Jump to content

Warning: EpicScale "riskware" installed with latest uTorrent

Groundrunner

By Groundrunner
in General

Recommended Posts

  • Replies 138
  • Created
  • Last Reply
Optical eye Newbie

Optical eye

Posted
Posted

Are you guys who are complaining about "slient installs" properly declining everything that is unnecessary???  I have uTorrent installed (Windows 7 OS) and up-to-date and I just checked for EpicScale.  It is NOT installed on my computer and never has been! You have to read every screen very carefully and make sure you decline everything extra.  If i recall, some screens during the installation process make it appear that you cannot proceed without "accepting," but that is not true.  Just decline everything.  The worst that can happen is you goof and decline uTorrent's terms or something and then it won't proceed until you accept.  Am I correct?

Yes you "genius"!

 

P.S. Your name is similar to a fake considering your date of registration.

Link to comment
Share on other sites
Steve0001 Newbie

Steve0001

Posted
Posted

Yes you "genius"!

 

P.S. Your name is similar to a fake considering your date of registration.

So I am a fake because I just happened to come here looking for information and saw something of interest?  So I am a fake because I wanted to comment and had to join today in order to do so?  Whether I am a genius or not has no bearing on the conversation. I did not claim to have all the answers. but I suspect I might be doing something right during the install if my uTorrent client is uptodate and I don't have EpicScale installed.

Link to comment
Share on other sites
randomDude Newbie

randomDude

Posted
Posted

2 days ago I was able to reproduce the issue, but now I am not.

Here's a possible explanation:

- when you open uTorrent installer it does an HTTP call to update.utorrent.com that looks like this: GET /installoffer.php?h=random&v=random&w=random&l=en&c=US&w64=1&db=chrome.exe%22&cl=uTorrent&tsub=1&svp=4 HTTP/1.1  (i've replaced some stuff that looked random with "random" since it could be personally identifiable data)

- the HTTP GET call responds with something like:

 
379d16:secondary_offersl2:oce2:oci1e3:adki1e16:content_offer_id10:FiveKnives17:content_offer_img26:FiveKnives_InstallPath.bmp17:content_offer_url113:http://apps.bittorrent.com/featuredcontent/featuredcontent.btapp?offer=http://bundles.bittorrent.com/inclient/yes21:content_offer_alttext34:Five Knives BundleDownload Now22:content_offer_checkbox41:Yes, I'd love to check out this download!21:content_offer_checkedi1e22:content_offer_autoexeci0e19:content_offer_title32:Check out our new Bundle Release22:content_offer_subtitle34:Special Offer for BitTorrent Users20:content_offer_footer248:By clicking "Next" and installing this torrent bundle, you agree to the BitTorrent, Inc. <a href="https://bundles.bittorrent.com/btfaq#terms-of-services">Terms of Service</a> and <a href="http://www.bittorrent.com/legal/privacy">Privacy Policy</a>.13:toolbar_counti0e4:ctid0:2:tsi1425688963e1:c2:roe

As you can see, the response contains information about what to display to the user, and also it encodes the information for the UI that will be displayed to the user. 

 

Now let's think about the following scenario:

- one of uTorrent's server is not sending a proper UI encoding to the user. The UI validation function fails, but the first part of the payload is valid and the installer knows what to install, but it can't figure how to display the UI. The installer could in theory not display the UI and go ahead with the setup.

 

I'm not saying that this is the case, but looking at the traffic exchange between my computer and uTorrent's servers it may be possible.

The situation is not reproducible because:

- uTorrent changed EpicScale with FiveKnives in my case

- the second part of the message looks allright.

 

If I were in charge at uTorrent I would look for malfunctioning servers and recent backend deploys.

 

My 2c.

 

Enjoy!

Link to comment
Share on other sites
WarningU2 Newbie

WarningU2

Posted
Posted

I'm a premium user of uTorrent (silly me I paid for it) because I got sick of the ads ... I just declined my upgrade because all the torrent sites I deal with are banning this version.  There is a huge backlash right now.  Whatever the reason your reputation is toast now.   Looks like I have purchased a lemon.   Bye uTorrent

Link to comment
Share on other sites
randomDude Newbie

randomDude

Posted
Posted

Or.....look at the content_offer_autoexec field in the second line:

379d16:secondary_offersl2:oce2:oci1e3:adki1e16:content_offer_id10:FiveKnives17:content_offer_img26:FiveKnives_InstallPath.bmp17:content_offer_url113:http://apps.bittorrent.com/featuredcontent/featuredcontent.btapp?offer=http://bundles.bittorrent.com/inclient/yes21:content_offer_alttext34:Five Knives BundleDownload Now22:content_offer_checkbox41:Yes, I'd love to check out this download!21:content_offer_checkedi1e22:content_offer_autoexeci0e19:content_offer_title32:Check out our new Bundle Release22:content_offer_subtitle34:Special Offer for BitTorrent Users20:content_offer_footer248:By clicking "Next" and installing this torrent bundle, you agree to the BitTorrent, Inc. <a href="https://bundles.bittorrent.com/btfaq#terms-of-services">Terms of Service</a> and <a href="http://www.bittorrent.com/legal/privacy">Privacy Policy</a>.13:toolbar_counti0e4:ctid0:2:tsi1425688963e1:c2:roe

could it be that they have coded the possbility of autoexecuting the installer ... and then they have used that field to autoinstall the malware without the user intervention ?

Link to comment
Share on other sites
txapollo243 Newbie

txapollo243

Posted
Posted

I have version 3.4.2 (build 38913) installed for quite some time now. Neither EpicScale nor any other bundle was installed for me. The only annoying thing is the banner ad, which I do not see 99% of the time I use the program since it does its job minimized in the tray.

Link to comment
Share on other sites
epirate Member

epirate

Posted
Posted

I'm setting up a test bench to see if anyone is being dishonest. Screencast in 1 hour.

 

Alright so I tried installing the latest utorrent on a 32-bit version of Windows 7. The only three peices of malware offered were something called Five Knives Bundle, Spigot Search Protection, and Skype. I agreed to all but I didn't get Epic Scale.

 

I'm setting up a beefy 64-bit Windows 8.1 machine, just the sort of thing that can do some serious mining. I'm also going to use a slightly outdated version of utorrent to see if Epic Scale comes with an update.

Link to comment
Share on other sites
vahnx Member

vahnx

Posted
Posted

I stopped using uTorrent the minute they started serving ads, not surprised they went even further. I've been using qBittorrent ever since and it's a great client. Uses the clean, no-nonsense interface of the good old uTorrent.

 

Any major different between Deluge and qBittorrent? I think I now have to switch off of uTorrent even though I've been using it for what seems like a decade.

Link to comment
Share on other sites
vahnx Member

vahnx

Posted
Posted

http://blog.utorrent.com/2015/03/06/regarding-partner-offers/ 

 

"We can confirm that the Epic Scale partnership is, per our policy, an optional install presented to users during the install of µtorrent."

 

Is there any truth to this? I know uTorrent is notorious for tricking users to installing software. Is everyone 100% sure they opted out/checked the right boxes?

Link to comment
Share on other sites
epirate Member

epirate

Posted
Posted

http://blog.utorrent.com/2015/03/06/regarding-partner-offers/ 

 

"We can confirm that the Epic Scale partnership is, per our policy, an optional install presented to users during the install of µtorrent."

 

Is there any truth to this? I know uTorrent is notorious for tricking users to installing software. Is everyone 100% sure they opted out/checked the right boxes?

 

I don't think so. I tried it and there was no offer for Epic Scale. I didn't see it installed afterward either.

Link to comment
Share on other sites
jadu123 Newbie

jadu123

Posted
Posted

What are you talking about? I have the latest version of Utorrent and there is no EpicScale bullshit installed silently on my computer. Are you sure you didn't fall for the trick questions when they ask you if you agree to different installations?

Link to comment
Share on other sites
Goobers Newbie

Goobers

Posted
Posted

I just built a brand spanking new computer (with old hard drives)... and one of the few things I installed was... you guessed it, utorrent.

 

Long story short... EpicScale is NOT running in the background... BUT, it was indeed installed (check for C:\ProgramData\EpicScale folder).

 

Don't know what the deal is there in my system (did it get disabled?)... but I just deleted the folder and am considering utorrent alternatives (let's face it, those ads in the free version are seriously annoying).

Link to comment
Share on other sites
warezwally Newbie

warezwally

Posted
Posted
    jadu123, on 07 Mar 2015 - 3:46 PM, said:

    What are you talking about? I have the latest version of Utorrent and there is no EpicScale bullshit installed silently on my computer. Are you sure you didn't fall for the trick questions when they ask you if you agree to different installations?

 

I think the same thing, after probing this issue all day I have come the the conclusion it is either (most likely)

[A] user error...

OR (highly unlikely IMHO)

Someone pointed out earlier in this thread that these 'offers' appear to be fetched and originate from the internet from a utorrent server (NOT actually bundled into the installer itself??.. Well at least this is how I understand it works and I could be wrong), but now due to this accusation I think it's a possibility that an incorrectly configured 'offer' which originated server side (IMO) could potentially have silently installed due to mis-configuration and now after this issue was raised on the forums, said problem has been promptly fixed from bittorrents end, and we get denial that there was ever a 'silent install'. After all even if it were the truth I think its possible that bittorrent Inc. Could be liable and might even expect lawsuits if they did actually accept responsibility for this 'silent install', even if it were a genuine mistake... (I could be wrong about all this but this is the only thing I can think)

This [option b]  seems a bit of a long stretch for my to believe though, since using utorrent from 5+years ago I have always been highly aware of these 'offers' during installation and the fact they always (VERY SLYLY IMO) always have at least one offer that almost looks identical to a TOS agreement with an "accept and decline" button (where most users would be quite easily tricked into thinking hitting accept is the only option forward, and that hitting decline would terminate installation, which I am positive is utorrent/bittorent inc.s whole agenda using these covert cunningly crafted 'offers')...

Now back to the facts. I have utorrent 3.4.2 installed and I certainly don't have this miner on my system, neither do others I know that are vigilant about the install process. After reading page after page on this today I have found the following "proof" that there is at least an accept/decline button for this offer as it is NOW (not saying it wasn't different before but I think its highly unlikely)

http://www.trustedreviews.com/opinions/epic-scale-and-utorrent-bitcoin-mining-riskware-investigated

Check out the 9th picture......

http://static.trustedreviews.com/94/00003174e/3639_orh616w616/Screenshot-9-.jpg

This PROVES at leas that THIS PERSON got the offer, it also shows this is one of those "SLY" installers trying to trick users into accepting.. I believe this is user error and from the many websites I have read (NONE of which can definitively prove that utorrent actually did this, nor any users here have shown any proof of this 'fact' they are telling us) this seems to be the most likely case...

Until someone can actually prove that it has done silent installs on peoples systems this is just a huge he said she said situation with these unhappy users denying all responsibility for accepting the offer (even if IM sure they don't remember every offer screen they were presented, and I know how most people haphazardly mash the mouse to get through those install screens) and utorrent will of course (without any actual proof from the accusers) denying responsibility, which is exactly what you would expect if this were just stupid users that don't know how to click on 'decline'...

Now on a side note, I am sick of uTorrent and I am now going to be changing torrent clients.. NOT because I believe at all that these 'silent install' actually occurred (until proof shows otherwise I believe 100% this was user error), BUT I am changing torrent clients because of the adds (which I still managed to disable anyway) because of the bundles I've always despised (which I have never accepted) and because I see this program has gone way downhill from its roots. The adds and bundles almost made me change a few times before now, but having read all day about the utorrent alternatives I now have no reason to continue using it and have good reason to actually stop using it, having to watch over my shoulder for 'secretive' browser toolbars being installed, making sure to hit the right button otherwise things I don't want on my PC are installed is just sly and until now I put up with it but this is basically the end of the road with utorrent for me..

Goodbye guys thanks for the great program for free all these years, I hope one day you may find the trail that leads back to your roots.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...