uTorrent is flagged as malicious by several antivirus engines currently

Gravatar Image

If you check the latest uTorrent setup file on Virustotal or other virus checking services, or run local checks using security solutions, you may notice that it is being flagged.

Both uTorrent Classic — the local version of uTorrent — and uTorrent Web — the new web-based solution — and BitTorrent are flagged by multiple antivirus solutions at the time of writing. The main release, uTorrent Classic, is detected by ten antivirus engines including Microsoft Defender, Sophos, Eset Nod32, GData, and Dr.Web.

Being flagged does not necessarily mean that a program is malicious or problematic; false positives happen but the likelihood is reduced when mainstream security solutions flag a program.

What is being detected? Most engines list “PUA or potentially unwanted application” as the reason and that indicates some sort of software bundling or file dropping on user systems. ESET lists Web Companion as a reference and that leads to Ad-Aware’s Web Companion application. Whether that program has been offered as part of uTorrent’s installation is unclear at this point.

utorrent optional offer

A test download and installation revealed the following:

  • uTorrent Classic downloaded fine in Microsoft Edge on Windows 10 with Windows Defender enabled. The program was not blocked from being downloaded.
  • The software installed fine on the same machine. Windows Defender did not prevent the installation.
  • It did include an offer to install the password manager Dashlane, but that offer was not checked.
  • It did include another offer, this time for WinZip and that checkbox was checked (and very tiny in comparison to the big next button).
  • There was also an add for NordVPN on the installation succeeded screen.

It is reasonable to assume that offers are switched at times, e.g. based on region, time or incentive to put them up. The flagging of the executable file that is downloaded from the official website by Microsoft but the inactivity during download or installation is puzzling but only on first glance.

Windows Defender does not detect or block potentially unwanted programs by default. You need to enable the option first before it checks executable files for that. The security solution prevented the download of utorrent.exe after I enabled the option on the Windows 10 system. Other security solutions that flag the executable may block its download or execution automatically.

Users who have installed uTorrent may notice that the program is blocked from execution. The beta release is flagged by just two antivirus engines. One possible reason for that is that it does not include nearly as many offers as the release version.

Closing Words

Some users use legacy versions of uTorrent that don’t include offers, ads and other unwanted content. Others have moved on to solutions such as qBittorrent or Transmission. It is interesting to note that the previous owners announced in 2015 that they would move away from the bundled software offer model.

(via GenBeta)