Jump to content
beardilocks

GrayWare/Win32/Presnoker: Potential Trojan or False Positive?

Recommended Posts

Hi,

Malwarebytes is blocking inbound and outbound connections through uTorrent.exe which is trying to connect to some potentially suspicious IP addresses (see attached export of such an IP) and marking it as a Trojan. However, no MWB or Defender scans find anything on my system, nor ADW cleaner.

VirusTotal tells me it is GrayWare/Win32/Presnoker.

See the link here https://www.virustotal.com/gui/file/a26c9ba1f8e06ddc4581dc313dd02ff6598b82101f033c7164e88e8b4ff4969d/detection

Microsoft has it listed here as a PUA AND 'severe'?

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=PUA:Win32/Presenoker&ThreatID=242420

I went through the Farbar analysis process with nasdaq on the other forum.

Should I be concerned about this? Is there any chance of this causing any damage to my system? The connections to suspicious IP addresses concerns me.

Any advice on the matter would be super appreciated. Thank You.

trojan 1.txt

Share this post


Link to post
Share on other sites
3 hours ago, beardilocks said:

Any advice on the matter would be super appreciated. Thank You.

Some products detect uTorrent either because of heuristics signatures that look for new/unknown threats, and others appear to be detecting it due to the fact that uTorrent has been known to sometimes come bundled with a PUP (Potentially Unwanted Program) known as OpenCandy.  Malwarebytes would block OpenCandy so I'm sure you aren't infected with that PUP, however you can learn more about what OpenCandy is by reviewing the information found here.

As for why Malwarebytes blocked uTorrent, this is because uTorrent, and all Bittorrent software, are what are known as Peer-to-Peer (P2P) applications meaning it connects to many different servers/IP addresses (this is how files are downloaded through uTorrent) and because of this, sometimes uTorrent will connect to a server that is also known for hosting malicious content.  This is because servers/IP addresses are often shared by multiple sites, so while what you are downloading through uTorrent may be perfectly safe, some of the sites hosted on some of the IP addresses that uTorrent connects to may be malicious.  Such connections are not a threat however, and you may exclude uTorrent from the Web Protection component in Malwarebytes to stop the blocks from happening without compromising your protection (your web browser and other critical web facing programs will still be fully protected from malicious websites and other malicious content).  To do so, add uTorrent.exe to your exclusions using the method described under the Exclude an Application that Connects to the Internet section of this support article.

 

File sharing involves using technology that allows internet users to share files that are housed on their individual computers. Peer-to-peer (P2P) applications, such as those used to share music files, are some of the most common forms of file-sharing technology. However, P2P applications introduce security risks that may put your information or your computer in jeopardy.  Risks of File-Sharing Technology

I hope this helps, and if there is anything else we might assist you with please let us know.

Edited by Porthos

Share this post


Link to post
Share on other sites

Hi,

Thanks for the information. This website lists the file as having been associated with ransomware, is it possible there is anything more malicious about this in your opinion?

https://www.us-cert.gov/ncas/analysis-reports/AR18-337B

Also, if I wanted to err on the side of caution and remove GrayWare/Win32.presenoker, what can I do about it?

Share this post


Link to post
Share on other sites
37 minutes ago, beardilocks said:

if I wanted to err on the side of caution and remove GrayWare/Win32.presenoker, what can I do about it?

Stop torrenting would be my best advice.  Barring that, qBitorrent is a better choice. Remember if you are downloading copyrighted material depending on your location and ISP. You could get in trouble.

Share this post


Link to post
Share on other sites

Of course. Will uninstalling uTorrent completely remove the file in question? If you don't mind me asking, what makes qBitTorrent a better choice?

Thanks.

Share this post


Link to post
Share on other sites

If I was going to torrent I would take a laptop to Starbucks and depending on the location according to all those news reports you might even get to watch a "sideshow" while drinking that over priced coffee.

Share this post


Link to post
Share on other sites
4 minutes ago, beardilocks said:

what makes qBitTorrent a better choice?

At least it can be downloaded with Ninite which removes the adware when installing. ;)

Share this post


Link to post
Share on other sites

Okay, thanks. Will look into that.

To answer my other question, will uninstalling uTorrent be sufficient in removing the grayware thing? I don't really know what it is but I'm sure I don't want it.

Share this post


Link to post
Share on other sites
16 minutes ago, beardilocks said:

Okay, thanks. Will look into that.

To answer my other question, will uninstalling uTorrent be sufficient in removing the grayware thing? I don't really know what it is but I'm sure I don't want it.

After uninstalling, If a scan with Defender and Malwarebytes are clean you are good to go since you were already checked out in the Malware section.

But remember not all content gained by torrenting will be safe and just by scanning your downloads does not make the downloads safe.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.