04 August 2007

Malicious BitTorrent Clients: New Coat of Paint, Same Bad Story

Virus BitTorrent ClientMalware Warning in these BitTorrent Clients!!! "TorrentSpy Advertises Malicious BitTorrent Client. Running a BitTorrent site can get pretty expensive, especially when you’re caught up in a lawsuit with the MPAA. But, recommending malicious BitTorrent clients like Get-Torrent to your users is not the solution, not even if they pay $$ per install. Money corrupts? Get-Torrent is one of the many malicious BitTorrent clients that are advertised on torrent sites. The clients, and a lot of other free malware applications, are developed and spread by a Swedish company named WakeNet AB, located in City Stockholm and Berg. Their primary goal is to trap people into downloading applications that look useful, just to infect computers with adware bundles that are hard to uninstall. Various forum threads, even on TorrentSpy, warn naive users about these clients. Still, TorrentSpy is actively advertising Get-Torrent, and infecting hundreds of their users’ computers, resulting in a torrent of annoying popups. Unlike TorrentSpy, most BitTorrent site admins refuse to advertise these clients. The Pirate Bay and mininova successfully banned these malicious clients from advertising through Adbrite, and BTjunkie and many other sites wont let them on their site either.
The malware bundled with BitTorrent clients like Get-Torrent, Torrent101, TorrentQ and BitRoll is a sponsor program called “Cidhelp”. Apparently, it can be easily removed from the Windows Control Panel. However, in most cases your anti-spyware or anti-virus program damaged the files, leaving them impossible to uninstall, while they still cause numerous popups.
In April ran a Google Adwords campaigns on the Bitroll, Torrent101 and Torrentq websites warning users not to install these clients. Even though it was fun and probably prevented a couple of hundred people from installing the clients, it is far from an ideal solution. The best way is to spread the word, start forum threads and write blog posts or emails to warn others.
Unfortunately, several popular torrent sites carried advertising for these bad clients but thankfully, sites like The Pirate Bay saw the damage these things can cause and removed the adverts. TPB’s brokep wrote, “We’re getting a lot of email about people downloading torrent clients that are advertised on the site. Do not download them! We have put a ban for the ad companies to sell ads for these clients on our site.” Mininova and Snarf-it also blocked the adverts.
In February, reported on yet another client, TorrentQ after a tip-off from the owner of BT-Junkie. Of course, this wasn’t a new client but the old one with a new name.
In April, in order to try to save unsuspecting file-sharers from installing malware, there ran Google Adword campaigns on the BitRoll, Torrent101 and TorrentQ websites, informing people of just how bad these clients are. Google apparently doesn’t like to be associated with bad news and a few days later, Adsense adverts disappeared from the sites. Disappointingly, we are now exposed to yet another ‘new’ bad torrent client. Get-Torrent is the latest in a sequence of malware-laden torrent clients, cloned from the same infected DNA as BitRoll, Torrent101 and TorrentQ."

Source: http://torrentfreak.com/torrentspy-advertises-malicious-bittorrent-client/ - http://torrentfreak.com/malicious-bittorrent-clients-new-coat-of-paint-same-bad-story/


The clients, Get-Torrent, Torrent101, TorrentQ and BitRoll result in a barrage of annoyingTorrentSpy popups, yet TorrentSpy is actively promoting them. Underneath each download, the words "Use Get-Torrent for high speed downloads" appears, tricking users into downloading them.
The Pirate Bay and Mininova both banned the clients from advertising using Adbrite but apparently money is more important to TorrentSpy then the safety of their user's computers.

Check your files with: ExeInfo PE ver. A - ( 289 sign ) Exeinfo for Win32 by A.S.L.
Try to unpack them cause AV scanner may not be able to detect some Virus and others and can give possible "false positive" alert by some eXe packed+protect files. Send the files before install to:
VirusTotal - analyses.

XoftSpySE 4.33.248 (ddl - mirror - mirrors) may detect most Adware, Spyware, Pop-Up Generators, Keyloggers, Trojans, Hijackers and Malware as in some RapidShare tools have been found, Kaspersky and NOD32 didn't found anything.
The story continues...
updated 06-Aug-2007 by Mods.sub.cc
New Names of the above clients with Malware, new Websites, new Webhosting...

1. New names of the Malware BitTorrent clients (all have a size of around 1 MB):
  • BitDownload (Version
  • BitGrabber (Version
  • TorrentSoftware (Version
  • TorrentGamers
  • BitsOfPorn
2. New Websites

Site Admins of 9TT.eu, some Net Backbone Admins and we confirm that these are the same clients all in 1MB size just with new names!

WARNING!!! BitGrabber, BitDownload, TorrentSoftware, Get-Torrent, BitRoll, Torrent101 and TorrentQ, BitsOfPorn, DivoPlayer, axdlplug, TorrentGamers, WinZix and all from Cash4Downloads (http://www.torrentmusic.org/index.php?go=programs) are adware bundler that is bundled with adware components and uses aggressive, deceptive advertising.
Don't download or use any of these Clients from Web hosting sites on IP:,,... with different Domain names and BitTorrent Client Product names!!!

Ref.: Attention aux logiciels Bittorrent et Popups CiD
Evite d'installer ces logiciels!!

Pour plus d'informations voir : Supprimer les Popups CiD et BitDownloader/BitGrabber (Instruction: HOw to remove it!)

Popup CiD et BitDownloader/Bitgrabber
Désinstaller BitDownload et supprimer les popups
  • Allez dans ajout/suppression de programmes, désinstallez si présent : CiD Help
  • Une demande pour retaper un code (voir ci-dessous) devrait s'ouvrir, ressaisissez le puis cliquez sur UNINSTALL
  • Désinstallez BitDownload ou BitGrabber par ajout/suppression de programmes, supprimer si existant ces dossiers :
    • C:\Program Files\BitGrabber
    • C:\Program Files\BitDownload
    • C:\Program Files\Multi_Media_France
  • Si CiD Help n'est pas présent :
    • Téléchargez lopremover puis inscrivez le numéro qui apparâit à l'écran puis cliquez sur UNINSTALL.
licence du sponsors de MSN Plus! 3

Vous pouvez utiliser télécharger et executer SpySweeper pour nettoyer votre ordinateur.
  • Téléchargez SpySweeper - Télécharge - Aide Spy Sweeper
  • Cliquez sur sur le lien "Free Trial" pour le télécharger tout à droite
  • Installez le et démarrez le
    • Il va demander de télécharger la dernière définition, acceptez
    • Ensuite, clic sur le bouton Options à gauche
    • Clic sur l'onglet Options et cochez ces options :
      • Sweep Memory
      • Sweep Registry
      • Sweep Cookies
      • Sweep All User Accounts
      • Enable Direct Disk Sweeping
      • Sweep Contents of Compressed Files
      • Sweep for Rootkits
      • Décoche Do not Sweep System Restore Folder.
    • Clicquez sur "Sweep Now" à gauche
    • Clicquez sur le bouton "Start"
    • Quand le scan est terminé, clic sur le bouton "Next"
    • Assurez-vous que tout est coché et clicquez sur le bouton "Next"
    • Lorsque tous les éléments trouvés ont été supprimés
Lors de l'installation du programme, on peut lire (en anglais) dans les licences d'utilisation, que le programme ouvrira des popups de pubs ainsi qu'il sera ammené à modifier votre page de démarrage et de recherche sur votre navigateur WEB.

Type in Google Search box exactly this: "-setup.exe (1MB)" or some words/sentence as in the templates (Download site) of them websites are to see and identical to each other (see screenshots) The web is full of these clients!


Post a Comment

We would appreciate if you as readers of our blog, show us some feedback by signing up to this site with Friend Connect.
This will encourage us to publish updates in the future.


Dentoo.info - Hosting - Offering seedboxes and seedbox solutions


MoDs - BRD Push 2 Check Projects News all on one Page
Subscribe to rss feed! Powered By Blogger Creative Commons —
 Attribution-Noncommercial-No Derivative Works 1.0 Generic
GFC Accessibly Test

Site Stats Public Google Analytics stats

We respect your privacy. Your email address will never be shared with others.

My IP Address