Nahele Posted December 13, 2010 Report Share Posted December 13, 2010 My AV program located a malware in the latest update located in one of the temp data folders. Please look into this. Link to comment Share on other sites More sharing options...
GTHK Posted December 13, 2010 Report Share Posted December 13, 2010 Probably a false positive, what did it "detect"? Link to comment Share on other sites More sharing options...
Nahele Posted December 13, 2010 Author Report Share Posted December 13, 2010 "12/12/2010, 4:47:46 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process UTTFE8B.TMP.EXE was detected."Thats the report from my AV program Link to comment Share on other sites More sharing options...
Nahele Posted December 13, 2010 Author Report Share Posted December 13, 2010 c:\Users\username\AppData\Local\Temp\utt817.tmp.exe (Trojan.Pakes)Also found this as well with my malware program.Mind you i have downloaded nothing or visited any sites that could have given something. At least not likely. i believe this is due to the fact that my AV found the first one right as i updated. And this one after the scan with my AV (AVG) finished to double check it. I know what to do when checking these things. So thats why i am certain of this. Link to comment Share on other sites More sharing options...
Switeck Posted December 13, 2010 Report Share Posted December 13, 2010 Date/time of creation relative to when you downloaded/updated uTorrent? Link to comment Share on other sites More sharing options...
Nahele Posted December 13, 2010 Author Report Share Posted December 13, 2010 Date/time of creation relative to when you downloaded/updated uTorrent?Time stamp is on the AV post... And the other one i found in the same area about 2 hrs later with malwarebytes. Link to comment Share on other sites More sharing options...
Switeck Posted December 13, 2010 Report Share Posted December 13, 2010 These were before or after getting latest uTorrent update? Link to comment Share on other sites More sharing options...
Nahele Posted December 13, 2010 Author Report Share Posted December 13, 2010 It was after. Almost as soon as i got the update finished it my AV warned me... I did a full scan with it after then i scanned it with malwarebytes after and found the other one. My time stamps are in Pacific standard btw Link to comment Share on other sites More sharing options...
BobLoblawsLawBlog Posted December 13, 2010 Report Share Posted December 13, 2010 I just installed the latest version and my AVG caught some malware as well. The warning popped up as soon as I finished installing. c:\users\username\AppData\Local\Temp\UTT54F7.tmp.exec:\users\username\AppData\Local\Temp\UTT640F.tmp.exeHope this is helpful, thanks! Link to comment Share on other sites More sharing options...
Switeck Posted December 13, 2010 Report Share Posted December 13, 2010 I'm pretty sure this is only a coincidence. There would be no gain in adding malware to uTorrent, and I think they have enough quality control at BitTorrent the company to avoid doing it on accident. Link to comment Share on other sites More sharing options...
Nahele Posted December 13, 2010 Author Report Share Posted December 13, 2010 Even if it is .. It is something that needs to be looked into. Link to comment Share on other sites More sharing options...
datatracker Posted December 15, 2010 Report Share Posted December 15, 2010 Also using AVG 2011 and had exactly the same thing detected just after updating to 2.2.Most likely due to the file name, being classified as a double extention .TMP.EXE and writing from cache, either way i moved this to vault and terminated any associated processes."15/12/2010, 13:26:46";"NT AUTHORITY\SYSTEM";"IDP";"Process UTT995.TMP.EXE was detected.""15/12/2010, 13:26:59";"NT AUTHORITY\SYSTEM";"IDP";"Process UTT995.TMP.EXE was quarantined." Link to comment Share on other sites More sharing options...
moogly Posted December 18, 2010 Report Share Posted December 18, 2010 I see this temporary exe. It's created during the update process (through the auto-updater). I guess µT need to creates an executable to update itself. Link to comment Share on other sites More sharing options...
GTHK Posted December 18, 2010 Report Share Posted December 18, 2010 If it's based on file ext then your AV is just retarded. Link to comment Share on other sites More sharing options...
BDProductions Posted December 19, 2010 Report Share Posted December 19, 2010 Not starting any flame wars... But calling something retarded is not very constructive.Some people could say creating a file with a double extension is retarded, not that it matters in this case.But it is good for the devs to consider in the future to change the way they package updates so they will not trigger AV rule sets that are well known.GTHK: I hope you can try to provide constructive posts in the future to try to help make uTorrent better.There's an old saying that is best followed: If you don't have anything nice to say, don't say anything at all.Just trying to help make these forums more productive for why they are here in the first place...Thanks to all who help make uTorrent a better torrent program.Eric Link to comment Share on other sites More sharing options...
DreadWingKnight Posted December 19, 2010 Report Share Posted December 19, 2010 We tried saying stuff nicely about this, and it didn't help. Link to comment Share on other sites More sharing options...
Switeck Posted December 19, 2010 Report Share Posted December 19, 2010 GTHK is correct, if AV software is calling something "MALWARE INFECTED! DELETE NOW!" only because it doesn't like the file extension, indeed the AV software behavior is indeed retarded. It should be more capable of identifying threats or you must use it with caution, just to prevent the AV from doing something even more stupid...like quarantining a clean and critical piece of the OS because it "looks suspicious".However if the AV software is flagging the tmp.exe files as adware/spyware of a specific type then you might want to research whether that's a false positive or not. (Google it!) Link to comment Share on other sites More sharing options...
GTHK Posted December 19, 2010 Report Share Posted December 19, 2010 If you don't want answers then don't ask questions. Link to comment Share on other sites More sharing options...
Firon Posted December 21, 2010 Report Share Posted December 21, 2010 µTorrent saves itself to a temp location to update itself.This is just a retarded AV behavior. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.