Archived

This topic is now archived and is closed to further replies.

Arlyn

Found Trojan

Recommended Posts

Hi, Everyone.

I love uTorrent - for this past week, however, I've been getting a Trojan placed on my computer in the uTorrent file. Is anyone else having this problem?

Share this post


Link to post
Share on other sites

uTorrent doesn't have trojans. That's not to say you didn't get it from something you ran after you downloaded. What AntiVirus software are you running? What removal programs have you run to get rid of it? I'd recommend prevx.com and RootKit Revealer from sysinternals.com

Share this post


Link to post
Share on other sites

Thank you for responding. I'm certain it's from running uTorrent. Every time I open uTorrent, I get a trojan. I never get a trojan running anything else and I run my McAfee AntiVirus program each time I run any program. The trojan embeds itself directly within my uTorrent file.

I'm grateful for your AntiVirus recommendations and will check out both sites in your note. I've got my fingers crossed. :D

Share this post


Link to post
Share on other sites

Here's the trojan information from prevx.com:

Characteristics

Category: Trojan

Also known as: Win32.ExplorerHijack [CounterSpy], Trojan-Downloader.NSIS.Agent.ac [Kaspersky], Trj/Downloader.OZE [Panda], DLoader.CLIF [NORMAN]

Share this post


Link to post
Share on other sites

I don't know about "again" - this is new for me and I've been using uTorrent for a long time. It has only happened since the upgrade to version 1.7.7 this past week.

Oh, well . . . thanks anyway.

Share this post


Link to post
Share on other sites

yea, if your "package" came as a RAR or SFX rar, then it definitely isn't official :/ The official client starting with 1.7 has an installer built in. IIRC 1.6 used NSIS (which caused the installer to be ~ 600 KB) This is actually discussed in uT sizes ;)

Share this post


Link to post
Share on other sites

Hmmm. It didn't come as an RAR or SFX. The only place I could have downloaded it (other than at the official uTorrent web-site) would have been at File Hippo. It was so long ago when I downloaded the original program, that I just can't remember which location. Since you tell me that it is impossible for a bad copy to have come from uTorrent, it must have come from the File Hippo site. That is the only other place I've used.

I appreciate your and DreadWingKnight's kindness in sorting all this out. Thank you both.

Share this post


Link to post
Share on other sites

if the file was obtained from utorrent.com, it's just a false positive.

Other sites, I don't know. Could be, could not be.

Share this post


Link to post
Share on other sites

Ahhhhh! I see. Thank you so much. I'm just about finished cleaning out my harddrive and will re-download uTorrent. If I continue to get that trojan alert, I'll just ignore it as a false positive.

That information is a real relief. I appreciate you, Dear One!

Share this post


Link to post
Share on other sites

01/25/2008 07:56 PM 219,952 utorrent_1.7.7-b8179.exe

ca3f4554910e40a0053626c1bb66c5fe *utorrent_1.7.7-b8179.exe

if it does't match those file specs its not legit. As Firon says if McAfee is reporting THAT file as a trojan, it's probably blanket marking due to UPX compression.

Share this post


Link to post
Share on other sites

A great possibility to check a file for viruses with tons of search engines is http://virustotal.com. In this case its great to find out what engines report false positives for a particular release. The site uses the newest signatures for all engines of course so it may won't give the same result as the ones that used in desktops without the latest updates downloaded.

Share this post


Link to post
Share on other sites

For the record, 1.7.6 stats are:

1563aa0d20c571551dc33eeff5255694 *Beta\TAS\utorrent_1.7.6-b7859.exe

60eca8c1980be34bef2118698fabb844 *Old Versions\utorrent-1.7.6.uncompressed.exe

474975a886dfe1452517358724ef195b *utorrent_1.7.6-UPXv3.0.0.exe

01/22/2008 01:00 AM 219,952 utorrent_1.7.6-UPXv3.0.0.exe

As you see, the packed size of uT hasn't changed ;)

Share this post


Link to post
Share on other sites