report the software developer about the issue. The false-positive should be gone with the latest definition update.