ru549 1 Posted January 24, 2020 Posted January 24, 2020 Came home and saw that eset had caught Bitttorrent.exe with this. I told it to quarantine it which it did judging by the quarantine log. I dont use bittorrent. It also said it was installed today, which I clearly didnt do. Also in Add/Remove programs there is an entry for Bittorrent with a blank icon, an install date of today, and the modify and remove buttons are both greyed out. Looking in the registry I do not see an entry for Bittorrent HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall. I cant find any information on what this variant does nor know if it was actually stopped and/or removed. I am running a full scan now, but what should my next steps be? علی توکلیان آنرا ویروس 1
ru549 1 Posted January 24, 2020 Author Posted January 24, 2020 Poking around some more, I tried to download the latest client right from bitttorrent to see if I could install and uninstall it. When it went to download eset caught it with the same uTorrent.C signature. It said it was just reported 5 days ago so maybe this is a false positive or it be categorized newly? I dont know why add remove programs shows it as installed today though. Maybe I had it installed at one point and an updated just kicked in but the version it showed in add remove programs is from 2017.
Administrators Marcos 5,466 Posted January 24, 2020 Administrators Posted January 24, 2020 If ESET detected the utorrent executable, it should be logged in the Detection log. Do you have such record in your log?
Most Valued Members Nightowl 206 Posted January 24, 2020 Most Valued Members Posted January 24, 2020 7 hours ago, ru549 said: Poking around some more, I tried to download the latest client right from bitttorrent to see if I could install and uninstall it. When it went to download eset caught it with the same uTorrent.C signature. It said it was just reported 5 days ago so maybe this is a false positive or it be categorized newly? I dont know why add remove programs shows it as installed today though. Maybe I had it installed at one point and an updated just kicked in but the version it showed in add remove programs is from 2017. It's flagged as possibly unwanted application if you have this option enabled , just remove the client if it's still in your PC and replace it with Deluge and/or qBitTorrent , they are both safe and open source.
Most Valued Members peteyt 396 Posted January 24, 2020 Most Valued Members Posted January 24, 2020 11 hours ago, ru549 said: Came home and saw that eset had caught Bitttorrent.exe with this. I told it to quarantine it which it did judging by the quarantine log. I dont use bittorrent. It also said it was installed today, which I clearly didnt do. Also in Add/Remove programs there is an entry for Bittorrent with a blank icon, an install date of today, and the modify and remove buttons are both greyed out. Looking in the registry I do not see an entry for Bittorrent HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall. I cant find any information on what this variant does nor know if it was actually stopped and/or removed. I am running a full scan now, but what should my next steps be? Did you install anything else as sometimes installers for programs come with extras that are often selected by default
itman 1,807 Posted January 24, 2020 Posted January 24, 2020 (edited) My best guess is Bittorrent was embedded in some other software you recently installed. It was hidden in such a way that Eset could not detect in the software installer. I suspect that whatever created Bittorrent, set it to run via one of the Win startup methods. Those methods may still exist but are in effect, neutered since the Bittorrent executable has been removed. Did you recently install any downloaded app software? Edited January 24, 2020 by itman
itman 1,807 Posted January 24, 2020 Posted January 24, 2020 12 hours ago, ru549 said: Looking in the registry I do not see an entry for Bittorrent HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall. This registry key only contains entries for software that have legit uninstaller software. As you have already discovered, such is not the case for the Bittorrent software present on your device.
itman 1,807 Posted January 26, 2020 Posted January 26, 2020 14 hours ago, negord said: 1/26/2020 6:15:32 AM Real-time file system protection file D:\Program Files\utorrent\utorrent.exe a variant of Win32/uTorrent.C potentially unwanted application unable to clean PC\joe Event occurred during an attempt to run the file by the application: C:\Windows\explorer.exe (4583DAF9442880204730FB2C8A060430640494B1). 9498B9D7AF58FC8E24E568587A70EE2EFBA9D2BF 1/24/2020 3:33:39 PM Looks like you're going to have to remove utorrent manually. Here's one way to do so: https://windowsreport.com/uninstall-utorrent/
Banzai 0 Posted February 1, 2020 Posted February 1, 2020 So this is new and very annoying, I used the app for past 7 years, and now eset suddenly began detecting it. In the nutshell, the app is clean and it was clean since I installed it on "Thursday, May 02, 2013, 9:22:46 PM" and I know its OK. Now, I can't even exclude it from the scanning part and or process list, seems like the exclude rules do not apply. I will need support to assist me with this one,
Administrators Marcos 5,466 Posted February 1, 2020 Administrators Posted February 1, 2020 uTorrent PUA detection is not new, the first variant was added in July 2018. Is there any problem the PUA from detection and possibly also add utorrent.exe to performance exclusions? Potentially unwanted applications are not malware. The detection is optional and particular PUAs can be excluded from detection if the user thinks that benefits of using the PUA outweigh possible risks. Aryeh Goretsky 1
Recommended Posts