Jump to content

Utorrent false detection !!!


John.A

Recommended Posts

This should be removed. utorrent is NOT malware unless you install the extra crap that comes with it, which I have not done. I hope you remove this false detection.

 

Malwarebytes
www.malwarebytes.com

-Logginformation-
Datum för genomsökningen: 2019-05-09
Tid för genomsökningen: 18:26
Loggfil: 23719876-7277-11e9-b2b4-d8cb8ae0ba9b.json

-Programvaruinformation-
Version: 3.7.1.2839
Komponentversion: 1.0.586
Uppdatera paketversionen: 1.0.10534
Licens: Gratis

-Systeminformation-
OS: Windows 10 (Build 17763.437)
CPU: x64
Filsystem: NTFS
Användare: DESKTOP-82M6D74\Adrian

-Sammanfattning av genomsökning-
Typ av genomsökning: Genomsökning efter hot
Genomsökning startades av: Manuellt
Resultat: Slutförd
Genomsökta objekt: 328848
Upptäckta hot: 10
Objekt satta i karantän: 0
Tid som gått: 1 min, 1 sek

-Alternativ för genomsökning-
Minne: Aktiverat
Start: Aktiverat
Filsystem: Aktiverat
Arkiv: Aktiverat
Spökprogram: Avaktiverat
Heuristik: Aktiverat
Potentiellt oönskat program: Hitta
Potentiellt oönskad ändring: Hitta

-Information om genomsökning-
Process: 1
PUP.Optional.OpenCandy, C:\USERS\ADRIAN\APPDATA\ROAMING\UTORRENT\UTORRENT.EXE, Ingen åtgärd från användaren, [1152], [680228],1.0.10534

Modul: 1
PUP.Optional.OpenCandy, C:\USERS\ADRIAN\APPDATA\ROAMING\UTORRENT\UTORRENT.EXE, Ingen åtgärd från användaren, [1152], [680228],1.0.10534

Registernyckel: 1
PUP.Optional.OpenCandy, HKU\S-1-5-21-783790037-4056294104-2811871261-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\uTorrent, Ingen åtgärd från användaren, [1152], [680228],1.0.10534

Registervärde: 1
PUP.Optional.OpenCandy, HKU\S-1-5-21-783790037-4056294104-2811871261-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|uTorrent, Ingen åtgärd från användaren, [1152], [680228],1.0.10534

Registerdata: 0
(Inga skadliga objekts har upptäckts)

Dataflöde: 0
(Inga skadliga objekts har upptäckts)

Mapp: 0
(Inga skadliga objekts har upptäckts)

Fil: 6
PUP.Optional.OpenCandy, C:\USERS\ADRIAN\APPDATA\ROAMING\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk, Ingen åtgärd från användaren, [1152], [680228],1.0.10534
PUP.Optional.OpenCandy, C:\USERS\ADRIAN\APPDATA\ROAMING\Microsoft\Windows\Start Menu\µTorrent.lnk, Ingen åtgärd från användaren, [1152], [680228],1.0.10534
PUP.Optional.OpenCandy, C:\USERS\ADRIAN\Desktop\µTorrent.lnk, Ingen åtgärd från användaren, [1152], [680228],1.0.10534
PUP.Optional.OpenCandy, C:\USERS\ADRIAN\APPDATA\ROAMING\UTORRENT\UTORRENT.EXE, Ingen åtgärd från användaren, [1152], [680228],1.0.10534
PUP.Optional.OpenCandy, C:\USERS\ADRIAN\APPDATA\ROAMING\UTORRENT\UPDATES\3.5.5_45225.EXE, Ingen åtgärd från användaren, [1152], [680228],1.0.10534
PUP.Optional.OpenCandy, C:\USERS\ADRIAN\APPDATA\ROAMING\UTORRENT\UTORRENT.EXE.19070.TMP, Ingen åtgärd från användaren, [1152], [680228],1.0.10534

Fysisk sektor: 0
(Inga skadliga objekts har upptäckts)

WMI: 0
(Inga skadliga objekts har upptäckts)


(end)

Link to post
Share on other sites

  • 2 years later...

This is STILL NOT fixed! - Over two years later!

And I might add that over 90% of the detections it wanted me to quarantine were FALSE positives.  Most were apps I agreed to get for free because they can make money from ad banners.  Ad banner apps should not be suggested for quarantine!  If anything it should be MADE CLEAR that there are in-app ads with the default to Allow and let the user select otherwise if they want - or are no longer using the app. 


MWB.thumb.jpg.e1127c8586ba6ce8ad603940e2bbdb84.jpg
 

Link to post
Share on other sites

Some products detect uTorrent either because of heuristics signatures that look for new/unknown threats, and others appear to be detecting it due to the fact that uTorrent has been known to sometimes come bundled with a PUP (Potentially Unwanted Program) known as OpenCandy.  Malwarebytes would block OpenCandy so I'm sure you aren't infected with that PUP, however you can learn more about what OpenCandy is by reviewing the information found here.

As for why Malwarebytes blocked uTorrent, this is because uTorrent, and all Bittorrent software, are what are known as Peer-to-Peer (P2P) applications meaning it connects to many different servers/IP addresses (this is how files are downloaded through uTorrent) and because of this, sometimes uTorrent will connect to a server that is also known for hosting malicious content.  This is because servers/IP addresses are often shared by multiple sites, so while what you are downloading through uTorrent may be perfectly safe, some of the sites hosted on some of the IP addresses that uTorrent connects to may be malicious.  Such connections are not a threat however, and you may exclude uTorrent from the Web Protection component in Malwarebytes to stop the blocks from happening without compromising your protection (your web browser and other critical web facing programs will still be fully protected from malicious websites and other malicious content).  To do so, add uTorrent.exe to your exclusions using the method described under the Exclude an Application that Connects to the Internet section of this support article.

 

File sharing involves using technology that allows internet users to share files that are housed on their individual computers. Peer-to-peer (P2P) applications, such as those used to share music files, are some of the most common forms of file-sharing technology. However, P2P applications introduce security risks that may put your information or your computer in jeopardy.  Risks of File-Sharing Technology

I hope this helps, and if there is anything else we might assist you with please let us know.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.