Jump to content

MBAM blocks utorrent since yesterday


Recommended Posts

Hi.

Ever since yesterday MBAB does not let me open uTorrent.exe. it says something about "openCandy".

After a few hours the file utorrent.exe disappears and I have to do sys restore.

Also something blocks my downloads ("silver smart" - does it have anything to do with MBAM ?).

Is there anything I can do  ?

How do I uninstall MBAM ?

 

Many thanks in advance

 

Link to post
Share on other sites

  • Root Admin

I would highly suggest you have someone help you scan and clean your computer. OpenCandy can lead to further infections.

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

Thank you

Link to post
Share on other sites

Most likely you still have an installer for µTorrent on your PC which in most cases contains the OpenCandy module.

 

I provided an example below with one of the pre-checked offers on the left. This is the OpenCandy portion of the installer. Basically we're saying that "Pluto TV" is potentially unwanted since it's being offered by an installer that should only contain µTorrent.

 

KanqktL.png

 

This is why it is currently detected as PUP.Optional.OpenCandy which is a lesser detection compared to Trojan, worm, rootkit, etc.

 

If you already have µTorrent installed, you should be able to safely quarantine the installer file which is not the same as the µTorrent application itself.

 

Use the shortcuts on your desktop or start menu to access µTorrent, not the installer you originally downloaded and installed.

Link to post
Share on other sites

Thank you very much.

It doesn't let me activate uTorrent.exe (not the installer file) and after a few hours the uTorrent.exe file is gone from it's folder and the shortcut doesn't work. It shows a message - uTorrent.exe has been moved or changed.

only when I do system restore to 11.2 it reappears and it works fine. after a few hours MBAM removes it again.

 

Many thanks for your help and patience.

Link to post
Share on other sites

Actually we're going to remove these detections. I was wrong about the installer file being the same as the main executable. They are indeed the same.

 

The bulk of definitions are being removed in database version v2016.02.16.06, the remaining ones will be removed in v2016.02.16.07.

 

Sorry for any inconvenience caused.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.