Deepthroat Trojan Horse worm attempt pops up with updated Utorrent

[c124]

I had an older version of uTorrent, and after always clicking no to upgrades, I accidentally clicked yes and it updated automatically.

The problem is, now my anti virus software pops up saying it has blocked a Deepthroat Trojan Horse worm attempt every few minutes!

I had been downloading the same file with my old version of uTorrent with no pop ups at all.

Is there any way i can fix this?

[jewelisheaven]

... If your AV is Avast, update definitions. http://forum.utorrent.com/viewtopic.php?id=39454 If not, you've been hijacked or something. ping download.utorrent.com should resolve to 72.20.5.58

[c124]

It's Norton AntiVirus. It also keeps asking me to permit or block the program.

I updated to the beta version of utorrent just in case, but as soon as the program opens it blocks the worm attempt.

I have scanned my computer twice without finding any viruses?

How do I check ping download.utorrent.com resolves to 72.20.5.58?

It's just weird that I had no problems til I updated :S

(And thanks so much for the fast reply)

[jewelisheaven]

start->run->cmd /k ping download.utorrent.com

that's the server the update downloads from. If the IP doesn't match that you're likely hijacked using something else, If you have anti-spyware/rootkit software run it. If you want a suggestion, I think many people use Spybot Search & Destroy and Prevx CSI.

If the IP matches it's norton being silly. If you recently updated your definitions report it to their support email and/or forums... perhaps something matching uT's compressed description was added, or NAV doesn't like UPX compression

For clarity, what exact version and virus database version are you running in-case this is the beginning of an onslaught like the Avast yesterday I linked to.

[c124]

It comes up as 72.20.34.146

I run adware every day and just did Prevx CSI, which came up clean. Hijack This also found nothing.

Is there other software that can help me?

BTW - my norton antivirus is very old - i use AVG but still have norton on my comp.

[oUrTorrent]

IP address: 72.20.34.146

Reverse DNS: download.utorrent.com.

IP address: 72.20.5.58

Reverse DNS: download2.utorrent.com.

nothing wrong with these IP's

I have never heard of utorrent being detected as the deepthroat trojan by accident...and that trojan is OLD, goes back to the mid-late 1990's. I don't even think that trojan has been updated in a long long time. it could just be a conflict with the old virus definitions or the version since you say it is old. norton has a 'firewall' like feature built in that blocks ports of applications, so that is normal. usually it will block anything until you give the ok. it is still odd that you would get a false deep throat trojan detection on utorrent, especially since you said you scanned your PC and it didn't find any virus's.

[c124]

It is odd huh.

In my google search I read that worm is super old... I am just a bit scared to turn off norton (even though I have AVG) just in case! It is probably just norton - although it's odd that it randomly started when I updated utorrent.

In the box that comes up the Path is C:\Program Files\uTorrent\uTorrent.exe

It also lists a remote address, but i don't know if that is useful info or not

[oUrTorrent]

I'd say get rid of norton, I never found it useful and it is a resource hog. you should be fine with just AVG. norton lives to make you fear.