Jump to content

Utorrent using bitspirit for something??


Recommended Posts

Fresh install of Vista Home premium on a sony vaio. Threw Utorrent on the machine and Kapersky AV. I was running and testing my System Analyzer we use at work to identify and verify that it was indeed picking up PuP's/PuA's(Potentialy Unwanted Programs/Applications)

First thing it did while scanning was find PuP Bitspirit (Never had the program on this machine ever. Stopped using it about two machines ago.)

Here is the Image of the scan in progress


Here is my Final Scan Log:

Webroot System Analyzer Command Line Interface

Copyright © 1997-2008 Webroot Software inc. All rights Reserved.

System Analyzer Version :

Spyware Definition Version : 1137 (4/23/2008)

Antivirus Definition Version: 2.72.0 (4/23/2008)

Security Product Definitions: 111 (3/18/2008)

CLI Switches used: /secsoft0 /sysinfo0 /av0 /genotype0 /deepmem /rootkit /removal /reminf


FileName/Path to scan: c:\

Found(Removed) Other [axbar] in HKCR\clsid\{85e0b171-04fa-11d1-b7da-00a0c90348d6}\

Found(Removed) Other [axbar] in HKLM\software\classes\clsid\{85e0b171-04fa-11d1-b7da-00a0c90348d6}\

Found(Removed) Other [axbar] in HKLM\software\microsoft\windows\currentversion\shell extensions\approved\{85e0b171-04fa-11d1-b7da-00a0c90348d6}

Found(Removed) Other [bitspirit] in HKCR\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{47e792cf-0bbe-4f7a-859c-194b0768650a}\

Found(Removed) Other [bitspirit] in HKCR\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{7ceeeecf-3fee-4548-b529-c254caf4d182}\

Found(Removed) Other [bitspirit] in HKCR\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{c9ece7b3-1d8e-41f5-9f24-b255df16c087}\

Found(Removed) Other [bitspirit] in HKCR\clsid\{47e792cf-0bbe-4f7a-859c-194b0768650a}\

Found(Removed) Other [bitspirit] in HKCR\clsid\{7ceeeecf-3fee-4548-b529-c254caf4d182}\

Found(Removed) Other [bitspirit] in HKCR\clsid\{c9ece7b3-1d8e-41f5-9f24-b255df16c087}\

Found(Removed) Other [bitspirit] in HKLM\software\classes\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{47e792cf-0bbe-4f7a-859c-194b0768650a}\

Found(Removed) Other [bitspirit] in HKLM\software\classes\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{7ceeeecf-3fee-4548-b529-c254caf4d182}\

Found(Removed) Other [bitspirit] in HKLM\software\classes\clsid\{083863f1-70de-11d0-bd40-00a0c911ce86}\instance\{c9ece7b3-1d8e-41f5-9f24-b255df16c087}\

Found(Removed) Other [bitspirit] in HKLM\software\classes\clsid\{47e792cf-0bbe-4f7a-859c-194b0768650a}\

Found(Removed) Other [bitspirit] in HKLM\software\classes\clsid\{7ceeeecf-3fee-4548-b529-c254caf4d182}\

Found(Removed) Other [bitspirit] in HKLM\software\classes\clsid\{c9ece7b3-1d8e-41f5-9f24-b255df16c087}\

Scan Summary of: c:\

Items Scanned : 287902

Items Infected : 15

Items Removed : 15

Scan Time: 00:12:33

Is Utorrent using portions of bitspirit? or is the scanner classifying all torrent programs into a single name? Clarification please?

Link to comment
Share on other sites

BitSpirit is a popular chinese filesharing client with many more bells and whistles and supporting many more protocols than uT. Perhaps you networked with a computer before that had BS on it... or that removed axbar "toolbar" installed any number of bundled apps.

Why did you think to post here when there is no mention of uTorrent anywhere in that logfile? Additionally did you install that toolbar or was it preinstalled?

Link to comment
Share on other sites

Ok after a fresh install of utorrent, with a registry comparison of before and after.. It appears that utorrent is identified correctly as utorrent during a rescan.. Now I have to find out what decided to install bitsprit on my laptop.. I have no idea what program could have added bitspirit..


Axbar.. Good Question. Was preinstalled it appears. the GUI interface logs just bittorrent protocol. the CMD line show those interfaces. The only program I installed was Utorrent that had any relation to File sharing so I naturally assumed that something was up with utorrent but now its off to dig through logs and find wtf is amiss..

Link to comment
Share on other sites

That's quite understandable. Many inclinations of correlation lead to causation. Since it was new, might I also suggest checking out any recovery media to verify what was preinstalled. I don't think this should be viewed as a huge security concern ... it's not like Windows doesn't naturally build up useless registry junk over time.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...