Trojan in utorrent.exe

[manga_jk13]

So here's the report:

 

 

 

Eventos exportados:

 

04/12/2014 13:30 [system Scanner] Malware detectado

      El fichero 'C:\Documents and Settings\J\Datos de programa\uTorrent\uTorrent.exe'

      contenía un virus o programa no deseado 'TR/Strictor.1385229.2' [trojan].

      Acciones realizadas:

      Error al intentar crear una copia de seguridad del fichero y éste no se ha 

      eliminado. Número de error: 26003.

      No se pudo eliminar el fichero!

      Se intenta ejecutar la acción con ayuda de la biblioteca ARK.

      El fichero se movió al directorio de cuarentena usando el nombre '4fc53053.qua'!

      No se pudo reparar la entrada del registro 

      <HKEY_USERS\S-1-5-21-436374069-1078081533-1177238915-1003\SOFTWARE\Microsoft\Win

      dows\CurrentVersion\Run\uTorrent>.

      Para finalizar la reparación se recomienda reiniciar el ordenador.

      La entrada del registro 

      <HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fi

      rewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Documents and 

      Settings\J\Datos de programa\uTorrent\uTorrent.exe> se reparó correctamente.

      La entrada del registro 

      <HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\Firewa

      llPolicy\StandardProfile\AuthorizedApplications\List\C:\Documents and 

      Settings\J\Datos de programa\uTorrent\uTorrent.exe> se reparó correctamente.

      La entrada del registro 

      <HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\Firewa

      llPolicy\StandardProfile\AuthorizedApplications\List\C:\Documents and 

      Settings\J\Datos de programa\uTorrent\uTorrent.exe> se reparó correctamente.

 

04/12/2014 13:24 [Real-Time Protection] Malware detectado

      En el fichero 'C:\Documents and Settings\J\Datos de 

      programa\uTorrent\uTorrent.exe'

      se detectó el virus o programa no deseado 'TR/Strictor.1385229.2' [trojan].

      Acción ejecutada: Denegar acceso

 

 

How did this happen??

[Constantin493]

I have the same problem here, i have avira and by this moment two infections.

 

1) Rogue.10034832

2) strictor.1385229.2

[ichbin]

I have the same problem here, i have avira and by this moment two infections.

Me Two....I believe that have to do with an update on the Avira Library.

But the Question is Is it a real Positive or false Positive Alert.

 

Has anyone a good Idea how to find that out

[szekelya]

Hi,

 

any chance that you have updated Avira's virus definition files today? Avira just reported the same on my Mom's PC. I suspect a false positive here.

 

cheers

szekelya

[yzily]

Got the tr.strictor too, tried to reinstall it, but it's spamming again and again, need to know if it's false positive or not.

 

Weird thing is when i remove tr.strictor, utorrent is getting uninstalled too.

[wheng]

Same here with Avira: 

Virus or unwanted program 'TR/Strictor.1385229.2 [trojan]'

detected in file 'C:\Users\***\AppData\Roaming\uTorrent\uTorrent.exe.

[Constantin493]

I have dissabled te utorrent adds. I searched and i found these:

 

1) http://www.herdprotect.com/msimg32.dll-ffa871e944c10df763629b1fa1272d3092e78f29.aspx

 

2) https://www.virustotal.com/en/file/13f9fb0b901771e3b07f860f60c65098d8e898bbc4d16976fd498184f09ca99b/analysis/

 

I have the first file, but because it is in System32 i will wait till the end of scan of avira.

[Constantin493]

Maybe this is a false alarm, i am not so sure. But to be sure place the file to quarantine, i dont if this makes a differnce just a thought.

[Yolei]

Same here. I use Avira. 

 

Update:

I updated Avira a minute ago, and now it's ok. Re-scanned the quarantined items,  and no viruses found.

[gabrio81]

me too, can we confirm is it false positive? I've submitted a bug report to avira, can you guys do the same?

 

https://my.avira.com/en/dashboard/userid/guest/ltb/feedback

 

[gabrio81]

@Yolei

 

looks like that worked, I have just forced a manual update and no more message. weird though.

[manga_jk13]

Manual update then, thanks for the tip. Most likely a false positive that got corrected in the update, or a conspiracy!

[Sheriziya]

I've gotten a message from GData today that Utorrent had a Trojan. I deleted the file, just to be on the safe side and wanted to download it again. The download site also got blocked by GData: In my browser:

 

Website blocked!

G DATA TOTAL PROTECTION has denied access to this website.
The site contains infected code: Application.Generic.995013 (Engine A), Win32.Application.OpenCandy.F (Engine .

 

Virus Alert pop-up alert:

 

Virus: Application.Generic.995013 (Engine A), Win32.Application.OpenCandy.F (Engine

Virus found while downloading content from the web.

Address: http://download-new.utorrent.com/endpoint/utorrent/os/windows/track/stable/
Status:     Access denied.

 

Is this a false positive, or is something indeed going on?

 

And how do I fix this?

 

Thanks for the help!