uTorrent Site Hacked Software Replaced With Ransomware

Anyone having visited and downloaded uTorrent, the popular bit-torrent client, yesterday, should immediately scan their computer for a possible infection as the site was compromised by hackers who then replaced the uTorrent software download with a rogue antivirus program that demanded payment from users in order to remove non-existent malware from their machines.

A statement from BitTorrent officials posted on their blog yesterday, and updated today, confirmed they the site was hacked and the software replaced with a rather nasty piece of scareware.

“We have completed preliminary testing of the malware. Upon installation, a program called ‘Security Shield” launches and pops up warnings that a virus has been detected. It then prompts a user for payment to remove the virus. We recommend anyone who downloaded software between 4:20 a.m. and 6:10 a.m. Pacific time run a security scan of their computer. Clarification: This only affects users who downloaded software specifically from utorrent.com between the hours above this morning. Users who previously downloaded our software are not affected.”

File Removal Instructions

This particular piece of malware renames itself as a different .exe file every time it installs on a new machine. Therefore, first you need to determine the file name. To do this, visit the following File Directory on your Windows hard drive:

Windows XP: Click Start, click Run, and then type in “%USERPROFILE%\Local Settings\Application Data\” without the quotes. The file will be called [random].exe
Windows Vista and Windows 7: Click Start, in the search box type in “%localappdata%” without the quotes. The file will be called [random].exe.

To delete the file, first you need to make sure to kill the application first:
– Open your Task Manager (Control-Alt-Delete), select the [random].exe (the name you found in the file directory). Click “End Process” and select “Yes.”

– Next: select the file name (or right-click on the name) and hit Delete.

– Empty your trash.

Advertisements
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: