Jump to content

Archived

This topic is now archived and is closed to further replies.

ru549

Win32/uTorrent.C

Recommended Posts

Came home and saw that eset had caught Bitttorrent.exe with this.  I told it to quarantine it which it did judging by the quarantine log.  I dont use bittorrent.  It also said it was installed today, which I clearly didnt do.

Also in Add/Remove programs there is an entry for Bittorrent with a blank icon, an install date of today, and the modify and remove buttons are both greyed out.

Looking in the registry I do not see an entry for Bittorrent HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall.

I cant find any information on what this variant does nor know if it was actually stopped and/or removed.

I am running a full scan now, but what should my next steps be?

Share this post


Link to post
Share on other sites

Poking around some more, I tried to download the latest client right from bitttorrent to see if I could install and uninstall it.  When it went to download eset caught it with the same uTorrent.C signature.  It said it was just reported 5 days ago so maybe this is a false positive or it be categorized newly?

I dont know why add remove programs shows it as installed today though.  Maybe I had it installed at one point and an updated just kicked in but the version it showed in add remove programs is from 2017.

Share this post


Link to post
Share on other sites

If ESET detected the utorrent executable, it should be logged in the Detection log. Do you have such record in your log?

Share this post


Link to post
Share on other sites
7 hours ago, ru549 said:

Poking around some more, I tried to download the latest client right from bitttorrent to see if I could install and uninstall it.  When it went to download eset caught it with the same uTorrent.C signature.  It said it was just reported 5 days ago so maybe this is a false positive or it be categorized newly?

I dont know why add remove programs shows it as installed today though.  Maybe I had it installed at one point and an updated just kicked in but the version it showed in add remove programs is from 2017.

It's flagged as possibly unwanted application if you have this option enabled , just remove the client if it's still in your PC and replace it with Deluge and/or qBitTorrent , they are both safe and open source.

Share this post


Link to post
Share on other sites
11 hours ago, ru549 said:

Came home and saw that eset had caught Bitttorrent.exe with this.  I told it to quarantine it which it did judging by the quarantine log.  I dont use bittorrent.  It also said it was installed today, which I clearly didnt do.

Also in Add/Remove programs there is an entry for Bittorrent with a blank icon, an install date of today, and the modify and remove buttons are both greyed out.

Looking in the registry I do not see an entry for Bittorrent HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall.

I cant find any information on what this variant does nor know if it was actually stopped and/or removed.

I am running a full scan now, but what should my next steps be?

Did you install anything else as sometimes installers for programs come with extras that are often selected by default 

Share this post


Link to post
Share on other sites

My best guess is Bittorrent was embedded in some other software you recently installed. It was hidden in such a way that Eset could not detect in the software installer. I suspect that whatever created Bittorrent, set it to run via one of the Win startup methods. Those methods may still exist but are in effect, neutered since the  Bittorrent executable has been removed.

Did you recently install any downloaded app software?

Share this post


Link to post
Share on other sites
12 hours ago, ru549 said:

Looking in the registry I do not see an entry for Bittorrent HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall.

This registry key only contains entries for software that have legit uninstaller software. As you have already discovered, such is not the case for the Bittorrent software present on your device.

Share this post


Link to post
Share on other sites
14 hours ago, negord said:

1/26/2020 6:15:32 AM    Real-time file system protection    file    D:\Program Files\utorrent\utorrent.exe    a variant of Win32/uTorrent.C potentially unwanted application    unable to clean    PC\joe    Event occurred during an attempt to run the file by the application: C:\Windows\explorer.exe (4583DAF9442880204730FB2C8A060430640494B1).    9498B9D7AF58FC8E24E568587A70EE2EFBA9D2BF    1/24/2020 3:33:39 PM

Looks like you're going to have to remove utorrent manually. Here's one way to do so: https://windowsreport.com/uninstall-utorrent/

Share this post


Link to post
Share on other sites

So this is new and very annoying, I used the app for past 7 years, and now eset suddenly began detecting it. In the nutshell, the app is clean and it was clean since I installed it on "‎Thursday, ‎May ‎02, ‎2013, ‏‎9:22:46 PM" and I know its OK. Now, I can't even exclude it from the scanning part and or process list, seems like the exclude rules do not apply. I will need support to assist me with this one, 

Share this post


Link to post
Share on other sites

uTorrent PUA detection is not new, the first variant was added in July 2018. Is there any problem the PUA from detection and possibly also add utorrent.exe to performance exclusions?

Potentially unwanted applications are not malware. The detection is optional and particular PUAs can be excluded from detection if the user thinks that benefits of using the PUA outweigh possible risks.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...