µTorrent issues - Heads up Seeding hidden from CPU Processes!

[techie]

This issue was detected by myself however I have not been able to confirm anyone else having the same problem using µTorrent 2.x.

I avoided the last update like the plague because I noticed certain things that went on behind the scenes.

a) The language preferences in the package was wiped out on updating and you have to manually revert them over to the proper language choice if you use anything eother than the same O/S language settings.

That is, if you prefer to use English in µTorrent but have a Japanese OS your system will try if possible to set your menus in µTorrent to Japanese instead.

b) Much more critical and the reason for this post.

I noticed the other day that after finishing a small file, I opened and viewed the file alright. I then closed the file and tried to move or delete it from the disk. That was of course not possible as µTorrent still held a grip on the file.
I then removed the torrent, deleted the torrent, closed the µTorrent application and made sure all cache was cleared out.

I even went so far as to manually empty all cache registers in the regular user account folders and more.

Still no chance in a blue moon to move the file.
µTorrent held a firm grip on it and was still keeping ports open in the background, inspite of being closed, that allowed the files to be seeded/leeched from anywhere on the planet.

In other words, you may be seeding even though you thought you didn't!!!

I continued my endeavor to kill the file now on disk, and went so far, before succeeding, to remove µTorrent completely, remove any and all shortcuts made manually as well as dumping the whole set of shortcuts and startup values in my registry manually.

The later due to the fact that the uninstall feature in Windows was NOT permitted by µTorrent to uninstall the application.

I am very cautious kind of person when it comes to software and use only applications from the original developers of this stuff received from verified locations and sources. In this case I was surprised over the security implications imposed on us by the makers of µTorrent.

I urge everyone to be a) careful and b) verify that you really are not seeding stuff you didn't think you had.

It could infact be that you might even be seeding even if your operating system reports NO RUNNING PROCESSES! as in my case.

I regard this to be of critical importance from a security perspective.

P.S:/ I use both dual firewalls, peerblock and spybot S & D as well as numerous applications for various protection, none of which aided the least in this issue. / D.S.

:victim:

 

[lowleg26]

That's pretty weird, and actually kind of unsettling.

I used the 2.0 version for about a week, but got rid of it because it managed to shut down my internet connectivity completely whenever I tried to use it. I'm talking total shutdown for an indeterminate amount of time. Reboot, still no internet. Boot into linux live cd, still no connectivity. Reboot a few more times and it finally came back.

I've since gone back to version 1.8.5 (which you can still get from filehippo) and am currently looking at other bittorrent options.

I never had the same issue with not being able to move files, though, but I'm pretty sure I remember having to manually delete the program files (not positive though, may have used ccleaner).

The 2.x build is far from an improvement, and should probably be avoided. Earlier versions work just fine.

Techie, what conclusion did you come to? I mean, have you scrapped the idea of using utorrent or have you rolled back to a previous version?

 

[reingiolt]

hm...i don't know if it's the same but i too have had experiences with files downloaded via utorrent that could not be moved or deleted. but that happened around 1-2 years ago. i'm currently using build 1.8.4 . everytime i entered the folder where they were in my cpu usage would be stuck at 50%. solved it by ending explorer then removed the file via utorrent's delete data function.

 

[Rollyco]

Still no chance in a blue moon to move the file.

Next time that happens, fire up Process Explorer, hit Ctrl-F and find which process has an open handle to your file or folder.

 

[elgringo14]

Still using version 1.7.7 ... and I don't see any reason to update :relax-bath:

 

[sonicking]

I am using version 2.0 and I don't think I have the problem. I mean, what I normally do is that I remove the torrent in the "Completed". I then cut the file I have downloaded and paste it in my desired folder. I just tried this and everything seemed to work fine for me. But I am going to pay more attention from now on.

 

[Rollyco]

I moved this thread to Tech Support since details are still a bit sketchy. Don't want to scare peeps off uTorrent unless it's really necessary.

1) If utorrent.exe process really is gone, and the file is still locked in explorer, that must mean there is _another_ process holding the file handle.

2) If utorrent.exe process really is gone, then "it's still seeding" is impossible. Maybe you're misinterpreting the flood of incoming connections that continue to come in from peers expecting a listening client at the other end.

 

[techie]

Yes well an update here as well.
Still no weird things after I dumped it completely.
For sure, uTorrent held the file in deadlock.
What remains unconfirmed is if others are seeding unknowingly through some hidden PID's.

Most disconcerning in this,

I used the 2.0 version for about a week, but got rid of it because it managed to shut down my internet connectivity completely whenever I tried to use it.

My internet has to say the least been very iffy when jumping from Windows XP to Ubuntu 9.1

Outages, network adapters not found or initiated, internet resets, it takes sometimes 3-5 minutes to get google's screen to show up that it actually connected.

Especially weird when you're on fiber and a maxed out lan pipe that has more speed than any mortal user ever sees. But not for the first 3-5 minutes of any session.


If anyone else stumbles on weird issues with this, please post here or pop me a PM so I can trace whats gone astray with my system.

It was also, as someone else suggested, not an issue with international filenames and MUI charsets. The files in question where all straight forward western charsets and I do have full support for everything under the sun and a bit more here.

 

[Rhinosaur]

Hmm, very odd. I'm currently using 2.0.1 Beta (build 18408) and have experienced none of the issues mentioned above.

 

[techie]

My testing this buggy issue continues without much results of any improvement on the horizon.

A physical proof to my statement above that uTorrent is running even if you physically Exit the application and shut it down can be found here...

See attachment;

 

[Rollyco]

The proof is closing the uTorrent.exe window and watching to see if it disappears in Process Explorer:
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Of course, it won't go away if you have Preferences > UI Settings > Close to Tray checkmarked.

 

[techie]

The proof is closing the uTorrent.exe window and watching to see if it disappears in Process Explorer:
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Of course, it won't go away if you have Preferences > UI Settings > Close to Tray checkmarked.

Of course..

A) I do have close to tray but I was referring to "Exit" from tray and close the application completely.

B) It was nowhere to be found in either Task Manager, Spybot S&D running processes, Sophos AntiRootKit nor visible to Process Explorer when this occurred.

For the fun of it I closed the firewall to catch any activity and that was when it happened that I spotted this popup in SyGate.

 

[Vitreous]

This seems to be a variant on a known bug in the current uTorrent.

On another uTorrent point (maybe explaining lowleg26's problem), the recent versions of uTorrent try to use uTP by default. This is a new transport protocol that is supposed to avoid saturating your connection when you to use the internet at the same time as torrenting. As a side effect it can break through firewalls and avoid ISP traffic shaping (for the moment). Unfortunately, the current implementation also has acknowledged bugs. There is a uTorrent 2.01 troubleshooting checklist here. I have switched off uTP for now (Options>>Preferences>>BitTorent>>Enable bandwidth management unchecked) until it's a bit more robust.

 

[Rollyco]

I still think this is a user-error problem and not related to that bug. Techie said the uTorrent.exe process does in fact close. So unless he has a rootkit (which is the only way to hide a process AFAIK), it means that reading the Sygate firewall popup as "uTorrent.exe is still sending out packets" is a misinterpretation. It means something else, for example "Sygate suffers from a delay between detection and notification", or "Sygate remembers listening ports of defunct processes and triggers notifications based on incoming packets".

If you install Wireshark, you can sniff all of the outgoing packets and confirm what I'm saying.

 

[techie]

I will definitely do that.

I just dumped some 40 GB of data after having done a 20 hour shift of moving data to another drive so I can dump anything not absolutely necessary to run my system.

On the SyGate issue, I can add, it was in fact an outgoing packet so something is either dead slow and not only sluggish because the pop message arrived 1/2 hour after I had closed the uTorrent app. That to me seems even a bit to sluggish for just being a windows related issue but we'll see.

The incoming doesn't bug me much they all get stopped at the "gate". Thats a sluggish issue from the tracker not telling other peers when to stop looking in my direction. But when it's outgoing I always get bothered.

I appreciate the app links and stuff. I bet a lot of people will find them useful.

 

[WillEater]

Same problem noticed a few days ago.. Moved folder containing files, files moved, not the folder. Attempted to delete the folder, error message, another process has folder.
Rebooted to safe mode, deleted. No further errors. Strange..

 

[Rollyco]

.

Next time that happens, fire up Process Explorer, hit Ctrl-F and find which process has an open handle to your file or folder.

You can then either close the handle (w/ the delete key), close the process, or restart the process (right-click menu).

 

[techie]

Same problem noticed a few days ago.. Moved folder containing files, files moved, not the folder. Attempted to delete the folder, error message, another process has folder.
Rebooted to safe mode, deleted. No further errors. Strange..

Thats quite common with Microsoft though.
I have the same issue recurring when the system is getting sluggish with files/folders.

It's Windows that doesn't release the handle itself fast enough.
Could be some hardware about to break too.
The disk hardware interrupts run up 99% CPU usage and it doesnt release fast enough for the folder to understand it's empty during cut & paste processing for example.

 

[WillEater]

Thats quite common with Microsoft though.
I have the same issue recurring when the system is getting sluggish with files/folders.

It's Windows that doesn't release the handle itself fast enough.
Could be some hardware about to break too.
The disk hardware interrupts run up 99% CPU usage and it doesnt release fast enough for the folder to understand it's empty during cut & paste processing for example.

Very possible.. I've seen strange things with Micro$oft products..

(Today, I'm on Unix.. ) :study:

 

[techie]

resolved the issue finally.
Problem rooted in "Conficker UpDown"

A trojan w32 style commonly distributed from image hosts and file storage servers.