uTorrent - the most popular torrenting client on the surface of the Earth has just been flagged as a “threat” by antivirus providers, Microsoft included. The software is rarely noted to be defective (or in this case, buggy), but recently some users have started to experience minor issues. Following this problem, Windows Defender, along with additional anti-virus programs has labeled the software as dangerous, with the former categorizing it as a “Potentially Unwanted Software.”
As of now, it is unclear as to what initiated this warning. According to a report by VirusTotal, ESET-NOD32, a “Web Companion” that comes with uTorrent is most likely the trigger for this warning. The “Web Companion” in mention might be Lavasoft’s Ad-Aware software that is sometimes bundled with uTorrent.
However, Windows is listing Lavasoft Software Canada as the verified publisher when in fact Lavasoft’s “Ad-Aware WebCompanion” is mostly offered along with uTorrent.
According to BitTorrent, parent company of uTorrent, this current problem is most likely a false positive due to some recent updates, “We believe that this passive flag changed to active just hours ago with the Windows patch Tuesday update when a small percent of users started getting an explicit block. [...] We had three uTorrent executables being served from our site. Two were going to 95% of our users and were not part of the Windows block. The third, which was going to 5% of users, was part of the Windows block. We stopped shipping that and confirmed we are no longer seeing any blocks.”
The company has also stressed on the fact that any offer a user receives during uTorrent installation are all optional and provided by Clean Software Alliance (CSA) standards.
Now, it is worth noting that the current problem isn’t limited to new installs as several users have previously reported their uTorrent applications suddenly becoming quarantined. Furthermore, uTorrent’s official download page is triggering a malicious warning from Malwarebytes’ real-time protection module.
As of now, we are yet to find out the precise reason as to what triggered this response from antivirus software. BitTorrent made one more comment on this matter, “based on our best assessment to date; we’ve found no reason why we would be blocked – especially on some builds and not others which are basically identical. [...] We are continuing to reach out, though, and hope to have more information.”