Jump to content

GrayWare/Win32/Presnoker: Potential Trojan or False Positive?


Recommended Posts


Malwarebytes is blocking inbound and outbound connections through uTorrent.exe which is trying to connect to some potentially suspicious IP addresses (see attached export of such an IP) and marking it as a Trojan. However, no MWB or Defender scans find anything on my system, nor ADW cleaner.

VirusTotal tells me it is GrayWare/Win32/Presnoker.

See the link here https://www.virustotal.com/gui/file/a26c9ba1f8e06ddc4581dc313dd02ff6598b82101f033c7164e88e8b4ff4969d/detection

Microsoft has it listed here as a PUA AND 'severe'?


I went through the Farbar analysis process with nasdaq on the other forum.

Should I be concerned about this? Is there any chance of this causing any damage to my system? The connections to suspicious IP addresses concerns me.

Any advice on the matter would be super appreciated. Thank You.

trojan 1.txt

Link to post
Share on other sites

3 hours ago, beardilocks said:

Any advice on the matter would be super appreciated. Thank You.

Some products detect uTorrent either because of heuristics signatures that look for new/unknown threats, and others appear to be detecting it due to the fact that uTorrent has been known to sometimes come bundled with a PUP (Potentially Unwanted Program) known as OpenCandy.  Malwarebytes would block OpenCandy so I'm sure you aren't infected with that PUP, however you can learn more about what OpenCandy is by reviewing the information found here.

As for why Malwarebytes blocked uTorrent, this is because uTorrent, and all Bittorrent software, are what are known as Peer-to-Peer (P2P) applications meaning it connects to many different servers/IP addresses (this is how files are downloaded through uTorrent) and because of this, sometimes uTorrent will connect to a server that is also known for hosting malicious content.  This is because servers/IP addresses are often shared by multiple sites, so while what you are downloading through uTorrent may be perfectly safe, some of the sites hosted on some of the IP addresses that uTorrent connects to may be malicious.  Such connections are not a threat however, and you may exclude uTorrent from the Web Protection component in Malwarebytes to stop the blocks from happening without compromising your protection (your web browser and other critical web facing programs will still be fully protected from malicious websites and other malicious content).  To do so, add uTorrent.exe to your exclusions using the method described under the Exclude an Application that Connects to the Internet section of this support article.


File sharing involves using technology that allows internet users to share files that are housed on their individual computers. Peer-to-peer (P2P) applications, such as those used to share music files, are some of the most common forms of file-sharing technology. However, P2P applications introduce security risks that may put your information or your computer in jeopardy.  Risks of File-Sharing Technology

I hope this helps, and if there is anything else we might assist you with please let us know.

Edited by Porthos
Link to post
Share on other sites


Thanks for the information. This website lists the file as having been associated with ransomware, is it possible there is anything more malicious about this in your opinion?


Also, if I wanted to err on the side of caution and remove GrayWare/Win32.presenoker, what can I do about it?

Link to post
Share on other sites

37 minutes ago, beardilocks said:

if I wanted to err on the side of caution and remove GrayWare/Win32.presenoker, what can I do about it?

Stop torrenting would be my best advice.  Barring that, qBitorrent is a better choice. Remember if you are downloading copyrighted material depending on your location and ISP. You could get in trouble.

Link to post
Share on other sites

16 minutes ago, beardilocks said:

Okay, thanks. Will look into that.

To answer my other question, will uninstalling uTorrent be sufficient in removing the grayware thing? I don't really know what it is but I'm sure I don't want it.

After uninstalling, If a scan with Defender and Malwarebytes are clean you are good to go since you were already checked out in the Malware section.

But remember not all content gained by torrenting will be safe and just by scanning your downloads does not make the downloads safe.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.