• Announcements

    • Bommuraj Paramaraj

      Important Security Advisory   06/07/2016

      On June 6th, 2016, BitTorrent was made aware of a security issue involving the vendor which powers our forums.
      The vulnerability appears to have been through one of the vendor’s other clients, however it allowed attackers to access some information on other accounts. As a result, attackers were able to download a list of our forum users. We are investigating further to learn if any other information was accessed.Our vendor has made backend changes so that the hashes in the file do not appear to be a usable attack vector. As a precaution, we are advising our users to change their passwords. While the passwords may not be used as a vector on the forums, those hashed passwords should be considered compromised. Anyone using the same password for forums as well as other places is strongly advised to update their passwords and/or practice good personal security practices.

Archived

This topic is now archived and is closed to further replies.

Groundrunner

Warning: EpicScale "riskware" installed with latest uTorrent

139 posts in this topic

When I updated uTorrent to version 3.4.2 build 38913 (32-bit) this morning it silently installed a piece of software called EpicScale. There was no information about this during installation and I did opt out of your other bundled software.

 

EpicScale is a bitcoin miner that also purports to use your "unused processing power to change the world". It's easily noticeable by the increased CPU load when the computer is idle.

 

The file date/time on the EpicScale files matches the time of the uTorrent update, which confirms uTorrent as the source.

 

Several other users are reporting the same thing here:

 

http://www.freefixer.com/library/file/EpicScale.exe-153377/

 

 

(It is possible to uninstall EpicScale through the control panel, but that does not properly remove the files from ProgramData\EpicScale.)

 

Edit: Corrected build number typo, it's obviously 38913, not 28913.

Doumlaspavy likes this

Share this post


Link to post
Share on other sites

yep - just did a clean install on a laptop with windows 8.1 - everything running fine - then I go to install uTorrent and now I've got this EpicScale B.S. on my system - I pay very close attention when installing freeware because of garbage apps that get lumped in with installation packages. There was never a warning about it - and it started throwing errors about "could not reach server" over and over again - no entry on the Uninstall programs page - had to use Ccleaner and ran adwcleaner as well - both found issues and removed it - the error messages have stopped. uTorrent should be ashamed for partnering with these idiots. 

Anthonywer and ohnomy like this

Share this post


Link to post
Share on other sites

I confirm this. Disgraceful and quite a pity, because uTorrent remains a great client, even in its troubled v3 outfit. I will switch because of this.

Share this post


Link to post
Share on other sites

Thanks for bringing this to our attention. We design our software to ensure that partner software downloads don't occur without approval by the user. But given your report, we’ve also double-checked this particular offer, and have determined that it cannot be installed without user approval.


 


Epic Scale is a cryptocurrency miner that uses a portion of your CPU cycles to contribute to the mining effort. A portion of the proceeds from this effort go to philanthropic initiatives. Please visit http://www.epicscale.com/ for more information. Epic Scale is a great partner for us to continue to generate revenue for the company, while contributing funds to good causes. In the future, Epic Scale plans to contribute CPU cycles to other initiatives, such as Genome mapping and other academic studies that require a great deal of processing power.


 


As Groundrunner stated, it's easy to uninstall the software via Add/Remove Programs. Per the Epic Scale CEO's response in comments on the link you shared, the only data left in ProgramData\Epicscale is a simple UUID (Unique User ID). This remains so that in case the software is reinstalled, BitTorrent would still be associated with the user. Feel free to delete this folder. You certainly won't see any persistent auto-reinstalls of the software, it will be gone from your machine for good.


ohnomy likes this

Share this post


Link to post
Share on other sites

I had the same problem like the people above. 

EpicScale was installed in my computer with the latest update without my permission! 

And it does not uninstall completely via Add/Remove Programs. Neither by removing the ProgramData\Epicscale folder. 

It is disgraceful to cheat people like this. 

So, you can keep your philanthropic initiatives and loose ALL of us! 

Bye-bye utorrent!!!!

Share this post


Link to post
Share on other sites

 

Thanks for bringing this to our attention. We design our software to ensure that partner software downloads don't occur without approval by the user. But given your report, we’ve also double-checked this particular offer, and have determined that it cannot be installed without user approval.

 

Epic Scale is a cryptocurrency miner that uses a portion of your CPU cycles to contribute to the mining effort. A portion of the proceeds from this effort go to philanthropic initiatives. Please visit http://www.epicscale.com/ for more information. Epic Scale is a great partner for us to continue to generate revenue for the company, while contributing funds to good causes. In the future, Epic Scale plans to contribute CPU cycles to other initiatives, such as Genome mapping and other academic studies that require a great deal of processing power.

 

As Groundrunner stated, it's easy to uninstall the software via Add/Remove Programs. Per the Epic Scale CEO's response in comments on the link you shared, the only data left in ProgramData\Epicscale is a simple UUID (Unique User ID). This remains so that in case the software is reinstalled, BitTorrent would still be associated with the user. Feel free to delete this folder. You certainly won't see any persistent auto-reinstalls of the software, it will be gone from your machine for good.

 

 

 

You said "and have determined that it cannot be installed without user approval.". Obviously, that is not the case. Thankfully I had a firewall and it detected that this shit was attempting to connect to its server. There is NO indication at all during the install process that something called EpicScale gets installed. If you insist that this is the case, please post screenshots of exactly where during the installation process the user is asked for consent.

 

-Virtus- and ohnomy like this

Share this post


Link to post
Share on other sites
N4TE_B:

 

There was no information or user approval about EpicScale during the uTorrent update. 

 

Also, several executable files (epicscale.exe and epicscale64.exe) as well as multiple .dll files were left in ProgramData\EpicScale and sub folders after uninstalling EpicScale through the control panel.

ohnomy likes this

Share this post


Link to post
Share on other sites

N4TE_B, please don't behave like the thousands of other mindless customer support people elsewhere and look at this seriously. It is just possible that what your customers are telling you might be true.

ohnomy and xriothhh like this

Share this post


Link to post
Share on other sites

What happened to you guys?

 

I remember years ago uTorrent was a respectable and trusted client. It was simple to use, lightweight, powerful, and efficient.

 

It then started going down a path that was a bit troublesome. It wasn't bad at first, but then the advertisements started getting their grubby paws everywhere. Eventually it started to seem like more of an advertisement client than anything.

 

I'm sure there are ways to "disable" them, but you shouldn't have to in the first place. Nor does it really matter since they're IN the client themselves. They shouldn't have been coded and built into the client in the first place. Not to mention, have you seen the advertisements? You clearly don't have the best interest and safety of your customers in mind.

 

Now you guys do this. Secretly installing a program that doesn't warn the user about anything and it's a tool that uses your CPU's power to do whatever it wants.

 

And you claim this was an accident? How stupid do you think people are. Just be honest. There's no way this was an accident. You always know what your client is installing/doing and if you don't then you're lying.

 

Guys, think about this one more time in case it isn't clear. Installing a program secretly in the background that utilizes your computer in order to mine and gain money. That's one of the most ultimate methods of screwing your customers. BUT WAIT! It's for charity, blah blah. Yeah, sure it is... Because this isn't suspicious at all. How do you know what it's doing? How do you know where it's going? How do you know what's going on with your computer? How do you know where all this information is headed? Get out of here with your "initiatives". I know your initiative. Get the most money from whoever wants to give it up at any cost.

 

For all your apologists and damage control people. Feel free to save your time. If you're smart, you'll move away from uTorrent. Permanently. I'd strongly suggest an open source client. I won't mention any out of respect, but that's the best way to go. Besides, let's be honest. What DOES uTorrent really do? Why would you fund the company when better and free alternatives are out there? Think about what it really brings to the table. All that you need is a simple interface and for it to be able to download a torrent. That's all. Nothing else.

 

You should be able to make money from a product and it does require expenses, but you went about it wrong. And it will cost you more than you think. This was a long time coming.

 

It was genuinely a good client to use back in the day, but I guess that's over. Bye.

Ryrynz, AliBabba, JorgiePol and 3 others like this

Share this post


Link to post
Share on other sites

PLEASE get rid of this particular "offer" ASAP in a new version. Trackers are beginning to ban 3.4.2 left and right... forcing people to use 3.4.1 or older. I really want to use 3.4.2 but am forced to downgrade because of trackers banning 3.4.2

ohnomy likes this

Share this post


Link to post
Share on other sites

"Congratulations" to devs/admins for ruining what was the best torrent client on Earth.

This is unacceptable. I was strugling to keep the ad-full version, but utorrent went to far (even if it was by mistake).

 

Take my loud Good bye.

 

But hey... there's a way to fix it if you ask me. 

uTorrent 4.0 with no-ads and old-fashioned style.

-Virtus-, ohnomy and AliBabba like this

Share this post


Link to post
Share on other sites

As a long time user this is where I say no. I will never use uTorrent after this. You blatantly lie because I opted out all the crapware and still got the miner installed. 

 

I hope this gets a lot of attention. Time to use one of the many alternatives!

 

http://www.reddit.com/r/technology/comments/2y4lar/popular_torrenting_software_%C2%B5torrent_has_included/

ohnomy and -Virtus- like this

Share this post


Link to post
Share on other sites

I have used uTorrent for years, and it was truly a great torrenting client until one day I installed uTorrent on a fresh Windows installation and Spigot Search Protect was bundled with the executable. I stopped using uTorrent after that, because I do not support companies that feel the need to package crapware with their product just to make some extra dollar. 

 

It is really quite simple uTorrent, consumers do not like installing software that has crapware packaged with it. Stop trying to convince people that they need your 3rd party offers, unless you want to alienate all your customers. I work in IT at a large university, and I will no longer be recommending uTorrent to students or coworkers who are looking for a good torrenting client, because I do not want people thinking I recommend janky software.

 

You guys need to do some major damage control here, as this issue seems to have gathered quite a bit of attention.

Share this post


Link to post
Share on other sites

I also just registered to say good bye ...

I have been using µTorrent for more than 5 years now and I am telling you, you SERIOUSLY messed up really bad by doing this ... That was a really bad move and you will see the consequences by yourselves  ...

GOOD BYE µTorrent.

Share this post


Link to post
Share on other sites

This is absolutely ridiculous, uTorrent has clearly become malware at this point. The program has been going downhill with all of the ad's and bundled software but this is the last straw. I will no longer be using uTorrent and I'll be sure to spread the word about this.

Share this post


Link to post
Share on other sites

We understand your feelings about this, and if anyone could video capture the process of installation showing it without notification, we very much want to know. We have not been able to reproduce that it is installing silently.

 

As for uninstall issues, I'm chasing that with the the engineers right now and will post what I learn.

 

EDIT: Looks like the Epic Scale software is not uninstalling as it was intended to by design. C:\ProgramFiles\Epicscale (and any variation of the folder name) should be deleted to wipe any residual files in addition to the Removal via Add/Remove Programs.

Share this post


Link to post
Share on other sites

I've used uTorrent for so many years with no problems. But to have this installed in the background without my permission, and for it use quite a bit of my computers processing power too, that just does it.

 

I had no problem with the ads at all. I knew you guys needed to make money somehow, but replacing ads for that? No thanks.

 

In regards to customer support Nate. No. It never asked my permission to install it. 

 

Enjoy the end of your company and the many lawsuits.

Share this post


Link to post
Share on other sites

Are you guys who are complaining about "slient installs" properly declining everything that is unnecessary???  I have uTorrent installed (Windows 7 OS) and up-to-date and I just checked for EpicScale.  It is NOT installed on my computer and never has been! You have to read every screen very carefully and make sure you decline everything extra.  If i recall, some screens during the installation process make it appear that you cannot proceed without "accepting," but that is not true.  Just decline everything.  The worst that can happen is you goof and decline uTorrent's terms or something and then it won't proceed until you accept.  Am I correct?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.