uTorrent = Malware?

[slipknot74892]

so i have used uTorrent for a very long time. and never had a problem with it till recently. i have been putting up with this issue for a little while now. so i forget exactly how long ago it started. but i do know uTorrent is what caused it. i will continue...

 

 

sometime not too long ago uTorrent performed an automatic update. after which it did something to my PC. it added a new start up entry which i can see with CCleaner. it is called {840641d0-0e43-a967-b164-42431ff1b5b9} and is located at C:\ProgramData\Microsoft\{840641d0-0e43-a967-b164-42431ff1b5b9}. it doesn't seem to have any details through the properties page. certainly doesn't seem legit.

 

now whenever this executes with my startup it will constantly download files from the internet. nothing seemingly harmful. it causes a svchost.exe process under the user SYSTEM to spike at 20% cpu usage. and obviously causes some HDD activity. the svchost.exe process uses about 100MB more RAM. i run a quad-core laptop with Windows 7 32bit, so stay with me. with Resource Monitor i can see HDD activity is very low. and the other resource usages are low too. however, the PC runs terribly slow during the activity caused by {840641d0-0e43-a967-b164-42431ff1b5b9}.

 

{840641d0-0e43-a967-b164-42431ff1b5b9} does not show in the Task manager. and i do not know how to kill it after it has executed. i can disable the startup item with CCleaner. and on the next boot everything is fine. however, the moment i launch uTorrent stuff starts downloading again. and the startup item is re-enabled through CCleaner. but at the same time, on a fresh boot, i can browse youtube or something in FireFox without it being re-enabled. now i've managed to fully stop it by removing all security permissions on the file.

 

 

in any case, my computer is clean 100%. well aside from this strange thing asscioated with uTorrent i really don't know. but other then that i am clean. i don't visit unknown domains or anything like that. and only use trusted programs. ( i get my porn from the local movie house ) it is also not something that came from a torrent. all current torrents were finished. and i have not added a new one since the update.

 

 

 

VirusTotal thingy for the file... https://www.virustotal.com/en/file/12a803cd2f67d2dbdc3fb1a6940b9a11b61f6d8455f139e6e90893d9a4eb455a/analysis/

 

 

either way, it is without a shred of doubt that it is uTorrent that has inflicted this wahtever on my PC. peformence went straight down the drain after the update. and again, the activity by the executable only starts to occur after using uTorrent. that is, with security permissions allowing it. and if the startup item is disabled, otherwise it starts when windows starts.

 

i don't know how uTorrent caused this. i downloaded the original installation from the offical site. again, it started happening after an auto-update. so like what? the update servers were hacked? in any case, no matter how i look at things... uTorrent caused it.

 

 

 

P.S. there's no auto-correct feature for spelling on this forum... for some reason. so i am sorry if anything is badly spelled.

[slipknot74892]

i should also note my windows is legit. i use the digital images provided by Rivera and a purchased code from microsoft. i have purchased a full retail copy of Windows 7 in the past. so, as far as i know, my usage of windows is legit.

 

again, it's not something that came from a torrent. all current torrents were finished and in-active before and after the update. and no new torrents has yet to be added. and all current torrents were video files. is possible the infection was hiding in a video file?

 

 as for programs on my PC? i haven't personally installed one for a long time. i kid you not... the ONLY programs i have is CCleaner, Smart Defrag 3 and uTorrent. also K-Lite codec pack. and then whatever drivers are on the Dell website for this PC. also anything that came with windows, but zofcourse.

[slipknot74892]

one more thing...

 

the ONLY torrents i have downloaded before the auto-update were with video files. no URL's or exe's. now i am a long time Windows user. and am familiar that Windows Media Player can automatically download codecs or license files. there used to be a vulnerbility here. i would doubt it still exists, though. plus i use WMP Classic. in any case, maybe it's possible the infection was hiding in the video file? lol seems unlikely :/ but still the only other possible explanation i can think of.

[slipknot74892]

come on people... don't blow me off here. i am not joking around. and think it HIGHLY unlikely a .mkv file infected my computer with this file. the startup entry only appeared after uTorrent did an automatic update. and the fact that when launching uTorrent this suspicous file starts it's thing is quite enough proof for me. that is, if security permissions allow it and if the startup entry for it is disabled.

 

 

uTorrent did something to my machine. and i would like to know what the hell it did. please don't ignore me.

[slipknot74892]

i won't go away til someone explains why uTorrent did this to my PC... or get banned.

 

programs on my PC...

FireFox

CCleaner

uTorrent

Smart Defrag 3

K-lite Codec Pack Mega

 

websites i visit...

mozilla.org

piriform.com

utorrent.com

codecguide.com

iobit.com

hotmail.com

youtube.com

microsoft.com

store.sonyentertainmentnetwork.com

runescape.com ( only once per year )

 

the torrent i have...

Bleach 1-366 + Movies + Specials

 

 

i have litterally NEVER visited any other site, or installed any other program, or downloaded any other torrent since installing windows on this PC. and never open e-mail from any unidentified senders. which i never get that type of e-mail anyhow. i rarely get e-mail.

 

 

 

 

now either a .MKV file did this, which agian is... HIGHLY UNLIKELY, or uTorrent did this. and again, plenty of evidence points at uTorrent. will someone PLEASE explain?

[slipknot74892]

seriously.... how can you peeps ignore this? someone gets an infection from uTorrent and all anyone can do is sit on their hands?

 

 

i am still looking for an explanantion here, please.

[hokiturmix]

Did you got the client from this site?
The installer warning is you must get it from here only!
Other than that, you can not blame the company.
If you using public trackers with unstable host servers or any torrents with hudreds of files you may experience some glitches or very high HDD usage.

[slipknot74892]

{840641d0-0e43-a967-b164-42431ff1b5b9}.exe only appeared after a uTorrent auto update. it doesn't have anything to do wtih trackers or torrents. it's the program uTorrent itself. and all files in my torrent only are .MKV. they were allowed to download over night. and no seeding is being performed.

 

when {840641d0-0e43-a967-b164-42431ff1b5b9}.exe is running it will cause continuous downloading in the background. random temp internet explorer files, a bunch of cookies and some flash player temp files. other then that it doesn't seem to be causing any actual harm, aside form making the system slow. which may be its only intended purpose.

 

 

and yes... i did get the client from the orginal site. there's no where else one should get it from. i also didn't install any additional offers.