{"id":20341,"date":"2024-03-12T23:03:59","date_gmt":"2024-03-12T23:03:59","guid":{"rendered":"https:\/\/gridinsoft.com\/blogs\/?p=20341"},"modified":"2024-06-27T18:44:51","modified_gmt":"2024-06-27T18:44:51","slug":"puabundlerwin32-utorrent_bundleinstaller-explained","status":"publish","type":"post","link":"https:\/\/gridinsoft.com\/blogs\/puabundlerwin32-utorrent_bundleinstaller-explained\/","title":{"rendered":"PUABundler:Win32\/uTorrent_BundleInstaller"},"content":{"rendered":"

PUABundler:Win32\/uTorrent_BundleInstaller<\/strong> is a Microsoft Defender detection that is associated with the installer of the once popular uTorrent client. It is detected by antiviruses because it contains a fair amount of additional software that is unwanted (PUA). Such programs can pose a security threat to your system. Let’s find out what’s wrong with it.<\/p>\n

Why is uTorrent detected as uTorrent_BundleInstaller?<\/h2>\n

While being totally legitimate in its original form, uTorrent has some pitfalls to avoid. The main issue here is that it comes bundled with other software that is considered adware or potentially unwanted programs<\/a>. Let’s look at what I\u2019ve found during my research.<\/p>\n

When installing the software itself, the application contacts a third-party offer provider before getting the user’s consent:<\/p>\n

\"uTorrent<\/p>\n

During the installation process, it offers to install several unrelated applications. Apart from being of dubious relevance, their banners do not provide a noticeable choice between installing and declining. This format is clearly intended to confuse the user and “soft coerce” the installation. Furthermore, users repeatedly complain<\/a> of uncoordinated software.<\/p>\n

\"PUABundler:Win32\/uTorrent_BundleInstaller
Unrelated software that is offered with uTorrent installation<\/figcaption><\/figure>\n

In addition to the mentioned problems, there is evidence that together with uTorrent additionally installed a program such as EpicScale<\/a>. It uses the idle time of your computer’s processor for its own needs. The idle capacity, according to the company, is used for solving various mathematical calculations and even mining cryptocurrencies<\/a>.<\/p>\n

Large amount of adware<\/h3>\n

Using uTorrent is often accompanied by a lot of annoying advertising<\/strong> windows and pop-ups. Annoying ads appear<\/a> not only in the client window but also start to appear when using a PC. This is not only annoying for the user, but can also become a source of malware risk.<\/p>\n

\"Pop-ups\"
Pop-ups distributed by uTorrent<\/figcaption><\/figure>\n

Unwanted programs like those presented by PUABundler:Win32\/uTorrent_BundleInstaller can cause problems for users. They are especially known for changing browser settings, displaying advertisements or collecting data without their consent. In addition there is a user-confirmed fact that ads initiated by uTorrent uses an exploit to install malware<\/a>.<\/p>\n

Security vulnerabilities<\/h3>\n

In 2018, researchers discovered a vulnerability<\/a> in uTorrent’s web interface that allowed attackers to remotely execute code on a user’s computer<\/strong>. This could have been used to attack users who downloaded and ran the uTorrent client with open Internet access. <\/p>\n

\r\n$ curl -si http:\/\/localhost:19575\/users.conf\r\nHTTP\/1.1 200 OK\r\nDate: Wed, 31 Jan 2018 19:46:44 GMT\r\nLast-Modified: Wed, 31 Jan 2018 19:37:50 GMT\r\nEtag: \"5a721b0e.92\"\r\nContent-Type: text\/plain\r\nContent-Length: 92\r\nConnection: close\r\nAccept-Ranges: bytes\r\n\r\nlocalapi29c802274dc61fb4 bc676961df0f684b13adae450a57a91cd3d92c03 94bc897965398c8a07ff 2 1\r\n<\/pre>\n
Of course, after the wave of complaints raised by users, this vulnerability was fixed<\/strong>. But nobody guarantees that such an incident will happen again, especially considering uTorrent’s already dubious reputation.<\/p>\n
Three uTorrent Installers \u2013 Why and for What?<\/h3>\n
One interesting fact: on the uTorrent website you can download not one, but three different installers, all of the same version. The difference between the web and desktop versions is obvious, but there are two desktop versions<\/strong>. They are downloaded from different links<\/strong>, and the only visible difference is smaller file size.<\/p>\n
\"PUABundler:Win32\/uTorrent_BundleInstaller<\/p>\n
Perhaps the difference between the three versions of the uTorrent installation file is what additional programs or changes are included in each of them. These changes may be minimal<\/strong> and may touch, for example, pre-installed settings or advertising modules included in the client. Considering that their build times differ by mere seconds, they are unlikely to come from different developers. However, even such a small change may allow you to bypass detection<\/strong> by some antivirus vendors, or at least change the detection name.<\/p>\n
How to remove PUABundler:Win32\/uTorrent_BundleInstaller and unwanted programs?<\/h2>\n
If you have installed uTorrent and skipped the installation without paying attention to what it offers to install, it is rather probable that you have a lot of unwanted software installed in your system. Consider checking the list of installed apps and browser extensions, and remove anything you do not remember<\/strong> installing. This stuff may be related to PUABundler:Win32\/uTorrent_BundleInstaller.<\/p>\n
But since the unwanted programs often aim at making manual removal harder, I recommend using GridinSoft Anti-Malware.<\/p>\n\"GridinSoft\n
Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.<\/p>\n
Download Anti-Malware<\/a><\/div>\n
After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click \"Advanced mode\" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.<\/p>\n\"Scan\n
Click \"Clean Now\" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.<\/p>\n\"Removal\n","protected":false},"excerpt":{"rendered":"
PUABundler:Win32\/uTorrent_BundleInstaller is a Microsoft Defender detection that is associated with the installer of the once popular uTorrent client. It is detected by antiviruses because it contains a fair amount of additional software that is unwanted (PUA). Such programs can pose a security threat to your system. Let’s find out what’s wrong with it. Why is […]<\/p>\n","protected":false},"author":7,"featured_media":20363,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_sitemap_exclude":false,"_sitemap_priority":"","_sitemap_frequency":"","footnotes":""},"categories":[4,17],"tags":[993,474,223],"class_list":{"0":"post-20341","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tips-tricks","8":"category-labs","9":"tag-torrent","10":"tag-unwanted-programs","11":"tag-windows-defender"},"featured_image_src":"https:\/\/gridinsoft.com\/blogs\/wp-content\/uploads\/2024\/03\/GS_Blog_banner_PUABundler_Win32_uTorrent_BundleInstaller-Dangerous-Bundle-Installer_1280x674.webp","author_info":{"display_name":"Stephanie Adlam","author_link":"https:\/\/gridinsoft.com\/blogs\/author\/adlam\/"},"_links":{"self":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/20341","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/comments?post=20341"}],"version-history":[{"count":24,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/20341\/revisions"}],"predecessor-version":[{"id":23169,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/20341\/revisions\/23169"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/media\/20363"}],"wp:attachment":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/media?parent=20341"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/categories?post=20341"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/tags?post=20341"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}