Llandier Posted February 8, 2007 Report Share Posted February 8, 2007 I had just un-installed my Anti-virus and it required a restart of the computer, so when windows reloaded i checked the task manager to make sure that all the AV stuff was gone, and while checking i noticed that uTorrent appeared to be running, even tho i went no where near the program to start it. What made me really suspicious was that instead of uTorrent.exe being assigned to my user name, it was assigned as a SYSTEM service. I killed the service from task manager and within 5 seconds it had re-appeared. So i did a search through my registry to see if i could spot a misplaced entry for uTorrent and i found three, they were located in -HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Microsoft Corporation HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Microsoft CorporationHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Microsoft Corporationand they all had a string value of "C:\Windows\utorrent.exe"I checked my windows folder but there was no utorrent file there, even after i turned on hidden files.In the end, i backed up my registry before i deleted the string value in each of the locations, and that stopped the utorrent service from appearing in the task manager.Im not sure if this was a virus? Any idea's ? Link to comment Share on other sites More sharing options...
Firon Posted February 8, 2007 Report Share Posted February 8, 2007 µTorrent does not run as a service, nor does it run as SYSTEM. That sure seems like a virus.You should try Rootkit revealer or something to find that file, then submit it to Sophos or something for analysis. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.