Just after 6:00 a.m. Pacific time, we took the affected servers offline to neutralize the threat. Our servers are now back online and functioning normally.
We take the security of our systems and the safety of our users very seriously. We sincerely apologize to any users who were affected.
Clarification: This only affects users who downloaded software specifically from utorrent.com or bittorrent.com between the hours above this morning. Users who previously downloaded our software are not affected.
Update #2: After further analysis, we don’t believe BitTorrent.com or the BitTorrent Mainline/Chrysalis clients were part of the incident.
Update #3: File Removal Instructions
This particular piece of malware renames itself as a different .exe file every time it installs on a new machine. Therefore, first you need to determine the file name. To do this, visit the following File Directory on your Windows hard drive:
Windows XP: Click Start, click Run, and then type in “%USERPROFILE%Local SettingsApplication Data” without the quotes. The file will be called [random].exe
Windows Vista and Windows 7: Click Start, in the search box type in “%localappdata%” without the quotes. The file will be called [random].exe.
To delete the file, first you need to make sure to kill the application first:
– Open your Task Manager (Control-Alt-Delete), select the [random].exe (the name you found in the file directory). Click “End Process” and select “Yes.”
– Next: select the file name (or right-click on the name) and hit Delete.
– Empty your trash.
