uTorrent website hacked and the attacker replaced the torrent client with a fake antivirus software. The fake software has the name “Security Shield” and prompts the victims that they have virus and then offers them to clean their pc after payment. The attack took place at September 13th 4:20 a.m. Pacific Daylight Time (UTC -7) and the users who have downloaded the file between 4:20 a.m. and 6:10 a.m. Pacific time, they have been infected.
After the infection, the file renames itself with a random name. If you are infected try to determine the file name. You will find it in the following directory depending on your operating system. For XP users go to “%USERPROFILE%\Local Settings\Application Data\”, you go there with Start > Run > and paste the above text without the quotes and press enter. For Vista and Windows 7 users Start > Search for “%localappdata%” without the quotes. Find the file with the suspicious name and the .exe extension (executable).
How to delete the file: If you try to delete it, you will be prompted that you can. So here is how to do it. First of all, open your task manager, you can do it with Ctrl+Alt+Del (Control+Alt+Delete – the magical combination) and then select task manager. Seek and locate the name you have already found in the list inside task manager, select it and then press “End Process” button. A message will appear, press “Yes” to continue. After that you can go and delete the file with Shift+Delete to permanently delete it or delete it as you normally do and then empty your recycle bin.