Author Topic: New Rogueware spotted possibly?  (Read 2416 times)

0 Members and 1 Guest are viewing this topic.

Offline AmperaTopic starter

  • Super Contributor
  • ***
  • Posts: 2578
  • Country: us
    • Ampera's Forums
New Rogueware spotted possibly?
« on: February 22, 2017, 07:03:00 pm »


This runs under the task webhelper and originates from uTorrent. Any research into the matter yields few results, but nothing specifically of this nature.

Are there any suggestions to removal, as Windows Defender (Server 2016) and Malwarebytes were both inconclusive. I am now running Spybot S&D 2 to see if I have any luck.

And before anybody asks, I've only ever use uTorrent for legal means, no I have never torrented anything illegally. Take that as you will.

EDIT: There was also the windows narrator active to read that text for me. No I did not input any credentials, I am not that dense.
« Last Edit: February 22, 2017, 07:05:02 pm by TwoOfFive »
I forget who I am sometimes, but then I remember that it's probably not worth remembering.
EEVBlog IRC Admin - Join us on irc.austnet.org #eevblog
 

Offline helius

  • Super Contributor
  • ***
  • Posts: 3630
  • Country: us
Re: New Rogueware spotted possibly?
« Reply #1 on: February 22, 2017, 07:16:49 pm »
uTorrent has been malware-supported for the last 5 years.
 

Online Zero999

  • Super Contributor
  • ***
  • Posts: 19286
  • Country: gb
  • 0999
Re: New Rogueware spotted possibly?
« Reply #2 on: February 22, 2017, 07:17:59 pm »
I'm sure this sort of thing is nothing new but I wouldn't know about this crap. I use Linux at home. I only use Windows at work and the firewall doesn't allow torrents.
 

Offline thm_w

  • Super Contributor
  • ***
  • Posts: 6231
  • Country: ca
  • Non-expert
Re: New Rogueware spotted possibly?
« Reply #3 on: February 22, 2017, 07:18:22 pm »
Get rid of utorrent or roll back to the old version pre-buyout (2.2.1 or so?).
Profile -> Modify profile -> Look and Layout ->  Don't show users' signatures
 

Offline AmperaTopic starter

  • Super Contributor
  • ***
  • Posts: 2578
  • Country: us
    • Ampera's Forums
Re: New Rogueware spotted possibly?
« Reply #4 on: February 22, 2017, 07:26:24 pm »
Yeap. That's not a bad idea. looking for a new, decent torrent client.

What I've done, which may not be the best idea, but it's the best one I have, is to delete the uTorrent folder, and to run it over with cipher to kill whatever's left. I'll shuffle through the registry to see if it's left anything nice for me, but other than that Malwarebytes, Windows Defender and Spybot 2 did squat. It's entirely possible this rouge is passive, and is just a credential harvesting tool and a platform to spread the stupid number.

I will of course run everything over with a full scan on Windows Defender to make sure.

And as for Linux, Windows Server 2016 is the closest you will get to a proper professional grade linux experience that has perfect compatibility with most windows programs.

I also want to see if I can trick Avast into installing here, that is by far the best active AV software I have ever used.

I will respond later if there is any other issues, but for now I seem to have removed it. Maybe I'll forward a copy to someone so they can add it to their detection systems.
I forget who I am sometimes, but then I remember that it's probably not worth remembering.
EEVBlog IRC Admin - Join us on irc.austnet.org #eevblog
 

Offline Cerebus

  • Super Contributor
  • ***
  • Posts: 10576
  • Country: gb
Re: New Rogueware spotted possibly?
« Reply #5 on: February 22, 2017, 07:55:58 pm »
Yeap. That's not a bad idea. looking for a new, decent torrent client.

Try Transmission - Windows, Mac and any flavour of Linux (desktop or headless server) you care to name. I kept a headless version running on a Linux server to keep up to date Debian CD images around and it ran untouched for six months with no hitches until I shut it down to free up some bandwidth.
Anybody got a syringe I can use to squeeze the magic smoke back into this?
 

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 5614
  • Country: au
Re: New Rogueware spotted possibly?
« Reply #6 on: February 22, 2017, 09:27:14 pm »
Yep, uTorrent has been full of malware/crap ware for years. I use Deluge BitTorrent Client on Windows. It does exactly what it's supposed to do without any of the rubbish.
 

Offline Vgkid

  • Super Contributor
  • ***
  • Posts: 2710
  • Country: us
Re: New Rogueware spotted possibly?
« Reply #7 on: February 22, 2017, 11:21:35 pm »
I run Tixati, have run deluge/transmission/utorrent/vuze.
If you own any North Hills Electronics gear, message me. L&N Fan
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf