Jump to content

Malware in latest update


Nahele

Recommended Posts

c:\Users\username\AppData\Local\Temp\utt817.tmp.exe (Trojan.Pakes)

Also found this as well with my malware program.

Mind you i have downloaded nothing or visited any sites that could have given something. At least not likely. i believe this is due to the fact that my AV found the first one right as i updated. And this one after the scan with my AV (AVG) finished to double check it.

I know what to do when checking these things. So thats why i am certain of this.

Link to comment
Share on other sites

Also using AVG 2011 and had exactly the same thing detected just after updating to 2.2.

Most likely due to the file name, being classified as a double extention .TMP.EXE and writing from cache, either way i moved this to vault and terminated any associated processes.

"15/12/2010, 13:26:46";"NT AUTHORITY\SYSTEM";"IDP";"Process UTT995.TMP.EXE was detected."

"15/12/2010, 13:26:59";"NT AUTHORITY\SYSTEM";"IDP";"Process UTT995.TMP.EXE was quarantined."

Link to comment
Share on other sites

Not starting any flame wars...

But calling something retarded is not very constructive.

Some people could say creating a file with a double extension is retarded, not that it matters in this case.

But it is good for the devs to consider in the future to change the way they package updates so they will not trigger AV rule sets that are well known.

GTHK: I hope you can try to provide constructive posts in the future to try to help make uTorrent better.

There's an old saying that is best followed: If you don't have anything nice to say, don't say anything at all.

Just trying to help make these forums more productive for why they are here in the first place...

Thanks to all who help make uTorrent a better torrent program.

Eric

Link to comment
Share on other sites

GTHK is correct, if AV software is calling something "MALWARE INFECTED! DELETE NOW!" only because it doesn't like the file extension, indeed the AV software behavior is indeed retarded. It should be more capable of identifying threats or you must use it with caution, just to prevent the AV from doing something even more stupid...like quarantining a clean and critical piece of the OS because it "looks suspicious".

However if the AV software is flagging the tmp.exe files as adware/spyware of a specific type then you might want to research whether that's a false positive or not. (Google it!)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...