false positive "utorrent.exe"

Discussion in 'ESET Smart Security' started by pavilion_alex, Apr 3, 2013.

Thread Status:
Not open for further replies.
  1. pavilion_alex

    pavilion_alex Registered Member

    Joined:
    Feb 10, 2009
    Posts:
    40
    ESS reports utorrent.exe as Win32/Bunndle potentially unsafe application.

    i've reported as false positive via the utility from ESS, and checking a few minutes ago, it still reports as false positive.

    i've deleted the program and reinstalled it, in case it was infected, but it's still detected.

    there was no problem with it a few days ago.
     
  2. Quad

    Quad Registered Member

    Joined:
    Jan 10, 2013
    Posts:
    47
    What version of uTorrent? And where did you download it from?

    I have the latest stable version (3.3.0), downloaded it right from uTorrent website, and nothing is detected. ESS 6.0.308 with virus signature database 8190 (20130403) with "Potentially unsafe applications", "Potentially suspicious applications", "Potentially unwanted applications" and "Advanced Heuristics on file execution" are all enabled.
     
    Last edited: Apr 3, 2013
  3. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
  4. pavilion_alex

    pavilion_alex Registered Member

    Joined:
    Feb 10, 2009
    Posts:
    40
    weird, i also have the latest stable directly from the website, with the same signature database.
     
  5. pavilion_alex

    pavilion_alex Registered Member

    Joined:
    Feb 10, 2009
    Posts:
    40
    but i had no problems a few days before
     
  6. pavilion_alex

    pavilion_alex Registered Member

    Joined:
    Feb 10, 2009
    Posts:
    40
    i've been using the same settings in ESS for months, and only recently it started detecting it.
     
  7. Quad

    Quad Registered Member

    Joined:
    Jan 10, 2013
    Posts:
    47
    I just downloaded uTorrent 3.3.0 again, they have modified the binary even though they didn't change the version, the file I download few days ago has a different checksum than the current, and the new one is detected by ESS as it did with yours.

    It's not a false positive as IBK said, they've bundled some crapware with their new installer, very low risk though, hence why it was detected as "potentially unsafe application".

    EDIT: Typos
     
    Last edited: Apr 3, 2013
  8. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Something in one of the newer releases of uTorrent is flagging the PUA. I doubt if it is an FP.

    While ESET should not be supporting P2P software, try an older version and see if you yield the same results.

    http://www.filehippo.com/download_utorrent/9574/
     
  9. pavilion_alex

    pavilion_alex Registered Member

    Joined:
    Feb 10, 2009
    Posts:
    40
    i checked the version from the link and it was ok.
    i guess i'll have to message the creator of the application :)
     
  10. Quad

    Quad Registered Member

    Joined:
    Jan 10, 2013
    Posts:
    47
    It's up to you, but it's a monetization method, most probably you won't get with them to anything, therefore, if I were you I'd save my time and move on.

    Such bundles have been there since long long time (toolbars anybody?) and many reputable programs include one type or another of them in their packages, not to say that I like it, but that's how it is.

    Generally, there is no real immediate harm, i.e. serious security risk, from that bundled stuff, it's just "unwanted" stuff, not a virus infection.
     
  11. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Bloated software has it's implied risks. In the case of uTorrent, there's no shame in running an older version. The latest and greatest with all the bells & whistles is not always best.
     
  12. Quad

    Quad Registered Member

    Joined:
    Jan 10, 2013
    Posts:
    47
    Siljaline, good day.

    Being online has its implied risks, walking down the street too.

    If you want to be safe, you have to hide in a cave away from everything, and even then you won't be really safe.

    I always recommend to have the latest version of any program that connects to the internet, unlike, say Photoshop which is an offline application, uTorrent is an internet application, newer versions often patch some known security vulnerabilities, and often introduce some unknown ones, the known ones are much more easily exploitable.

    Same goes for security software, but since it's a little bit more complicated and cumbersome to upgrade these, I sometimes skip a newer version for a while, but not for long, unless it patches a medium-high risk vulnerability. Upgrading uTorrent is two click away and should be done, and it's still possible to remove that peace of bundled stuff from it and not allow it to exist on your system, that what security software is for.

    Kind regards.
     
  13. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  14. tommy456

    tommy456 Registered Member

    Joined:
    Jun 11, 2011
    Posts:
    137
    Well that's a bit of mystery as ess v6.0.314 didn't detect the latest build of Utorrent( 3.3.0.29462 ) or the version prior to that, neither does ess V5 on my PC I don't download or install the bloat though

    I can remember when they first started doing this, they where quite sneaky on where the options where to opt out of the bloatware , the utorrent forums was full of complaints
    But that open candy does pop up in a lot of s/ware even free trial stuff
     
  15. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,205
    Location:
    in a remote land :)
    if you ticked the PUP detection on ESET, don't be surprised that Utorrent bundle crap is flagged as potentially malicious.
     
Thread Status:
Not open for further replies.