Little Question with DTH and peers exchange Network

[RevanKnight]

Hi, i use Utorrent 1.8 RC1 and start the program... ok default valeus activaded, when i have 3 hours of the torrent start, the speed accelerate, i think thats happened for the Peers Exchangue and DTH started, why? i open Trackers options ... 2 hours before the torrent speed accelerate, and this protocol doesn't work, but the torrent speed acceleration come with more problems... i use Firefox 3 and Opera 9 and i try to search any phrase, or access to any site and i can't!!!! , i checked Startup of MSCONFIG, and i see two new valeus, two Rundll32 execution DLL, one with the Protocol "U" (Upload) and one more with the letter "D" (Download) this is the reason to any windows start the program has the DTH and peers exchange Network, but i can't browse any site when i use This DLL's :S to restore my normal internet functions i have to delete this DLLs, but when i delete this dll, my download speed is poor, i use Modem device, any ports are opend, no firewall or antivirus, please help.

[Firon]

What exactly are you talking about? What DLL?

[jewelisheaven]

Firstly, it's DHT ffs.

uT doesn't hook any DLLs. Did you download utorrent.exe from http://utorrent.com/download.php ?

[RevanKnight]

Here the SC

I downloaded from Utorrent.com , and this url automatic created, after 4 hours on my first torrent download, every day utorrent creates another Dlls with another names on same location, and delete the previously Dlls, this Dlls cant be delete with simple function Delete, i have to use external software to delete this Dlls with next system reboot, but i delete, my download speed is a shit, and cant be use NTH and Peer exchange function.

and you can see, the last Letter "B" , and "S" : Bajada, Subida , i can remove "bajada" startup key, but i try to deleted "Subida" start up key, but 2 seconds after, created again.

[jewelisheaven]

Yeah that's separate from uT. You should get a good scanner (people around here use prevx, spybot and rootkit revealer (from http://sysinternals.com)) and check your drives.

Word to the wise: anytime you see seemingly-random 8.3 filenames, ESPECIALLY in your system32 folder be afraid :X

If you use Process Explorer you can search for those DLL names, and you'll likely see them somewhere in wininit or your winlogon service as well.

[Firon]

Yeah, you've definitely got malware on your system.

[RevanKnight]

Sorry, that's really insulting to my hehe, I repeat, these are created Dlls only after the installation of any of these customers torrent: Bittorrent, Utorrent, and only created when these protocols that are activated are the ones who give me the real download speed, turn off if this speed is influenced, hence the relationship with these two programs, check my PC constantly, 3 days off to let utorrent and the bittorrent, and never again create the DLLs, and if is malware gentlemen, where the executable start?, what are the other drivers and internet video.

[Firon]

Those DLLs do NOT come from µTorrent. They are not legitimate.

Your system is already infected. Any EXE you download gets infected.

Clean your system.

[jewelisheaven]

Believe what you want. We're trying to help you. Update the thread with some logfiles for more specific help, or just run the cleaner software mentioned.

It's not uTorrent.

[Switeck]

RevanKnight,

Your system is infected...please for the sake of the rest of us, clean it...as it's probably trying to infect OTHER computers too!

[Ultima]

I just had a run-in with what looks to be the same virus yesterday on my sister's laptop (randomly-named DLLs living in system32 running under rundll32.exe with one-letter parameters). Turns out she had a trojan on her memory stick that targeted any other executable it could find. She stored some application installers on her memory stick (Firefox, Opera, Digsby, and various other little things like that). I told her to simply reinstall Windows, and she did. It was all fine until she installed the applications again from her memory stick... Virus reinstalled (generally -- if not always -- after Digsby was installed; doesn't mean Digsby itself has a virus). At any rate, she ended up reinstalling Windows four times yesterday until I got around to figuring out that the virus was in her memory stick. Needless to say, I cleaned the stick out and reinstalled, and everything was smooth sailing from then on. And I actually installed an antivirus for her this time around

The point is, you have a malware infection on your computer. There isn't much else to say about that, and µTorrent most definitely isn't to blame. That we have to be the ones to break the news to you doesn't mean we're insulting you. That you assume we are insulting you is almost as much an insult to us as our informing you that your computer is infected seems to be an insult to you.