Jump to content

avast! claiming that µTorrent contains Win32:Posion-DU trojan


Recommended Posts

[2008-04-27 @ 14:21 EST] <Ultima> This was a simple false-positive that has since been fixed by the ALWIL team.

Solution: Update your avast! virus signature/definition database.

Heyas, I tried downloading the lastest version of µtorrent since mine was a bit out of date, and my Antivir program kills the connection instantly due to Trojans that they find in the exe. I've had no problems with this program in the past what so ever but now it wont even start and is impossible to DL. (unless i remove my antivir, that aint happening though)

And now even my old version is killed by my antivir program and deleted without any mercy.

Is there viruses in it or is there something that might look like a virus in the code?

The antivir i use is "Avast!", free to dl and free to register and works like a charm.

Oh well, I just wanted you guys to know.

Link to comment
Share on other sites

No, µTorrent as downloaded from http://www.utorrent.com/download.php does not contain any viruses. If your antivirus software insists on it, then either its virus signature database contains incorrect/bad signatures, its heuristics engine is red-flagging any executable packed with UPX, or your computer is actually infected already, and some other virus is infecting any new executable you download. Assuming it's a virus signature and/or heuristics problem (they're the more likely causes), you might want to email the avast! people and complain about the problem.

I just downloaded both linked executables from the (official) µTorrent download page and scanned them using (the very well regarded) NOD32 -- nothing.

File: utorrent.exe

Size: 219952 bytes

Modified: Sunday, April 27, 2008, 11:44:54 AM

MD5: CA3F4554910E40A0053626C1BB66C5FE

SHA1: 20B562489C373E392C360C1A6EE22ABF327460BA

CRC32: 12BB1415

File: utorrent-1.8-beta-9704.upx.exe

Size: 265008 bytes

File Version:

Modified: Sunday, April 27, 2008, 11:44:59 AM

MD5: 1562A17A09020A5146149660A1AAD82E


CRC32: 1894E2F3

These hashes match with the hashes of the files as they have been for few weeks/months now since they were first uploaded.

And uh, quick note: it's antivirus, not antivir. "AntiVir" is the name of an actual antivirus software (that's also free).

Link to comment
Share on other sites


i have been using avast for more than year now and it never given me this issue on your torrent before.

and since using your 1.7.7 stable version since it came out, i did not had any issues with avast as well.

but all of sudden right now it is giving me this error.

and i have send the info to the avast team as well abt it

Link to comment
Share on other sites

I've got the same problem. Been using utorrent stable version for about two weeks, suddenly this afternoon, when it's been on all afternoon I get

27/04/2008 17:23:19 SYSTEM 1528 Sign of "Win32:Poison-DU [Trj]" has been found in "C:\Program Files\uTorrent\uTorrent.exe" file.

27/04/2008 17:23:53 SYSTEM 1528 Sign of "Win32:Poison-DU [Trj]" has been found in "C:\Program Files\uTorrent\uTorrent.exe" file.

So I let it delete the file - made sure utorrent was completely gone from my machine, went to download it again and got

27/04/2008 17:50:13 SYSTEM 1528 Sign of "Win32:Poison-DU [Trj]" has been found in "http://download.utorrent.com/1.7.7/utorrent.exe" file.

Having read the above, I then downloaded 1.8 beta and no problems.


Link to comment
Share on other sites

hey guys i was using Utorrent ver 1.7.7 and is a very good torrent software...but all of the sudden i got a trojan alert frm my Avast anti virus.....so I deleted the Utorrent and tried to download the Utorrent but again i got the same alert which was not there till today afternoon....is this bcos anti virus definations.......can someone help regarding this...

Link to comment
Share on other sites

Hi, I have the same problem here. To solve it while Avast people fix the error, I did the following:

Step 1

Right-click the avast! a-ball icon

Click Program settings

Click Exclusions

Click Add

Add the file, in this case c:\ProgramFiles\uTorrent\*

Click Ok

Step 2

Double-click the small avast a-ball icon next to the clock, Double -click on the standard shield icon, Click on Advanced, Click Add, and add the location of the files here too. It may be like this: c:\ProgramFiles\uTorrent.

Step 3

Double-click the small avast a-ball icon next to the clock, Double-click the Web Shield Icon, Click Exclusions, Add the URL or Web Address: http://www.utorrent.com. Click OK

That's all.

Link to comment
Share on other sites

Hey, more people trying out 1.8, that's never bad :D Yes please please report this to Avast... I was searching for a contact form and only found support@avast.com

Did 080427-1 fix this? http://www.avast.com/eng/update_avast_4_vps.html

Edit: I think the average RAM savings between 1.8 and 1.7.7 is ~ 10%... which doesn't mean much until you load thousands of torrents :Phttp://forum.utorrent.com/viewtopic.php?pid=289574#p289574

Link to comment
Share on other sites

I don't download or upload thousands - I don't have a good enough internet connection for that - but a few times recently the other version has been running and my fans have kicked in and when I check Task Manager it's running over 50%. With 1.8 running, task manager goes no higher than 23% and then only occasionally. So that's good :)

Link to comment
Share on other sites

The high CPU usage doesn't sound like normal behavior to me... If you want to try troubleshooting that, post in a new thread with the following pieces of information:

a) get HijackThis from trendsecure.com, run it, view the log, and post the contents in the new thread

B) get Process Explorer from sysinternals.com, run it, Ctrl+D (to show the lower DLL pane), select the µTorrent process from the list, Ctrl+S (and save the list somewhere you'll find easily -- like the Desktop), then post the contents of the saved process list in the .txt file in the new thread

Additionally, in check Start > Run > devmgmt.msc, check your primary and secondary IDE ATA/ATAPI controllers' properties to see if any of the connected devices' current transfer modes are in PIO. Post all of this in the new thread.


Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...