Sign in with
Sign up | Sign in
Your question

Trojan.agent found in Thunder Network

Last response: in Applications
Share
August 1, 2012 11:01:38 AM



Hi Guys,

Like most of you, I use P2P clients like BitTorrent, EasyMule, and Thunder.

I use all 3 because the sites I often visit have different types of links.

The thing is, whenever I run Thunder for the first time after booting into Windows 7 64-bit, the system prompts me if I were to allow Thunder to change my system. (Were I to simply close the dialog or grant it permission, it would change my homepage)

But even I don't allow it, can it still do something to the system?


Whenver I run a system scan using Malwarebyte's Anti-Malware, I typically find this message at the end of the scan:

Trojan.agent found in category registry key HKCR\thunder

I can why it contains a trojan.agent, since Thunder, while free, from time to time, will offer you to buy their premium service for accelerated download, or to use their other premium services like online viewing or online storage.


It's kind of a hassle to delete it every time but I wonder if it's a false positive, since Iobit Malware Fighter doesn't detect it. Is there a way to kill it once and for all, and is it a false positive?


Thanks guys,

Apisorder


August 1, 2012 11:11:05 PM

It's not really a false positive, but it's probably nothing that will harm the PC. The software just acts like a virus. If you install some types of key generators they will be flagged as a virus or spyware even if they don't actively do anything.

Scan with another program if one detects it as bad another does not, it does not mean that it's OK, just that the second software may not be able to detect it properly.

Anything to do with torrents especially when used to get pirated software etc.... is liable to have something bad in it.
m
0
l
Related resources
August 2, 2012 3:43:07 AM


Hi hang-the-9,

So basically there is nothing to worry about right, as long as I don't buy or try any of their _premium_ services?


Thanks,


Apisorder
m
0
l
August 2, 2012 1:34:53 PM

apisorder said:
Hi hang-the-9,

So basically there is nothing to worry about right, as long as I don't buy or try any of their _premium_ services?


Thanks,


Apisorder


I would run a scan with another program, the Avira Antivir rescue disk works well. If that comes out OK you can leave that file.
m
0
l
August 2, 2012 2:48:23 PM


I understand. Thanks.


Apisorder
m
0
l
August 9, 2012 12:42:44 AM


Hi Area51reopened,

I read the link but it doesn't really offer any solutions. I understand Sophos may be preferred by some, but it doesn't offer anything more useful than I have already been doing, run the app after OS finished booting, which adds the reg key, runs the malware scanner, detects the key, delete it, and the process repeats itself.

Am I missing something?

Thanks,

Apisorder
m
0
l
October 18, 2013 2:57:47 AM

They just fired a bunch of Thunder developers for intentionally installing obfuscated code in the product and trojan and malware downloaders into the product. They mentioned it on Twitter. Apparently one of the virii that installed on Windows machines tried to infect any Android phone. Bad news!

Here is the link with the name of the virus. The headline is Most Popular Torrent Client Laced with Virus
http://malware.rsspump.com/?key=2013101405448f.most-pop...
m
0
l
October 18, 2013 5:24:56 AM

They don't appear sincere to me, as they merely acknowledge the exisence of such viral code in their product yet offer no solution as to remedy the problems. Unfortunately, some downloads are much faster with their product, and sometimes is only available through it.

m
0
l
!