Meflak Posted April 23, 2008 Report Share Posted April 23, 2008 Fresh install of Vista Home premium on a sony vaio. Threw Utorrent on the machine and Kapersky AV. I was running and testing my System Analyzer we use at work to identify and verify that it was indeed picking up PuP's/PuA's(Potentialy Unwanted Programs/Applications)First thing it did while scanning was find PuP Bitspirit (Never had the program on this machine ever. Stopped using it about two machines ago.) Here is the Image of the scan in progresshttp://img260.imageshack.us/my.php?image=systemanalyzerscanlz7.jpgHere is my Final Scan Log:Webroot System Analyzer Command Line InterfaceCopyright © 1997-2008 Webroot Software inc. All rights Reserved.System Analyzer Version : 5.6.0.100Spyware Definition Version : 1137 (4/23/2008)Antivirus Definition Version: 2.72.0 (4/23/2008)Security Product Definitions: 111 (3/18/2008)CLI Switches used: /secsoft0 /sysinfo0 /av0 /genotype0 /deepmem /rootkit /removal /reminf/drives FileName/Path to scan: c:\Found(Removed) Other [axbar] in HKCR\clsid\{85e0b171-04fa-11d1-b7da-00a0c90348d6}\Found(Removed) Other [axbar] in HKLM\software\classes\clsid\{85e0b171-04fa-11d1-b7da-00a0c90348d6}\Found(Removed) Other [axbar] in HKLM\software\microsoft\windows\currentversion\shell extensions\approved\{85e0b171-04fa-11d1-b7da-00a0c90348d6}Found(Removed) Other [bitspirit] in HKCR\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{47e792cf-0bbe-4f7a-859c-194b0768650a}\Found(Removed) Other [bitspirit] in HKCR\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{7ceeeecf-3fee-4548-b529-c254caf4d182}\Found(Removed) Other [bitspirit] in HKCR\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{c9ece7b3-1d8e-41f5-9f24-b255df16c087}\Found(Removed) Other [bitspirit] in HKCR\clsid\{47e792cf-0bbe-4f7a-859c-194b0768650a}\Found(Removed) Other [bitspirit] in HKCR\clsid\{7ceeeecf-3fee-4548-b529-c254caf4d182}\Found(Removed) Other [bitspirit] in HKCR\clsid\{c9ece7b3-1d8e-41f5-9f24-b255df16c087}\Found(Removed) Other [bitspirit] in HKLM\software\classes\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{47e792cf-0bbe-4f7a-859c-194b0768650a}\Found(Removed) Other [bitspirit] in HKLM\software\classes\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{7ceeeecf-3fee-4548-b529-c254caf4d182}\Found(Removed) Other [bitspirit] in HKLM\software\classes\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{c9ece7b3-1d8e-41f5-9f24-b255df16c087}\Found(Removed) Other [bitspirit] in HKLM\software\classes\clsid\{47e792cf-0bbe-4f7a-859c-194b0768650a}\Found(Removed) Other [bitspirit] in HKLM\software\classes\clsid\{7ceeeecf-3fee-4548-b529-c254caf4d182}\Found(Removed) Other [bitspirit] in HKLM\software\classes\clsid\{c9ece7b3-1d8e-41f5-9f24-b255df16c087}\Scan Summary of: c:\Items Scanned : 287902Items Infected : 15Items Removed : 15Scan Time: 00:12:33Is Utorrent using portions of bitspirit? or is the scanner classifying all torrent programs into a single name? Clarification please? Link to comment Share on other sites More sharing options...
Firon Posted April 23, 2008 Report Share Posted April 23, 2008 None of those regkeys came from utorrent.Only thing ut adds to the registry is a) the association with .torrent files and the startup regkey in run (both of which only happen if you tell it to do so). Link to comment Share on other sites More sharing options...
jewelisheaven Posted April 23, 2008 Report Share Posted April 23, 2008 BitSpirit is a popular chinese filesharing client with many more bells and whistles and supporting many more protocols than uT. Perhaps you networked with a computer before that had BS on it... or that removed axbar "toolbar" installed any number of bundled apps.Why did you think to post here when there is no mention of uTorrent anywhere in that logfile? Additionally did you install that toolbar or was it preinstalled? Link to comment Share on other sites More sharing options...
Meflak Posted April 23, 2008 Author Report Share Posted April 23, 2008 Ok after a fresh install of utorrent, with a registry comparison of before and after.. It appears that utorrent is identified correctly as utorrent during a rescan.. Now I have to find out what decided to install bitsprit on my laptop.. I have no idea what program could have added bitspirit..[edit]Axbar.. Good Question. Was preinstalled it appears. the GUI interface logs just bittorrent protocol. the CMD line show those interfaces. The only program I installed was Utorrent that had any relation to File sharing so I naturally assumed that something was up with utorrent but now its off to dig through logs and find wtf is amiss.. Link to comment Share on other sites More sharing options...
jewelisheaven Posted April 24, 2008 Report Share Posted April 24, 2008 That's quite understandable. Many inclinations of correlation lead to causation. Since it was new, might I also suggest checking out any recovery media to verify what was preinstalled. I don't think this should be viewed as a huge security concern ... it's not like Windows doesn't naturally build up useless registry junk over time. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.